IOC Report
442.docx.exe

loading gif

Files

File Path
Type
Category
Malicious
442.docx.exe
PE32+ executable (GUI) x86-64, for MS Windows
initial sample
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\vp8decoder.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\vp8encoder.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\webmmux.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\webmvorbisdecoder.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\webmvorbisencoder.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSI8991.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\{77817ADF-D5EC-49C6-B987-6169BBD5345B}\ARPPRODUCTICON.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\{77817ADF-D5EC-49C6-B987-6169BBD5345B}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\{77817ADF-D5EC-49C6-B987-6169BBD5345B}\server_config_C8E9A92497A149D695F92E4E3AE550F0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\{77817ADF-D5EC-49C6-B987-6169BBD5345B}\server_start_C00864331B9D4391A8A26292A601EBE2.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\{77817ADF-D5EC-49C6-B987-6169BBD5345B}\server_stop_27D7873393984316BEA10FB36BB4D2F9.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Config.Msi\4c8463.rbs
data
modified
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\EULA.rtf
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\MessageBox.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\VPDAgent.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\emf2pdf.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\fwproc.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\pdfout.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\printer.ico
MS Windows icon resource - 6 icons, 32x32, 4 bits/pixel, 16x16, 4 bits/pixel
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\progressbar.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\properties.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\rppd.lng
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\srvinst.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\vpd_sdk.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\vpdisp.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\msvcp120.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\msvcr120.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\ntprint.inf
Windows setup INFormation
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\printer.ico
MS Windows icon resource - 6 icons, 32x32, 4 bits/pixel, 16x16, 4 bits/pixel
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppd.gpd
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppd.ini
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppd.lng
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppdpm.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\rppdui.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\setupdrv.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\stdnames_vpd.gpd
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrv_rppd.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrv_rppd.hlp
MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unidrvui_rppd.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\unires_vpd.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\vccorlib120.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\msvcp120.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\msvcr120.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\ntprint.inf
Windows setup INFormation
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\printer.ico
MS Windows icon resource - 6 icons, 32x32, 4 bits/pixel, 16x16, 4 bits/pixel
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppd.gpd
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppd.ini
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppd.lng
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppdpm.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\rppdui.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\setupdrv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\stdnames_vpd.gpd
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrv_rppd.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrv_rppd.hlp
MS Windows 3.1 help, Tue Apr 17 13:11:56 2001, 21225 bytes
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unidrvui_rppd.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\unires_vpd.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\vccorlib120.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\eventmsg.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\libasset32.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Remote Manipulator System - Host\libcodec32.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x16300ed9, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Remote Manipulator System\Logs\rms_log_2024-12.html
HTML document, ASCII text, with CR line terminators
dropped
C:\ProgramData\Remote Manipulator System\install.log
ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Remote Manipulator System\msi\70270_{77817ADF-D5EC-49C6-B987-6169BBD5345B}\Word.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: RMS - Host 7.2, Comments: This installer contains the logic and data to install RMS - Host 7.2, Keywords: Installer,MSI,Database, Subject: RMS - Host 7.2, Author: TektonIT, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Thu Jul 18 02:24:09 2024, Create Time/Date: Thu Jul 18 02:24:09 2024, Last Printed: Thu Jul 18 02:24:09 2024, Revision Number: {134AA6F2-2A49-44F2-A7A5-B7B9233956FA}, Code page: 1251, Template: Intel;1049
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4ED312F.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 1428x2020, components 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{7B889923-D78F-40C3-A108-8A6AE3A8A421}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1733212029237202200_313E7E02-CB81-4FBD-96DB-A5A7AF808A97.log
data
dropped
C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1733212029237750300_313E7E02-CB81-4FBD-96DB-A5A7AF808A97.log
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7B4E.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7B4E.tmp\chevronaccent.glox
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7B4F.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7B4F.tmp\pictureorgchart.glox
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7B75.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7B75.tmp\harvardanglia2008officeonline.xsl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7B76.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7B76.tmp\ThemePictureGrid.glox
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\TCD7B86.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7B86.tmp\ieee2006officeonline.xsl
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7B87.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7B87.tmp\mlaseventheditionofficeonline.xsl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7BD3.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7BD3.tmp\VaryingWidthList.glox
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7BD4.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7BD4.tmp\HexagonRadial.glox
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7BE4.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7BE4.tmp\gb.xsl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7BF6.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7BF6.tmp\rings.glox
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7BF7.tmp\BracketList.glox
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7BF7.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C08.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C08.tmp\sist02.xsl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7C09.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C09.tmp\iso690nmerical.xsl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7C0A.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C0A.tmp\PictureFrame.glox
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7C1A.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C1A.tmp\ThemePictureAccent.glox
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\TCD7C1B.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C1B.tmp\chicago.xsl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7C35.tmp\CircleProcess.glox
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\TCD7C35.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C94.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C94.tmp\architecture.glox
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7C95.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C95.tmp\ThemePictureAlternatingAccent.glox
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\TCD7C96.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C96.tmp\TabList.glox
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\TCD7C97.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C97.tmp\turabian.xsl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7C98.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7C98.tmp\ConvergingText.glox
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\TCD7CA8.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7CA8.tmp\Text Sidebar (Annual Report Red and Black design).docx
Microsoft Word 2007+
dropped
C:\Users\user\AppData\Local\Temp\TCD7CB9.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7CB9.tmp\Equations.dotx
Microsoft Word 2007+
dropped
C:\Users\user\AppData\Local\Temp\TCD7CBA.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7CBA.tmp\RadialPictureList.glox
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7CBB.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7CBB.tmp\InterconnectedBlockProcess.glox
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\TCD7CDC.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7CDC.tmp\gosttitle.xsl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7CDD.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7CDD.tmp\iso690.xsl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7CDE.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7CDE.tmp\gostname.xsl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7D0F.tmp\APASixthEditionOfficeOnline.xsl
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7D0F.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7D3F.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7D3F.tmp\Element design set.dotx
Microsoft Word 2007+
dropped
C:\Users\user\AppData\Local\Temp\TCD7D5F.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD7D5F.tmp\TabbedArc.glox
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\TCD7DCF.tmp\View.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7DCF.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7E6E.tmp\Banded.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7E6E.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7EAD.tmp\Metropolitan.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7EAD.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7EE0.tmp\Frame.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7EE0.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7F00.tmp\Dividend.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7F00.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7F11.tmp\Parcel.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7F11.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD7F61.tmp\Basis.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD7F61.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD81E6.tmp\Wood_Type.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD81E6.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD81F6.tmp\Quotable.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD81F6.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD8217.tmp\Berlin.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD8217.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD8248.tmp\Parallax.thmx
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\TCD8248.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD8305.tmp\Savon.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD8305.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD8460.tmp\Gallery.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD8460.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD8480.tmp\Circuit.thmx
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\TCD8480.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD84EF.tmp\Droplet.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD84EF.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD882E.tmp\Slate.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD882E.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD8987.tmp\Damask.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD8987.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD8EE9.tmp\Mesh.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD8EE9.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD8F0A.tmp\Main_Event.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD8F0A.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD90C1.tmp\Vapor_Trail.thmx
Microsoft OOXML
dropped
C:\Users\user\AppData\Local\Temp\TCD90C1.tmp\content.inf
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\TCD9259.tmp\Content.inf
data
dropped
C:\Users\user\AppData\Local\Temp\TCD9259.tmp\Insight design set.dotx
Microsoft Word 2007+
dropped
C:\Users\user\AppData\Local\Temp\cab7B2C.tmp
Microsoft Cabinet archive data, many, 15418 bytes, 2 files, at 0x4c "harvardanglia2008officeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7B2D.tmp
Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7B2E.tmp
Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7B60.tmp
Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7B61.tmp
Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7B62.tmp
Microsoft Cabinet archive data, many, 12767 bytes, 2 files, at 0x4c "ieee2006officeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7B63.tmp
Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7B64.tmp
Microsoft Cabinet archive data, many, 14864 bytes, 2 files, at 0x4c "mlaseventheditionofficeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BA8.tmp
Microsoft Cabinet archive data, many, 15691 bytes, 2 files, at 0x4c "gb.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BA9.tmp
Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BAA.tmp
Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BBA.tmp
Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BBB.tmp
Microsoft Cabinet archive data, many, 14813 bytes, 2 files, at 0x4c "iso690nmerical.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 7 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BBC.tmp
Microsoft Cabinet archive data, many, 15327 bytes, 2 files, at 0x4c "sist02.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BBD.tmp
Microsoft Cabinet archive data, many, 15461 bytes, 2 files, at 0x4c "gostname.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BBE.tmp
Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x4c "chicago.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 10 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BBF.tmp
Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BC0.tmp
Microsoft Cabinet archive data, many, 15338 bytes, 2 files, at 0x4c "gosttitle.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BC1.tmp
Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BC2.tmp
Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7BE5.tmp
Microsoft Cabinet archive data, many, 27509 bytes, 2 files, at 0x4c "Equations.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7C1C.tmp
Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7C1D.tmp
Microsoft Cabinet archive data, many, 30269 bytes, 2 files, at 0x4c "Text Sidebar (Annual Report Red and Black design).docx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7C1E.tmp
Microsoft Cabinet archive data, many, 19375 bytes, 2 files, at 0x4c "turabian.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7C1F.tmp
Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7C20.tmp
Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7C21.tmp
Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7C32.tmp
Microsoft Cabinet archive data, many, 16689 bytes, 2 files, at 0x4c "iso690.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7C33.tmp
Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7C34.tmp
Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7CBC.tmp
Microsoft Cabinet archive data, many, 18672 bytes, 2 files, at 0x4c "APASixthEditionOfficeOnline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7D0E.tmp
Microsoft Cabinet archive data, many, 26644 bytes, 2 files, at 0x4c "Element design set.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7D9F.tmp
Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885, number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7E0E.tmp
Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID 19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7E2E.tmp
Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7EAE.tmp
Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169, number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7EBF.tmp
Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500, number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7EC0.tmp
Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab7F12.tmp
Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab8118.tmp
Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778, number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab8167.tmp
Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab8168.tmp
Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab8218.tmp
Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081, number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab82C6.tmp
Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609, number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab83C2.tmp
Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349, number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab8440.tmp
Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309, number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab84B0.tmp
Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417, number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab87CF.tmp
Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969, number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab8929.tmp
Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852, number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab8D9F.tmp
Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129, number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab8DA0.tmp
Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID 59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab9024.tmp
Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID 19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression
dropped
C:\Users\user\AppData\Local\Temp\cab91DB.tmp
Microsoft Cabinet archive data, many, 3400898 bytes, 2 files, at 0x4c "Insight design set.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 106 datablocks, 0x1203 compression
modified
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Doc.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Dec 3 06:47:04 2024, mtime=Tue Dec 3 06:47:11 2024, atime=Mon Dec 2 20:13:15 2024, length=230038, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [folders]
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox (copy)
Microsoft OOXML
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl (copy)
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl (copy)
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx (copy)
Microsoft Word 2007+
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx (copy)
Microsoft Word 2007+
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx (copy)
Microsoft Word 2007+
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx (copy)
Microsoft Word 2007+
dropped
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CMDBSEPTW11E9QHQSPI0.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KYRDXLUC6ZHOKF8EH9JB.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms~RF352d4.TMP (copy)
data
dropped
C:\Windows\Installer\4c8461.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: RMS - Host 7.2, Comments: This installer contains the logic and data to install RMS - Host 7.2, Keywords: Installer,MSI,Database, Subject: RMS - Host 7.2, Author: TektonIT, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Thu Jul 18 02:24:09 2024, Create Time/Date: Thu Jul 18 02:24:09 2024, Last Printed: Thu Jul 18 02:24:09 2024, Revision Number: {134AA6F2-2A49-44F2-A7A5-B7B9233956FA}, Code page: 1251, Template: Intel;1049
dropped
C:\Windows\Installer\4c8464.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: RMS - Host 7.2, Comments: This installer contains the logic and data to install RMS - Host 7.2, Keywords: Installer,MSI,Database, Subject: RMS - Host 7.2, Author: TektonIT, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Thu Jul 18 02:24:09 2024, Create Time/Date: Thu Jul 18 02:24:09 2024, Last Printed: Thu Jul 18 02:24:09 2024, Revision Number: {134AA6F2-2A49-44F2-A7A5-B7B9233956FA}, Code page: 1251, Template: Intel;1049
dropped
C:\Windows\Installer\MSI8ADA.tmp
data
dropped
C:\Windows\Installer\SourceHash{77817ADF-D5EC-49C6-B987-6169BBD5345B}
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\inprogressinstallinfo.ipi
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A62E94087F64223B9812F11186592BA
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1D627669EFC8CD4F21BCF387D97F9B5_E818918BC57803438E0E0146A88425A7
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A62E94087F64223B9812F11186592BA
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_6C354C532D063DF5607A63BA827F5164
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1D627669EFC8CD4F21BCF387D97F9B5_E818918BC57803438E0E0146A88425A7
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50385F8EB1F713E33924A830D7A2A41C
data
dropped
C:\Windows\Temp\~DF1824809D33FF74D6.TMP
data
dropped
C:\Windows\Temp\~DF233B17258DCCB5E2.TMP
data
dropped
C:\Windows\Temp\~DF411F62FE6F19CCE4.TMP
data
dropped
C:\Windows\Temp\~DF5418320E456EEBB7.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF5B69EE6DA6F4EE26.TMP
data
dropped
C:\Windows\Temp\~DF60201421137453CA.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF6EA9CD4020C812D9.TMP
data
dropped
C:\Windows\Temp\~DF80306864950BFED2.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF8EC37834380B27B3.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFA8B1924BBC12C010.TMP
data
dropped
C:\Windows\Temp\~DFB3316AFA2177D592.TMP
data
dropped
C:\Windows\Temp\~DFE3A813CDEEC74590.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\intel\Doc.docx
Microsoft Word 2007+
dropped
C:\intel\Word.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: RMS - Host 7.2, Comments: This installer contains the logic and data to install RMS - Host 7.2, Keywords: Installer,MSI,Database, Subject: RMS - Host 7.2, Author: TektonIT, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Thu Jul 18 02:24:09 2024, Create Time/Date: Thu Jul 18 02:24:09 2024, Last Printed: Thu Jul 18 02:24:09 2024, Revision Number: {134AA6F2-2A49-44F2-A7A5-B7B9233956FA}, Code page: 1251, Template: Intel;1049
dropped
C:\intel\~$Doc.docx
data
dropped
There are 319 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\442.docx.exe
"C:\Users\user\Desktop\442.docx.exe"
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe
"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" -msi_copy "C:\intel\Word.msi"
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /silentinstall
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -firewall
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" /start
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -service
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe
"C:\Program Files (x86)\Remote Manipulator System - Host\rutserv.exe" -firewall
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe
"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe"
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe
"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray
 malicious
C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe
"C:\Program Files (x86)\Remote Manipulator System - Host\rfusclient.exe" /tray
 malicious
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\intel\Word.msi" /qn
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\intel\Doc.docx" /o ""
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 684489E62C864DF5C283E9DB67C8FC1A
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://www.remoteutilities.com/support/docs/installing-and-uninstalling/
unknown
http://update.tektonit.ru/upgrade.ini
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd0
unknown
https://g.live.com/odclientsettings/ProdV2.C:
unknown
http://schemas.microsoft.c
unknown
http://www.indyproject.org/
unknown
https://login.microsoftonline.com/ppsecure/ResolveUser.srf
unknown
http://rmansys.ru/internet-id/
unknown
https://curl.se/docs/hsts.html
unknown
https://login.micr
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAA
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.
unknown
http://schemas.xmlsoap.org/ws/2004/09/policye.srf
unknown
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502
unknown
http://www.flexerasoftware.com0
unknown
https://rmansys.ru/IS_PREVENT_DOWNGRADE_EXITZ_DOWNGRADE_DETECTED;Z_UPGRADE_DETECTED;COMPANYNAME;INST
unknown
http://Passport.NET/tb_
unknown
https://login.live
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdst=
unknown
https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJ
unknown
https://account.live.com/msangcwam
unknown
http://www.w3.or
unknown
http://crl.ver)
unknown
http://passport.net/tb
unknown
http://rmansys.ru/pf
unknown
https://curl.se/docs/alt-svc.html
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf
unknown
http://www.symauth.com/cps0(
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdxmlns:
unknown
https://logive.c
unknown
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
unknown
http://www.symauth.com/rpa00
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issuessue
unknown
https://login.ecur
unknown
http://rmansys.ru/nsys.ru/pf
unknown
http://www.inkscape.org/namespaces/inkscape
unknown
https://www.remoteutilities.com/about/privacy-policy.php
unknown
http://rmansys.ru/web-help/
unknown
http://schemas.mi
unknown
http://schemas.xmlsoap.org/ws/2005/02/trustce
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID
unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee1
unknown
http://madExcept.comU
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown
http://rmansys.ru/rd
unknown
http://rmansys.ru/web-help/eb-help/
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust
unknown
https://login.microsoftonline.com/MSARST2.srf
unknown
http://Passport.NET/STS
unknown
http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID
unknown
http://docs.oasis-open.org/wss/22otificationses
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-
unknown
http://www.w3.
unknown
https://gcc.gnu.org/bugsrg/bugs/):
unknown
https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%
unknown
https://login.microsoftonline.com/MSARST2.srf%
unknown
https://rmansys.ru/remote-access//rmansys.ru/remote-access/
unknown
https://rmansys.ru/remote-access//rmansys.ru/remote-access/O
unknown
https://account.live.com/i
unknown
https://login.micrtonl
unknown
http://Passport.NET/tb
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
unknown
http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMM
unknown
https://signup.live.com/signup.aspx
unknown
https://www.remoteutilities.com/buy/money-back-guarantee.php
unknown
http://rmansys.ru///rmansys.ru/;
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600
unknown
http://cacerts.digicer
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603
unknown
http://rmansys.ru///rmansys.ru/
unknown
http://schemas.xmlsoap.org/ws/2004/09/policy
unknown
https://curl.se/docs/http-cookies.html
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAA
unknown
http://update.tektonit.ru/upgrade_beta.ini
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80604
unknown
https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
unknown
http://schemas.xmlsoap.org/ws/2005/02/scst
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
unknown
http://rmansys.ru/web-help/eb-help/D
unknown
https://g.live.com/odclientsettings/Prod/C:
unknown
https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
unknown
https://account.live.com/Wizard/Password/Change?id=80601
unknown
http://schemas.xmlsoap.org/ws/2005/02/sc
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd%
unknown
http://docs.oasis-open.org/wss/2http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-u
unknown
http://rmansys.ru/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.210.172
main.internetid.ru
95.213.205.83
prod.globalsign.map.fastly.net
151.101.130.133
id72.internetid.ru
unknown

IPs

IP
Domain
Country
Malicious
111.90.147.125
unknown
Malaysia
malicious
109.234.156.179
unknown
Russian Federation
78.138.9.142
unknown
United Kingdom
95.213.205.83
main.internetid.ru
Russian Federation
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{8D80504A-0826-40C5-97E1-EBC68F953792} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\System32\msiexec.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\System32\msiexec.exe.ApplicationCompany
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE.ApplicationCompany
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\4c8463.rbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\4c8463.rbsLow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5052F47A02BDEA469F8EAB572D83BA8
FDA71877CE5D6C949B781696BB5D43B5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45BAE6295648E74689FC47BF4E730EB
FDA71877CE5D6C949B781696BB5D43B5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6364F69515D55F943B4B3F3C669ECD32
FDA71877CE5D6C949B781696BB5D43B5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6364F69515D55F943B4B3F3C669ECD32
00000000000000000000000000000000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A013281E9DC1714CA1DA3DE2D061AF5
FDA71877CE5D6C949B781696BB5D43B5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EDC4423414699340B5D245426472701
FDA71877CE5D6C949B781696BB5D43B5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1ABE421E8CFC34144AACB9676F71902E
FDA71877CE5D6C949B781696BB5D43B5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6BF33E458B6814BAD1904D3FB1F7AF
FDA71877CE5D6C949B781696BB5D43B5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\common\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files (x86)\Remote Manipulator System - Host\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x64\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files (x86)\Remote Manipulator System - Host\Printer\x86\
HKEY_LOCAL_MACHINE\SYSTEM\RMS Host Installer
notification
HKEY_LOCAL_MACHINE\SYSTEM\RMS Host Installer
Security
HKEY_LOCAL_MACHINE\SYSTEM\RMS Host Installer
General
HKEY_LOCAL_MACHINE\SYSTEM\RMS Host Installer
CallbackSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
RegOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
RegCompany
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
ProductID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
LocalPackage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
Language
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
Size
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
Language
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17
FDA71877CE5D6C949B781696BB5D43B5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\InstallProperties
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77817ADF-D5EC-49C6-B987-6169BBD5345B}
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\FDA71877CE5D6C949B781696BB5D43B5
RMS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\Features
RMS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{77817ADF-D5EC-49C6-B987-6169BBD5345B}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA71877CE5D6C949B781696BB5D43B5\Patches
AllPatches
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5
ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5
PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5
Language
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5
Assignment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5
AdvertiseFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5
ProductIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5
InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5
AuthorizedLUAApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5
DeploymentFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\509B38EF4554FFD4794F292971C81B17
FDA71877CE5D6C949B781696BB5D43B5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5\SourceList
PackageName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5\SourceList\Net
1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5\SourceList\Media
DiskPrompt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5\SourceList\Media
1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5
Clients
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FDA71877CE5D6C949B781696BB5D43B5\SourceList
LastUsedSource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
Blob
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5780
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\StartupItems
l/<
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
PageSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
AutoRecoverySaveIntervalMetadata
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
Language
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
EcsRequestPending
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
SubscriptionCustomerLicenseInfo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
FirstRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
ACUpdated
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
DefaultKerningLigatures
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\WEF
Word_RequireForceRefreshAtBoot
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\StartupItems
7<
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\BootTimeSkuOverride
{30CAC893-3CA4-494C-A5E9-A99141352216}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\CachedLicenseData
winword.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
FOLDERID_Desktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
FOLDERID_Documents
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Place MRU
FOLDERID_Desktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Place MRU
FOLDERID_Documents
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 21
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Place MRU
Item 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\33059
33059
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\FileBlock
FileTypeBlockList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\FileBlock
OoxmlConverterBlockList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word
WordName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\TeachingCallouts
AccCheckerStatusBarTeachingCallout
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
UpdateComplete
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
BuildNumber
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.7
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.9
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.10
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.11
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.13
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.14
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.16
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.17
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.18
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.19
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.20
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.21
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.22
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.23
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.24
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.25
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.26
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.27
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
1.28
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
VersionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
ETag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
DeferredConfigs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
ConfigIds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTimeWord
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTimeWord
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851216
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328884
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03090430
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457444
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033917
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328893
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328905
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851217
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328908
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033919
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328916
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033921
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457464
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033925
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
TM03998158
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
TM01840907
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457475
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM10001114
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851218
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851219
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851220
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851221
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328919
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851222
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
TM03998159
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328925
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851223
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851224
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033927
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457485
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457491
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851225
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457496
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM10001115
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328932
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328935
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457503
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328940
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328998
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457510
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851227
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033929
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328972
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328951
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
TM02835233
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328975
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328983
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328986
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851226
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033937
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328990
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457515
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03090434
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
NextUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
NextUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
NextUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
NextUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018001294C7B9BA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
MsaDevice
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5780
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5780
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5780
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5780
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5780
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 7
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 9
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 10
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 11
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 13
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 14
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 16
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 17
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 18
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 19
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\file mru
Item 20
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5780
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
StartDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5780
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328935
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328986
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851221
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328905
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851225
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328990
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328893
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328919
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328975
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851218
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851224
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328884
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328940
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328925
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851217
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851222
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
TM02835233
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851226
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851220
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851219
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851216
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328983
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851227
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
TM03998158
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328998
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328932
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328908
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
TM01840907
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328951
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328972
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
TM03328916
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
TM02851223
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03090430
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457515
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM10001115
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457475
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457444
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457464
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457491
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457503
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03090434
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457496
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033917
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457510
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM10001114
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033919
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033925
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033929
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033921
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033927
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM03457485
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
TM04033937
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
TM03998159
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C
Blob
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02vnquskfpppcivc
Reason
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02xiaobqetzbjzjj
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02xiaobqetzbjzjj
Provision Tuesday, December 03, 2024 02:47:24
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02xiaobqetzbjzjj
AppIdList
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02gfcilbgfbgtour
Request Tuesday, December 03, 2024 02:47:33
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02gfcilbgfbgtour
Response Tuesday, December 03, 2024 02:47:33
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02gfcilbgfbgtour
Reason
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02oiazgqhjlfzgve
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02oiazgqhjlfzgve
AppIdList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02vnquskfpppcivc
AppIdList
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL
GlobalDeviceUpdateTime
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02xiaobqetzbjzjj
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02xiaobqetzbjzjj
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02xiaobqetzbjzjj
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
ValidDeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02gfcilbgfbgtour
AppIdList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02oiazgqhjlfzgve
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02oiazgqhjlfzgve
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02oiazgqhjlfzgve
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties
LID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
notification
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
Security
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
General
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
CallbackSettings
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
FUSClientPath
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
InternetId
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
CalendarRecordSettings
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\417C44EB
@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\417C44EB
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
General
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
General
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
notification
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
General
HKEY_LOCAL_MACHINE\SOFTWARE\TektonIT\RMS Host\Host\Parameters
InternetId
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\417C44EB
@%systemroot%\system32\FirewallControlPanel.dll,-12122
There are 424 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1C36000
heap
page read and write
2075000
heap
page read and write
25FB000
direct allocation
page read and write
225E3987000
heap
page read and write
1F7C000
unkown
page readonly
225E397E000
heap
page read and write
1B53C781000
heap
page read and write
26A1000
direct allocation
page read and write
2040000
heap
page read and write
26ED000
heap
page read and write
1F1C000
unkown
page readonly
1598000
unkown
page read and write
3CC1000
heap
page read and write
225E3963000
heap
page read and write
3CE1000
heap
page read and write
1EFA000
heap
page read and write
26D2000
direct allocation
page read and write
3EBC000
heap
page read and write
1B53A978000
heap
page read and write
3B61000
heap
page read and write
225E3930000
heap
page read and write
2148000
direct allocation
page read and write
1F56000
unkown
page readonly
2680000
heap
page read and write
1950000
heap
page read and write
72DE000
heap
page read and write
72FF000
heap
page read and write
1BB0000
heap
page read and write
1EDA000
heap
page read and write
60266000
unkown
page read and write
9E0E000
stack
page read and write
225E40B6000
heap
page read and write
5270000
heap
page read and write
3CC1000
heap
page read and write
7CE000
heap
page read and write
42CC000
direct allocation
page read and write
25D4000
heap
page read and write
3A2EC7E000
unkown
page readonly
2141000
direct allocation
page read and write
1B79000
unkown
page read and write
1508000
unkown
page read and write
1F31000
heap
page read and write
8ABF000
stack
page read and write
5FF8F000
unkown
page execute read
150A40FB000
heap
page read and write
6F5E000
stack
page read and write
1D14000
heap
page read and write
225E4099000
heap
page read and write
3CE1000
heap
page read and write
56A9000
heap
page read and write
3A2ECFE000
stack
page read and write
225E3952000
heap
page read and write
225E37D0000
remote allocation
page read and write
225E3929000
heap
page read and write
A48D000
stack
page read and write
1AA5000
unkown
page write copy
3CC1000
heap
page read and write
7BE000
heap
page read and write
51F6000
trusted library allocation
page read and write
15B9000
unkown
page read and write
225E313C000
heap
page read and write
3923000
heap
page read and write
5230000
direct allocation
page execute and read and write
5555000
heap
page read and write
207E000
heap
page read and write
3EB1000
heap
page read and write
42A1000
direct allocation
page read and write
1CD0000
heap
page read and write
5F2B000
stack
page read and write
26B5000
direct allocation
page read and write
2738000
heap
page read and write
5F18000
direct allocation
page read and write
28D1000
heap
page read and write
7FF7C9A0E000
unkown
page write copy
1AE9000
unkown
page read and write
21E5000
heap
page read and write
7CB000
heap
page read and write
1FAE000
direct allocation
page read and write
1D24000
heap
page read and write
88BF000
stack
page read and write
225E40AE000
heap
page read and write
2B6B000
heap
page read and write
A18F000
stack
page read and write
654000
heap
page read and write
2959000
heap
page read and write
225E3933000
heap
page read and write
42E2000
direct allocation
page read and write
150A410C000
heap
page read and write
225E308E000
heap
page read and write
207A000
heap
page read and write
36F1000
heap
page read and write
2B11000
heap
page read and write
1F2D000
heap
page read and write
225E3932000
heap
page read and write
225E3976000
heap
page read and write
1EFA000
heap
page read and write
14D9000
unkown
page read and write
806000
heap
page read and write
4601000
heap
page read and write
150A4100000
heap
page read and write
4681000
heap
page read and write
1B53A975000
heap
page read and write
3CE1000
heap
page read and write
50D0000
remote allocation
page read and write
1ADF000
unkown
page read and write
1EFA000
heap
page read and write
72F8000
heap
page read and write
37CB000
direct allocation
page read and write
153A000
unkown
page read and write
1509F8C0000
trusted library section
page readonly
225E40BD000
heap
page read and write
4107000
direct allocation
page read and write
3CE1000
heap
page read and write
8DCF000
stack
page read and write
5457000
direct allocation
page read and write
1F31000
heap
page read and write
225E4050000
heap
page read and write
53E3000
direct allocation
page read and write
3CC1000
heap
page read and write
1EFC000
heap
page read and write
1B53C6EE000
heap
page read and write
4681000
heap
page read and write
B0AC77E000
unkown
page readonly
1AD7000
unkown
page read and write
1EF7000
heap
page read and write
2190000
heap
page read and write
3CE1000
heap
page read and write
423E000
direct allocation
page read and write
1B53871D000
heap
page read and write
21FD000
heap
page read and write
4223000
direct allocation
page read and write
2244000
heap
page read and write
2244000
heap
page read and write
AE7000
stack
page read and write
37EF000
direct allocation
page read and write
1EFD000
heap
page read and write
150A3FF0000
trusted library allocation
page read and write
7E2000
heap
page read and write
225E3933000
heap
page read and write
4430000
direct allocation
page execute and read and write
225E40C5000
heap
page read and write
3C64000
direct allocation
page read and write
225E409D000
heap
page read and write
72D0000
heap
page read and write
41AC000
direct allocation
page read and write
36F1000
heap
page read and write
1F1F000
unkown
page readonly
2641000
direct allocation
page read and write
225E3984000
heap
page read and write
654000
heap
page read and write
3B61000
heap
page read and write
225E302B000
heap
page read and write
A74000
heap
page read and write
1B53873B000
heap
page read and write
41E3000
direct allocation
page read and write
1509FE01000
trusted library allocation
page read and write
1CD0000
heap
page read and write
4601000
heap
page read and write
4323000
direct allocation
page read and write
28D1000
heap
page read and write
712000
heap
page read and write
1509F8E0000
trusted library section
page readonly
1AAA000
unkown
page read and write
154D000
unkown
page read and write
40AD000
direct allocation
page read and write
4179000
direct allocation
page read and write
3CC1000
heap
page read and write
225E2FE0000
heap
page read and write
42DB000
direct allocation
page read and write
37C5000
direct allocation
page read and write
225E397C000
heap
page read and write
150A40FD000
heap
page read and write
2701000
heap
page read and write
28D1000
heap
page read and write
3CE1000
heap
page read and write
225E392E000
heap
page read and write
89BF000
stack
page read and write
57AC000
heap
page read and write
28D1000
heap
page read and write
225E395B000
heap
page read and write
3B61000
heap
page read and write
225E3929000
heap
page read and write
C50000
heap
page read and write
225E30AB000
heap
page read and write
225E40C4000
heap
page read and write
4200000
direct allocation
page read and write
1F31000
heap
page read and write
26A0000
heap
page read and write
3A2E07B000
stack
page read and write
EC0000
unkown
page execute read
1AE5000
unkown
page read and write
150A4260000
remote allocation
page read and write
3B61000
heap
page read and write
3B61000
heap
page read and write
1B53A45A000
trusted library allocation
page read and write
7314000
heap
page read and write
5EAF000
stack
page read and write
5B9E000
stack
page read and write
14D6000
unkown
page read and write
28D1000
heap
page read and write
3CE1000
heap
page read and write
5ED5000
direct allocation
page read and write
3CC1000
heap
page read and write
3CE1000
heap
page read and write
1B53C70D000
heap
page read and write
8A1CEF000
stack
page read and write
1509F8B0000
trusted library section
page readonly
60027000
unkown
page execute read
3CC0000
heap
page read and write
14DB000
unkown
page read and write
225E3952000
heap
page read and write
1EFA000
heap
page read and write
1C38000
heap
page read and write
1F31000
heap
page read and write
7267000
heap
page read and write
1EFA000
heap
page read and write
1BF0000
heap
page read and write
310E000
stack
page read and write
810000
heap
page read and write
5F0C000
direct allocation
page read and write
6026B000
unkown
page readonly
225E3ED0000
remote allocation
page read and write
796000
heap
page read and write
225E40A6000
heap
page read and write
1EFA000
heap
page read and write
10CB000
unkown
page execute read
42AA000
direct allocation
page read and write
1AE1000
unkown
page read and write
A78F000
stack
page read and write
3C32000
direct allocation
page read and write
79E000
heap
page read and write
5D7F000
stack
page read and write
225E40E1000
heap
page read and write
42F8000
direct allocation
page read and write
1B53870D000
heap
page read and write
759F000
stack
page read and write
1B3F000
direct allocation
page read and write
1509EA00000
heap
page read and write
3B61000
heap
page read and write
3CE1000
heap
page read and write
1F31000
heap
page read and write
14A9000
unkown
page execute read
2244000
heap
page read and write
1ED7000
heap
page read and write
BC8F000
stack
page read and write
674E000
stack
page read and write
225E3750000
trusted library allocation
page read and write
3C0E000
direct allocation
page read and write
1D6E000
stack
page read and write
1509EA94000
heap
page read and write
2C50000
direct allocation
page read and write
540E000
direct allocation
page read and write
3C00000
direct allocation
page read and write
2730000
heap
page read and write
7E8D0000
direct allocation
page read and write
1D14000
heap
page read and write
C60000
heap
page read and write
25D4000
heap
page read and write
21E4000
heap
page read and write
56AE000
stack
page read and write
8A1EFE000
stack
page read and write
14F3000
unkown
page read and write
3CE1000
heap
page read and write
150A4200000
trusted library allocation
page read and write
4681000
heap
page read and write
1FBA000
direct allocation
page read and write
3CE1000
heap
page read and write
28D1000
heap
page read and write
1B53873B000
heap
page read and write
98CF000
stack
page read and write
2731000
heap
page read and write
4600000
heap
page read and write
1B53A7F3000
heap
page read and write
225E3935000
heap
page read and write
1AFE000
direct allocation
page read and write
5B71000
heap
page read and write
2B11000
heap
page read and write
3EA0000
heap
page read and write
14D9000
unkown
page read and write
1EFB000
heap
page read and write
1AC0000
unkown
page read and write
44A0000
heap
page read and write
30CF000
stack
page read and write
3A21000
direct allocation
page read and write
7E6000
heap
page read and write
4601000
heap
page read and write
1B5386CE000
heap
page read and write
225E304F000
heap
page read and write
1FD2000
direct allocation
page read and write
14E3000
unkown
page read and write
3CE0000
heap
page read and write
2029000
direct allocation
page read and write
1F2D000
heap
page read and write
52A1000
direct allocation
page read and write
3DC3000
heap
page read and write
3CC1000
heap
page read and write
225E3907000
heap
page read and write
7A2000
heap
page read and write
3CE1000
heap
page read and write
1EE0000
unkown
page readonly
570000
heap
page read and write
2B6A000
heap
page read and write
150A40F7000
heap
page read and write
5A7F000
heap
page read and write
7F6F000
stack
page read and write
B7E000
stack
page read and write
4050000
direct allocation
page read and write
3760000
direct allocation
page read and write
225E3953000
heap
page read and write
51AE000
stack
page read and write
150A402D000
heap
page read and write
427A000
direct allocation
page read and write
28D1000
heap
page read and write
1AF1000
unkown
page read and write
3CE1000
heap
page read and write
1D14000
heap
page read and write
2030000
direct allocation
page read and write
54F0000
heap
page read and write
5A0000
heap
page read and write
806000
heap
page read and write
1A90000
heap
page read and write
28D1000
heap
page read and write
3C07000
direct allocation
page read and write
260E000
stack
page read and write
2708000
heap
page read and write
1B53C783000
heap
page read and write
1040000
unkown
page execute read
21E0000
heap
page read and write
225E3091000
heap
page read and write
59D0000
heap
page read and write
1F2C000
unkown
page readonly
423E000
direct allocation
page read and write
1F31000
heap
page read and write
273C000
heap
page read and write
1AAD000
unkown
page read and write
201A000
direct allocation
page read and write
A4F000
stack
page read and write
225E3933000
heap
page read and write
5270000
heap
page read and write
28D1000
heap
page read and write
1EFC000
heap
page read and write
810000
heap
page read and write
5EE000
stack
page read and write
2FCE000
stack
page read and write
225E3102000
heap
page read and write
1F76000
direct allocation
page read and write
1EFA000
heap
page read and write
2080000
heap
page read and write
1D14000
heap
page read and write
3CE4000
heap
page read and write
2745000
heap
page read and write
28D1000
heap
page read and write
266A000
direct allocation
page read and write
1B53C5D1000
heap
page read and write
1AB2000
unkown
page read and write
A88D000
stack
page read and write
1AF1000
unkown
page read and write
4601000
heap
page read and write
3B61000
heap
page read and write
25DE000
direct allocation
page read and write
4116000
direct allocation
page read and write
1EFD000
heap
page read and write
4601000
heap
page read and write
1F31000
heap
page read and write
1EFB000
heap
page read and write
1A16000
unkown
page execute read
1FCB000
direct allocation
page read and write
36F1000
heap
page read and write
225E3102000
heap
page read and write
2662000
direct allocation
page read and write
225E3802000
heap
page read and write
1F2D000
heap
page read and write
1E8E000
heap
page read and write
3DFC000
stack
page read and write
424C000
direct allocation
page read and write
7321000
heap
page read and write
A08F000
stack
page read and write
601CA000
unkown
page readonly
6F4000
heap
page read and write
8A1DFD000
stack
page read and write
28D1000
heap
page read and write
1B538614000
heap
page read and write
225E311A000
heap
page read and write
7303000
heap
page read and write
2244000
heap
page read and write
7D1000
heap
page read and write
5B20000
direct allocation
page read and write
225E3985000
heap
page read and write
1F78000
direct allocation
page read and write
5FC31000
unkown
page execute read
225E3967000
heap
page read and write
25E5000
direct allocation
page read and write
28D1000
heap
page read and write
1F6A000
unkown
page readonly
745F000
stack
page read and write
6D1F000
stack
page read and write
2723000
heap
page read and write
CD2000
unkown
page execute read
4124000
direct allocation
page read and write
225E3977000
heap
page read and write
225E392E000
heap
page read and write
1FE8000
direct allocation
page read and write
150A4260000
remote allocation
page read and write
4254000
direct allocation
page read and write
14DB000
unkown
page read and write
715E000
stack
page read and write
1B38000
direct allocation
page read and write
2B11000
heap
page read and write
3A2F87E000
unkown
page readonly
2B11000
heap
page read and write
28D1000
heap
page read and write
1F6C000
unkown
page readonly
CD1000
unkown
page execute read
2613000
direct allocation
page read and write
1F2D000
heap
page read and write
4601000
heap
page read and write
6F0000
heap
page read and write
1F95000
direct allocation
page read and write
B0ACD7E000
unkown
page readonly
1B15000
direct allocation
page read and write
4255000
direct allocation
page read and write
1AC0000
unkown
page read and write
1EC7000
unkown
page readonly
1F66000
direct allocation
page read and write
387C000
direct allocation
page read and write
20B0000
heap
page read and write
1A94000
heap
page read and write
225E4116000
heap
page read and write
C70000
unkown
page readonly
1EDF000
heap
page read and write
1BA8000
direct allocation
page read and write
2013000
direct allocation
page read and write
820000
heap
page read and write
25CE000
direct allocation
page read and write
1509F215000
heap
page read and write
225E397F000
heap
page read and write
225E40BC000
heap
page read and write
1F2D000
heap
page read and write
4B2C000
heap
page read and write
2631000
direct allocation
page read and write
5410000
direct allocation
page read and write
1F31000
heap
page read and write
1B538737000
heap
page read and write
53D6000
direct allocation
page read and write
3A2E37E000
unkown
page readonly
4263000
direct allocation
page read and write
7E2000
heap
page read and write
225E40A0000
heap
page read and write
57B7000
heap
page read and write
1F31000
heap
page read and write
1D24000
heap
page read and write
1B5386A9000
heap
page read and write
711E000
stack
page read and write
61CE000
stack
page read and write
225E40BC000
heap
page read and write
1B5385A0000
heap
page read and write
225E3900000
heap
page read and write
26FD000
heap
page read and write
4148000
direct allocation
page read and write
3CE1000
heap
page read and write
42C5000
direct allocation
page read and write
1509EA5B000
heap
page read and write
1B53A976000
heap
page read and write
4601000
heap
page read and write
3CE1000
heap
page read and write
4680000
heap
page read and write
1F2F000
unkown
page readonly
1EDB000
unkown
page readonly
3CC1000
heap
page read and write
5EC6000
direct allocation
page read and write
225E397B000
heap
page read and write
1509F313000
heap
page read and write
1EFA000
heap
page read and write
15B9000
unkown
page read and write
28D1000
heap
page read and write
72C1000
heap
page read and write
381E000
direct allocation
page read and write
5FF95000
unkown
page execute read
3CE1000
heap
page read and write
7CC000
heap
page read and write
150A3F00000
trusted library allocation
page read and write
225E3932000
heap
page read and write
225E3985000
heap
page read and write
1B53872B000
heap
page read and write
3BF1000
direct allocation
page read and write
21E4000
heap
page read and write
1BC0000
unkown
page readonly
2728000
direct allocation
page read and write
1EFA000
heap
page read and write
1E48000
heap
page read and write
1B538730000
heap
page read and write
225E405D000
heap
page read and write
3B61000
heap
page read and write
1F85000
unkown
page readonly
6004C000
unkown
page execute read
1AC0000
unkown
page read and write
272B000
heap
page read and write
1E99000
unkown
page readonly
14D6000
unkown
page read and write
7FF7C99A1000
unkown
page execute read
1B538720000
heap
page read and write
1B53C6DD000
heap
page read and write
601F1000
unkown
page readonly
2210000
heap
page read and write
225E3930000
heap
page read and write
3CE1000
heap
page read and write
1AF5000
unkown
page read and write
1FF7000
direct allocation
page read and write
1EB2000
unkown
page readonly
225E3929000
heap
page read and write
404E000
stack
page read and write
1D24000
heap
page read and write
225E3955000
heap
page read and write
5F10000
direct allocation
page read and write
5A79000
heap
page read and write
7F560000
direct allocation
page read and write
805000
heap
page read and write
28D1000
heap
page read and write
818000
heap
page read and write
1D14000
heap
page read and write
1ED8000
unkown
page readonly
225E3952000
heap
page read and write
225E397C000
heap
page read and write
150A3EE0000
trusted library allocation
page read and write
1EFA000
heap
page read and write
2004000
direct allocation
page read and write
225E311A000
heap
page read and write
1A94000
heap
page read and write
1B1B000
unkown
page read and write
1EFC000
heap
page read and write
1EFE000
heap
page read and write
1E40000
heap
page read and write
225E3935000
heap
page read and write
225E3932000
heap
page read and write
4681000
heap
page read and write
5B7C000
heap
page read and write
416A000
direct allocation
page read and write
728A000
heap
page read and write
1EFA000
heap
page read and write
1B53A8F4000
heap
page read and write
3CC1000
heap
page read and write
7280000
heap
page read and write
AFB000
stack
page read and write
5F3E000
direct allocation
page read and write
150C000
unkown
page read and write
5401000
direct allocation
page read and write
72DC000
heap
page read and write
5488000
direct allocation
page read and write
271A000
direct allocation
page read and write
1D14000
heap
page read and write
36F1000
heap
page read and write
773000
heap
page read and write
1060000
unkown
page execute read
225E40AA000
heap
page read and write
2085000
heap
page read and write
5FC30000
unkown
page readonly
2C0E000
stack
page read and write
AD0000
heap
page read and write
72E0000
heap
page read and write
2691000
direct allocation
page read and write
1FFD000
direct allocation
page read and write
6E50000
trusted library allocation
page read and write
28D1000
heap
page read and write
1F31000
heap
page read and write
806000
heap
page read and write
2078000
direct allocation
page read and write
2413000
heap
page read and write
2740000
heap
page read and write
1F2D000
heap
page read and write
5380000
heap
page read and write
1B53A975000
heap
page read and write
225E313B000
heap
page read and write
28D1000
heap
page read and write
3A45000
direct allocation
page read and write
6004F000
unkown
page execute read
B10000
unkown
page readonly
81AE000
stack
page read and write
1B53A7B3000
heap
page read and write
1EFC000
heap
page read and write
150A4041000
heap
page read and write
5F49000
direct allocation
page read and write
28D1000
heap
page read and write
72FC000
heap
page read and write
1B53873F000
heap
page read and write
1BB0000
heap
page read and write
59FF000
stack
page read and write
150A3EC1000
trusted library allocation
page read and write
1FF6000
direct allocation
page read and write
1509EA40000
heap
page read and write
5FAF000
stack
page read and write
7D3000
heap
page read and write
5C6F000
stack
page read and write
1CAE000
heap
page read and write
1FB5000
heap
page read and write
1515000
unkown
page read and write
3C2B000
direct allocation
page read and write
1960000
heap
page read and write
1F31000
heap
page read and write
225E3987000
heap
page read and write
3F40000
heap
page read and write
225E397B000
heap
page read and write
5FDCA000
unkown
page execute read
4265000
direct allocation
page read and write
B0AC878000
stack
page read and write
1B538707000
heap
page read and write
4201000
direct allocation
page read and write
26C3000
heap
page read and write
270C000
direct allocation
page read and write
1EFA000
heap
page read and write
1EFB000
heap
page read and write
225E3933000
heap
page read and write
4262000
direct allocation
page read and write
4314000
direct allocation
page read and write
26ED000
heap
page read and write
5550000
heap
page read and write
1B538738000
heap
page read and write
1B53870C000
heap
page read and write
72BF000
heap
page read and write
66E000
stack
page read and write
1BA0000
direct allocation
page read and write
2950000
heap
page read and write
1578000
unkown
page read and write
1B2A000
direct allocation
page read and write
42A3000
direct allocation
page read and write
2460000
heap
page read and write
26E1000
heap
page read and write
2105000
direct allocation
page read and write
1EFA000
heap
page read and write
14A9000
unkown
page execute read
3CC1000
heap
page read and write
225E392E000
heap
page read and write
2174000
direct allocation
page read and write
225E3952000
heap
page read and write
1D24000
heap
page read and write
650000
heap
page read and write
150A4020000
trusted library allocation
page read and write
1EFA000
heap
page read and write
225E313C000
heap
page read and write
28D1000
heap
page read and write
1F52000
heap
page read and write
1B53873E000
heap
page read and write
4288000
direct allocation
page read and write
225E3969000
heap
page read and write
2B11000
heap
page read and write
1B5B000
stack
page read and write
1B53A7F5000
heap
page read and write
537000
stack
page read and write
6E0000
heap
page read and write
7294000
heap
page read and write
601AD000
unkown
page read and write
67CE000
stack
page read and write
261F000
direct allocation
page read and write
3CE1000
heap
page read and write
225E37E0000
remote allocation
page read and write
730E000
heap
page read and write
1AF5000
unkown
page read and write
2732000
heap
page read and write
7329000
heap
page read and write
1EBA000
unkown
page readonly
A98F000
stack
page read and write
72DE000
heap
page read and write
8BCB000
stack
page read and write
3810000
direct allocation
page read and write
2B11000
heap
page read and write
1E9D000
unkown
page readonly
1FB2000
direct allocation
page read and write
7BB000
stack
page read and write
1B53873A000
heap
page read and write
4D10000
direct allocation
page read and write
2698000
direct allocation
page read and write
4104000
direct allocation
page read and write
225E3957000
heap
page read and write
1A94000
heap
page read and write
58CE000
stack
page read and write
28D1000
heap
page read and write
2B11000
heap
page read and write
3F20000
heap
page read and write
4278000
direct allocation
page read and write
1EAC000
heap
page read and write
1F2D000
heap
page read and write
1EFA000
heap
page read and write
1EFC000
heap
page read and write
7D0000
heap
page read and write
5FDD0000
unkown
page execute read
1B53C681000
heap
page read and write
573D000
stack
page read and write
5EE1000
direct allocation
page read and write
1EFA000
heap
page read and write
225E3933000
heap
page read and write
150A3FA0000
trusted library allocation
page read and write
3A2EF7C000
stack
page read and write
150A3EF0000
trusted library allocation
page read and write
3A2DC77000
stack
page read and write
225E3935000
heap
page read and write
1AB2000
unkown
page read and write
28D1000
heap
page read and write
54B0000
heap
page read and write
1EFC000
heap
page read and write
2244000
heap
page read and write
1509EAA1000
heap
page read and write
1B53C752000
heap
page read and write
261A000
direct allocation
page read and write
42A8000
direct allocation
page read and write
5690000
heap
page read and write
1509EA2B000
heap
page read and write
376F000
direct allocation
page read and write
5B7C000
heap
page read and write
1BC4000
direct allocation
page read and write
1B538738000
heap
page read and write
7B5000
heap
page read and write
225E40DC000
heap
page read and write
5C5E000
stack
page read and write
225E30B5000
heap
page read and write
5B7A000
direct allocation
page read and write
781000
heap
page read and write
601AD000
unkown
page read and write
1B53C65E000
heap
page read and write
225E3955000
heap
page read and write
1AE1000
unkown
page read and write
419E000
direct allocation
page read and write
2B8E000
stack
page read and write
1B53DB94000
heap
page read and write
1AAD000
unkown
page read and write
225E411A000
heap
page read and write
1B53873D000
heap
page read and write
225E3933000
heap
page read and write
3B61000
heap
page read and write
1EFA000
heap
page read and write
3CE1000
heap
page read and write
21F0000
heap
page read and write
3CC1000
heap
page read and write
818000
heap
page read and write
5A1E000
stack
page read and write
3A2EA7B000
stack
page read and write
1513000
unkown
page read and write
3CE1000
heap
page read and write
1B538727000
heap
page read and write
812000
heap
page read and write
25D4000
heap
page read and write
2737000
heap
page read and write
4681000
heap
page read and write
1EFC000
heap
page read and write
2B11000
heap
page read and write
3C1C000
direct allocation
page read and write
1B53C778000
heap
page read and write
4601000
heap
page read and write
2B6D000
heap
page read and write
37B5000
direct allocation
page read and write
1F62000
direct allocation
page read and write
1F31000
heap
page read and write
225E3978000
heap
page read and write
1F31000
heap
page read and write
3A2E87E000
unkown
page readonly
1AB2000
unkown
page read and write
6E5E000
stack
page read and write
5B27000
direct allocation
page read and write
225E3953000
heap
page read and write
4681000
heap
page read and write
225E4095000
heap
page read and write
1C0B000
heap
page read and write
1C40000
heap
page read and write
3F1F000
stack
page read and write
225E3935000
heap
page read and write
1FD1000
unkown
page readonly
5B60000
heap
page read and write
1D24000
heap
page read and write
426B000
direct allocation
page read and write
3A2F07E000
unkown
page readonly
1FAB000
direct allocation
page read and write
17FE000
stack
page read and write
225E37E0000
remote allocation
page read and write
1509E8E0000
heap
page read and write
5F68000
direct allocation
page read and write
3A2EDFE000
stack
page read and write
28D1000
heap
page read and write
422A000
direct allocation
page read and write
600B0000
unkown
page readonly
225E390E000
heap
page read and write
28D1000
heap
page read and write
2704000
direct allocation
page read and write
1B53872A000
heap
page read and write
4B26000
heap
page read and write
1B92000
direct allocation
page read and write
225E3935000
heap
page read and write
4681000
heap
page read and write
914F000
stack
page read and write
1F31000
heap
page read and write
21F5000
heap
page read and write
1F89000
direct allocation
page read and write
1509EAB2000
heap
page read and write
1EFC000
heap
page read and write
5FF08000
unkown
page execute read
1B53870D000
heap
page read and write
36F1000
heap
page read and write
3C88000
direct allocation
page read and write
41BE000
direct allocation
page read and write
1EFC000
heap
page read and write
5F21000
direct allocation
page read and write
4601000
heap
page read and write
1BC2000
unkown
page readonly
5DDE000
stack
page read and write
1EEE000
stack
page read and write
1FBA000
heap
page read and write
1A6D000
heap
page read and write
1F31000
heap
page read and write
225E308E000
heap
page read and write
5EFE000
direct allocation
page read and write
1EFA000
heap
page read and write
537F000
stack
page read and write
4268000
direct allocation
page read and write
2739000
heap
page read and write
6025F000
unkown
page readonly
225E3952000
heap
page read and write
1D14000
heap
page read and write
1597000
unkown
page read and write
1F71000
direct allocation
page read and write
438000
stack
page read and write
1F30000
heap
page read and write
225E3935000
heap
page read and write
1EFA000
heap
page read and write
1AAA000
unkown
page read and write
1EFA000
heap
page read and write
104B000
unkown
page execute read
3B61000
heap
page read and write
7FF7C9A0A000
unkown
page readonly
5544000
heap
page read and write
2244000
heap
page read and write
3CE1000
heap
page read and write
1B99000
direct allocation
page read and write
20DE000
direct allocation
page read and write
1B5386F8000
heap
page read and write
7A2000
heap
page read and write
3808000
direct allocation
page read and write
150C000
unkown
page read and write
1509EB13000
heap
page read and write
272B000
heap
page read and write
1AE5000
unkown
page read and write
1CAE000
heap
page read and write
1509F740000
trusted library allocation
page read and write
60362000
unkown
page read and write
1A57000
stack
page read and write
2749000
heap
page read and write
225E3972000
heap
page read and write
7B6E000
stack
page read and write
1F76000
unkown
page readonly
601B0000
unkown
page readonly
36F1000
heap
page read and write
1A57000
stack
page read and write
1511000
unkown
page execute read
1F54000
unkown
page readonly
1AC6000
unkown
page write copy
2B11000
heap
page read and write
14D6000
unkown
page write copy
41CE000
direct allocation
page read and write
654000
heap
page read and write
2B11000
heap
page read and write
1EFA000
heap
page read and write
1B53C64C000
heap
page read and write
225E40CE000
heap
page read and write
3D0E000
stack
page read and write
6F9E000
stack
page read and write
225E390E000
heap
page read and write
26FD000
heap
page read and write
72A2000
heap
page read and write
1F31000
heap
page read and write
1B53C6A8000
heap
page read and write
3CE1000
heap
page read and write
5FF86000
unkown
page execute read
225E397E000
heap
page read and write
7317000
heap
page read and write
150A40C1000
heap
page read and write
1B53872D000
heap
page read and write
225E305F000
heap
page read and write
5F5C000
direct allocation
page read and write
7FF7C99FB000
unkown
page write copy
424E000
direct allocation
page read and write
3A2E8FE000
stack
page read and write
5FF89000
unkown
page execute read
5BDE000
stack
page read and write
150A3EB0000
trusted library allocation
page read and write
1F60000
unkown
page readonly
1B22000
direct allocation
page read and write
2678000
direct allocation
page read and write
5471000
direct allocation
page read and write
5FFD7000
unkown
page execute read
234E000
stack
page read and write
2B65000
heap
page read and write
225E3953000
heap
page read and write
3CE1000
heap
page read and write
42BE000
direct allocation
page read and write
60362000
unkown
page read and write
7D1000
heap
page read and write
25EE000
stack
page read and write
1B53A7FB000
heap
page read and write
924F000
stack
page read and write
1EFA000
heap
page read and write
225E3933000
heap
page read and write
3C39000
direct allocation
page read and write
225E396E000
heap
page read and write
225E3932000
heap
page read and write
7AEF000
stack
page read and write
7FF7C9A0F000
unkown
page readonly
3B61000
heap
page read and write
1B53873A000
heap
page read and write
5580000
heap
page read and write
14D6000
unkown
page read and write
1EFB000
heap
page read and write
1EFA000
heap
page read and write
1340000
unkown
page execute read
B0AD57E000
unkown
page readonly
3C24000
direct allocation
page read and write
25D4000
heap
page read and write
225E3984000
heap
page read and write
788000
heap
page read and write
5A70000
heap
page read and write
225E40B2000
heap
page read and write
1EFA000
heap
page read and write
1D24000
heap
page read and write
36F1000
heap
page read and write
5F4E000
direct allocation
page read and write
5BBC000
direct allocation
page read and write
15BB000
unkown
page write copy
5EAF000
direct allocation
page read and write
4331000
direct allocation
page read and write
600A9000
unkown
page read and write
1B53A600000
heap
page read and write
70DF000
stack
page read and write
57B0000
heap
page read and write
4129000
direct allocation
page read and write
2702000
heap
page read and write
4681000
heap
page read and write
21E4000
heap
page read and write
267F000
direct allocation
page read and write
1FF0000
direct allocation
page read and write
26FE000
heap
page read and write
1AD8000
unkown
page read and write
344E000
stack
page read and write
3A10000
direct allocation
page read and write
2734000
heap
page read and write
7FF7C9A0A000
unkown
page readonly
225E392E000
heap
page read and write
1F2D000
heap
page read and write
225E390E000
heap
page read and write
225E395D000
heap
page read and write
1A06000
unkown
page execute read
1B53A7F3000
heap
page read and write
1EFA000
heap
page read and write
1F31000
heap
page read and write
1AD8000
unkown
page read and write
1F9D000
direct allocation
page read and write
5FF98000
unkown
page execute read
4460000
heap
page read and write
1B538711000
heap
page read and write
3A2E279000
stack
page read and write
26F1000
heap
page read and write
1BB0000
unkown
page write copy
348E000
stack
page read and write
1EFA000
heap
page read and write
1B5386E9000
heap
page read and write
225E3977000
heap
page read and write
28D1000
heap
page read and write
AD13000
heap
page read and write
7B8000
heap
page read and write
B0AD37E000
unkown
page readonly
3CE1000
heap
page read and write
6BEE000
stack
page read and write
749E000
stack
page read and write
225E3932000
heap
page read and write
225E4102000
heap
page read and write
225E3933000
heap
page read and write
1EFA000
heap
page read and write
50C0000
heap
page read and write
BE8F000
stack
page read and write
3B61000
heap
page read and write
225E396B000
heap
page read and write
225E3113000
heap
page read and write
2244000
heap
page read and write
1B53A610000
trusted library allocation
page read and write
81F000
heap
page read and write
1AEF000
unkown
page read and write
4681000
heap
page read and write
2B11000
heap
page read and write
3EB0000
heap
page read and write
2244000
heap
page read and write
4681000
heap
page read and write
1EFD000
heap
page read and write
1A94000
heap
page read and write
1F12000
unkown
page readonly
225E3980000
heap
page read and write
1B5386EB000
heap
page read and write
1B53A975000
heap
page read and write
7E6F000
stack
page read and write
4601000
heap
page read and write
225E3979000
heap
page read and write
4237000
direct allocation
page read and write
5213000
trusted library allocation
page read and write
150A4000000
heap
page read and write
4231000
direct allocation
page read and write
225E3959000
heap
page read and write
1B8D000
unkown
page read and write
14DB000
unkown
page read and write
1B6E000
direct allocation
page read and write
4245000
direct allocation
page read and write
21E9000
heap
page read and write
B0AD27E000
stack
page read and write
1D24000
heap
page read and write
412E000
direct allocation
page read and write
72F0000
heap
page read and write
225E3991000
heap
page read and write
1B53A975000
heap
page read and write
3C15000
direct allocation
page read and write
804000
heap
page read and write
7B9000
heap
page read and write
25F5000
direct allocation
page read and write
60227000
unkown
page readonly
1F2D000
heap
page read and write
F87000
unkown
page execute read
2B11000
heap
page read and write
1507000
unkown
page read and write
607E000
stack
page read and write
1EFA000
heap
page read and write
36F1000
heap
page read and write
225E3978000
heap
page read and write
1AB6000
unkown
page read and write
3EEC000
stack
page read and write
1D14000
heap
page read and write
1F31000
heap
page read and write
B19000
unkown
page execute read
225E309A000
heap
page read and write
2B11000
heap
page read and write
1D10000
heap
page read and write
5B30000
direct allocation
page execute and read and write
14AB000
unkown
page execute read
150A3EA0000
trusted library allocation
page read and write
7E1000
heap
page read and write
3A2F7FE000
stack
page read and write
21E4000
heap
page read and write
225E4008000
heap
page read and write
1B53873E000
heap
page read and write
2731000
heap
page read and write
25D4000
heap
page read and write
469E000
heap
page read and write
1B53C70B000
heap
page read and write
1B5386ED000
heap
page read and write
55C0000
trusted library allocation
page read and write
225E313F000
heap
page read and write
1021000
unkown
page execute read
150A408F000
heap
page read and write
2244000
heap
page read and write
5EEE000
direct allocation
page read and write
3DC0000
heap
page read and write
2112000
direct allocation
page read and write
1B53A979000
heap
page read and write
225E3937000
heap
page read and write
4CFF000
direct allocation
page read and write
1B62000
unkown
page read and write
725E000
stack
page read and write
225E3028000
heap
page read and write
72C6000
heap
page read and write
225E3930000
heap
page read and write
39E4000
direct allocation
page read and write
225E405A000
heap
page read and write
28D1000
heap
page read and write
B0AC97E000
unkown
page readonly
150A4260000
remote allocation
page read and write
1FE8000
direct allocation
page read and write
1558000
unkown
page read and write
5B3E000
stack
page read and write
1AEF000
unkown
page read and write
1F26000
direct allocation
page read and write
1EFA000
heap
page read and write
1509F31A000
heap
page read and write
2028000
direct allocation
page read and write
F8C000
unkown
page execute read
21F0000
heap
page read and write
7D9000
heap
page read and write
428F000
direct allocation
page read and write
1EFA000
heap
page read and write
225E392A000
heap
page read and write
2746000
heap
page read and write
1B53A7F3000
heap
page read and write
2747000
heap
page read and write
59C0000
heap
page read and write
806000
heap
page read and write
1AD7000
unkown
page read and write
3CC1000
heap
page read and write
6DE000
stack
page read and write
7FF7C9A0E000
unkown
page readonly
780000
heap
page read and write
225E403D000
heap
page read and write
1B538930000
heap
page read and write
1B79000
unkown
page read and write
5B35000
direct allocation
page read and write
3CC1000
heap
page read and write
96E000
stack
page read and write
1D14000
heap
page read and write
20C3000
direct allocation
page read and write
3A2ED7E000
unkown
page readonly
3CE1000
heap
page read and write
2732000
heap
page read and write
5FF05000
unkown
page execute read
6F4000
heap
page read and write
60265000
unkown
page readonly
21E0000
heap
page read and write
1F30000
heap
page read and write
2B0D000
stack
page read and write
299E000
stack
page read and write
6D5E000
stack
page read and write
225E397E000
heap
page read and write
3858000
direct allocation
page read and write
1AE9000
unkown
page read and write
A74000
heap
page read and write
72DC000
heap
page read and write
5FF62000
unkown
page execute read
3510000
direct allocation
page read and write
225E3976000
heap
page read and write
5420000
direct allocation
page read and write
72D9000
heap
page read and write
84BF000
stack
page read and write
26FD000
direct allocation
page read and write
72E0000
heap
page read and write
511E000
stack
page read and write
2244000
heap
page read and write
3A2DE7E000
stack
page read and write
1BAD000
unkown
page read and write
1F30000
heap
page read and write
1AEF000
unkown
page read and write
3CE1000
heap
page read and write
3CE1000
heap
page read and write
3BA4000
direct allocation
page read and write
546E000
direct allocation
page read and write
1E6F000
stack
page read and write
3C5D000
direct allocation
page read and write
3F20000
heap
page read and write
225E395A000
heap
page read and write
1F31000
heap
page read and write
225E30D7000
heap
page read and write
3CE1000
heap
page read and write
1F40000
direct allocation
page read and write
1D24000
heap
page read and write
1EFD000
heap
page read and write
4D01000
direct allocation
page read and write
9ACF000
stack
page read and write
6E50000
trusted library allocation
page read and write
680E000
stack
page read and write
620E000
stack
page read and write
1F2D000
heap
page read and write
1B67000
direct allocation
page read and write
225E30E4000
heap
page read and write
2BB000
stack
page read and write
1AB6000
unkown
page read and write
28D1000
heap
page read and write
3F40000
heap
page read and write
1D14000
heap
page read and write
26A8000
heap
page read and write
B0ABFBB000
stack
page read and write
28D0000
direct allocation
page execute and read and write
150A3EC0000
trusted library allocation
page read and write
72F0000
heap
page read and write
150A4010000
heap
page read and write
1EEB000
unkown
page readonly
954F000
stack
page read and write
23F8000
heap
page read and write
823000
heap
page read and write
225E3907000
heap
page read and write
1F31000
heap
page read and write
1AD8000
unkown
page read and write
3A2E57E000
unkown
page readonly
1509F070000
trusted library allocation
page read and write
1EB6000
unkown
page readonly
26AE000
direct allocation
page read and write
26F6000
direct allocation
page read and write
5387000
heap
page read and write
719E000
stack
page read and write
1F30000
heap
page read and write
1B8D000
unkown
page read and write
3CC1000
heap
page read and write
2B11000
heap
page read and write
225E40A7000
heap
page read and write
1B53C71B000
heap
page read and write
815000
heap
page read and write
2F0E000
stack
page read and write
21E4000
heap
page read and write
1D14000
heap
page read and write
1ABF000
direct allocation
page read and write
7E0000
heap
page read and write
1F30000
heap
page read and write
15C1000
unkown
page read and write
59CD000
stack
page read and write
1509F9E0000
trusted library allocation
page read and write
21FB000
stack
page read and write
28D0000
heap
page read and write
78F000
heap
page read and write
5B89000
direct allocation
page read and write
1FA5000
direct allocation
page read and write
40BD000
direct allocation
page read and write
225E392A000
heap
page read and write
B11000
unkown
page execute read
822000
heap
page read and write
7E3000
heap
page read and write
42B0000
direct allocation
page read and write
44A3000
heap
page read and write
2240000
heap
page read and write
14ED000
unkown
page read and write
225E313C000
heap
page read and write
3B61000
heap
page read and write
25F0000
direct allocation
page read and write
225E3933000
heap
page read and write
5296000
direct allocation
page read and write
1B53870B000
heap
page read and write
6C2B000
heap
page read and write
1AA5000
unkown
page read and write
1509EA73000
heap
page read and write
2030000
direct allocation
page execute and read and write
7FF7C99A0000
unkown
page readonly
41EB000
direct allocation
page read and write
1B53A771000
heap
page read and write
1FE1000
direct allocation
page read and write
7FA000
heap
page read and write
1F31000
heap
page read and write
1F6A000
direct allocation
page read and write
5BAE000
direct allocation
page read and write
225E3974000
heap
page read and write
225E396E000
heap
page read and write
225E313C000
heap
page read and write
2683000
heap
page read and write
821000
heap
page read and write
1B2D000
unkown
page read and write
1C0C000
heap
page read and write
1B53C57C000
heap
page read and write
4230000
heap
page read and write
1AF5000
unkown
page read and write
264E000
direct allocation
page read and write
3A28000
direct allocation
page read and write
2B60000
heap
page read and write
150A4061000
heap
page read and write
225E3989000
heap
page read and write
155C000
unkown
page read and write
1515000
unkown
page read and write
816D000
stack
page read and write
6E1E000
stack
page read and write
1B53C70F000
heap
page read and write
641F000
stack
page read and write
225E3930000
heap
page read and write
41E5000
direct allocation
page read and write
2737000
heap
page read and write
225E4078000
heap
page read and write
1509EA8B000
heap
page read and write
23F0000
heap
page read and write
56A0000
heap
page read and write
96CF000
stack
page read and write
1AEF000
unkown
page read and write
225E311B000
heap
page read and write
7267000
heap
page read and write
1B53872F000
heap
page read and write
28E2000
heap
page read and write
5FF15000
unkown
page execute read
1BB6000
direct allocation
page read and write
50C1000
heap
page read and write
1F31000
heap
page read and write
1511000
unkown
page read and write
19B8000
heap
page read and write
1AA5000
unkown
page read and write
41FA000
direct allocation
page read and write
1F2D000
heap
page read and write
9F8E000
stack
page read and write
7C6D000
stack
page read and write
5206000
trusted library allocation
page read and write
80C000
heap
page read and write
14E3000
unkown
page read and write
1A23000
unkown
page execute read
26DE000
heap
page read and write
2742000
heap
page read and write
2B40000
heap
page read and write
7D0000
heap
page read and write
1F2D000
heap
page read and write
1EFA000
heap
page read and write
B73000
unkown
page execute read
1D24000
heap
page read and write
1509EA9F000
heap
page read and write
1D24000
heap
page read and write
5ED9000
direct allocation
page read and write
1EFB000
heap
page read and write
4221000
direct allocation
page read and write
4208000
direct allocation
page read and write
1513000
unkown
page read and write
225E3930000
heap
page read and write
1F31000
heap
page read and write
1509E9E0000
heap
page read and write
2014000
direct allocation
page read and write
1B53A7B2000
heap
page read and write
86BD000
stack
page read and write
4601000
heap
page read and write
225E40AA000
heap
page read and write
3A2E5FE000
stack
page read and write
1F31000
heap
page read and write
1F2D000
heap
page read and write
1D24000
heap
page read and write
4681000
heap
page read and write
81E000
heap
page read and write
25BA000
direct allocation
page read and write
26C4000
direct allocation
page read and write
566E000
stack
page read and write
A70000
heap
page read and write
1F31000
heap
page read and write
2A0C000
stack
page read and write
4601000
heap
page read and write
7BA000
heap
page read and write
273C000
heap
page read and write
1509EA13000
heap
page read and write
1509FE30000
trusted library allocation
page read and write
5450000
direct allocation
page read and write
1F2D000
heap
page read and write
225E311A000
heap
page read and write
575C000
stack
page read and write
8A22FE000
stack
page read and write
1B53C6B4000
heap
page read and write
1B53C740000
heap
page read and write
3CE1000
heap
page read and write
3A2DD7E000
unkown
page readonly
3CE1000
heap
page read and write
225E311B000
heap
page read and write
150A3EC0000
trusted library allocation
page read and write
37F9000
direct allocation
page read and write
1FC1000
direct allocation
page read and write
3CE1000
heap
page read and write
1582000
unkown
page read and write
3CC1000
heap
page read and write
2198000
direct allocation
page read and write
1B538751000
heap
page read and write
601AC000
unkown
page read and write
1FB0000
heap
page read and write
7A5000
heap
page read and write
289E000
stack
page read and write
50CC000
heap
page read and write
2726000
heap
page read and write
DF3000
unkown
page execute read
1509F8F0000
trusted library section
page readonly
225E3815000
heap
page read and write
26CB000
direct allocation
page read and write
4681000
heap
page read and write
2B11000
heap
page read and write
4231000
heap
page read and write
413C000
direct allocation
page read and write
150A4210000
trusted library allocation
page read and write
1B53A934000
heap
page read and write
1EFC000
heap
page read and write
5FF22000
unkown
page execute read
1F51000
unkown
page readonly
3B61000
heap
page read and write
25D4000
heap
page read and write
BEB000
stack
page read and write
4601000
heap
page read and write
4601000
heap
page read and write
6F4000
heap
page read and write
1509EB29000
heap
page read and write
7264000
heap
page read and write
2244000
heap
page read and write
3A2F27E000
unkown
page readonly
1B53873A000
heap
page read and write
1D24000
heap
page read and write
3796000
direct allocation
page read and write
225E3935000
heap
page read and write
3150000
direct allocation
page read and write
4CF6000
direct allocation
page read and write
3CE1000
heap
page read and write
CBF000
unkown
page execute read
101F000
unkown
page execute read
810000
heap
page read and write
1598000
unkown
page read and write
A58F000
stack
page read and write
1ABF000
unkown
page read and write
2745000
heap
page read and write
150A3EF0000
trusted library allocation
page read and write
B0AC6FE000
stack
page read and write
225E4052000
heap
page read and write
158D000
unkown
page read and write
5F0000
heap
page read and write
1F98000
direct allocation
page read and write
C7A000
unkown
page execute read
1EFA000
heap
page read and write
51EE000
stack
page read and write
225E40A6000
heap
page read and write
1FC4000
direct allocation
page read and write
1AA8000
unkown
page read and write
150A40EA000
heap
page read and write
2B11000
heap
page read and write
4338000
direct allocation
page read and write
225E313B000
heap
page read and write
3A2E77E000
unkown
page readonly
7FF7C99A1000
unkown
page execute read
5215000
trusted library allocation
page read and write
54E0000
heap
page read and write
528F000
direct allocation
page read and write
1B53E581000
heap
page read and write
225E311B000
heap
page read and write
2244000
heap
page read and write
36F1000
heap
page read and write
7260000
heap
page read and write
1CAE000
heap
page read and write
225E30AB000
heap
page read and write
1B538728000
heap
page read and write
150A3F30000
trusted library allocation
page read and write
225E40C5000
heap
page read and write
225E311B000
heap
page read and write
B0AD07D000
stack
page read and write
150A3E40000
trusted library allocation
page read and write
21FB000
heap
page read and write
225E30A5000
heap
page read and write
B0ACA7C000
stack
page read and write
2B30000
heap
page read and write
225E3013000
heap
page read and write
1F4D000
direct allocation
page read and write
4601000
heap
page read and write
6E56000
trusted library allocation
page read and write
2647000
direct allocation
page read and write
206A000
direct allocation
page read and write
274A000
heap
page read and write
1AEC000
unkown
page read and write
2046000
direct allocation
page read and write
271B000
heap
page read and write
225E314D000
heap
page read and write
3BB000
stack
page read and write
812000
heap
page read and write
5B5E000
stack
page read and write
F23000
unkown
page execute read
544C000
direct allocation
page read and write
7AB000
heap
page read and write
1EFB000
heap
page read and write
1ECB000
heap
page read and write
225E3935000
heap
page read and write
383B000
direct allocation
page read and write
150A4058000
heap
page read and write
1F45000
direct allocation
page read and write
7B5000
heap
page read and write
225E393B000
heap
page read and write
225E309A000
heap
page read and write
2B11000
heap
page read and write
3AAA000
direct allocation
page read and write
2723000
heap
page read and write
37C9000
direct allocation
page read and write
3D70000
heap
page read and write
1319000
unkown
page execute read
1509F180000
trusted library section
page read and write
3CC1000
heap
page read and write
6EE000
stack
page read and write
28D1000
heap
page read and write
1B538610000
heap
page read and write
2618000
direct allocation
page read and write
7FF7C99E8000
unkown
page readonly
36F1000
heap
page read and write
3B61000
heap
page read and write
1D24000
heap
page read and write
20AF000
direct allocation
page read and write
3A2E97E000
unkown
page readonly
5F31000
direct allocation
page read and write
751000
heap
page read and write
28D1000
heap
page read and write
1F15000
unkown
page readonly
225E4013000
heap
page read and write
36F1000
heap
page read and write
15C1000
unkown
page read and write
2611000
direct allocation
page read and write
28F3000
heap
page read and write
4601000
heap
page read and write
225E313B000
heap
page read and write
3CC1000
heap
page read and write
1B53A580000
heap
page read and write
225E409D000
heap
page read and write
150A3F90000
trusted library allocation
page read and write
1B53873D000
heap
page read and write
46A0000
heap
page read and write
3B61000
heap
page read and write
1507000
unkown
page read and write
225E3985000
heap
page read and write
4601000
heap
page read and write
7E2000
heap
page read and write
40A0000
direct allocation
page read and write
225E395F000
heap
page read and write
1ADD000
unkown
page read and write
14DB000
unkown
page read and write
2671000
direct allocation
page read and write
7E2000
heap
page read and write
225E3985000
heap
page read and write
52B0000
direct allocation
page read and write
21E4000
heap
page read and write
225E390F000
heap
page read and write
20FB000
stack
page read and write
1EFA000
heap
page read and write
420F000
direct allocation
page read and write
5480000
direct allocation
page read and write
3D80000
heap
page read and write
3CE1000
heap
page read and write
695F000
stack
page read and write
4681000
heap
page read and write
1B53873A000
heap
page read and write
5B91000
direct allocation
page read and write
2743000
heap
page read and write
5C1E000
stack
page read and write
1AF5000
unkown
page read and write
225E3933000
heap
page read and write
36F1000
heap
page read and write
1B5385B0000
heap
page readonly
53E6000
direct allocation
page read and write
150A3F33000
trusted library allocation
page read and write
1A94000
heap
page read and write
225E397F000
heap
page read and write
3F30000
direct allocation
page execute and read and write
225E3972000
heap
page read and write
1EFC000
heap
page read and write
225E392B000
heap
page read and write
420F000
direct allocation
page read and write
668F000
stack
page read and write
225E3933000
heap
page read and write
28D1000
heap
page read and write
1B538935000
heap
page read and write
810000
heap
page read and write
60024000
unkown
page execute read
97CF000
stack
page read and write
7D6F000
stack
page read and write
3A2DF7E000
unkown
page readonly
225E392C000
heap
page read and write
1B53A731000
heap
page read and write
3CC1000
heap
page read and write
150A5000000
heap
page read and write
1EFC000
heap
page read and write
806F000
stack
page read and write
5E60000
heap
page read and write
3920000
heap
page read and write
40F8000
direct allocation
page read and write
225E3979000
heap
page read and write
225E40EF000
heap
page read and write
28D1000
heap
page read and write
1EFA000
heap
page read and write
41F2000
direct allocation
page read and write
1B53C57D000
heap
page read and write
150A3F90000
trusted library allocation
page read and write
1F28000
unkown
page readonly
21DE000
stack
page read and write
1F91000
direct allocation
page read and write
1B5B000
stack
page read and write
36F1000
heap
page read and write
225E390E000
heap
page read and write
225E3989000
heap
page read and write
B0AD17E000
unkown
page readonly
1155000
unkown
page execute read
1B5386F7000
heap
page read and write
5426000
direct allocation
page read and write
225E3040000
heap
page read and write
3883000
direct allocation
page read and write
1F2D000
heap
page read and write
C71000
unkown
page execute read
1BB7000
unkown
page read and write
41D5000
direct allocation
page read and write
150F000
unkown
page read and write
36F0000
heap
page read and write
21FA000
heap
page read and write
36F1000
heap
page read and write
1EFA000
heap
page read and write
99CF000
stack
page read and write
1AAA000
unkown
page read and write
225E4000000
heap
page read and write
101C000
unkown
page execute read
1EFC000
heap
page read and write
1B53C794000
heap
page read and write
2B69000
heap
page read and write
2B11000
heap
page read and write
601E7000
unkown
page readonly
28F3000
heap
page read and write
62CE000
stack
page read and write
1F31000
heap
page read and write
1B538711000
heap
page read and write
5D10000
heap
page read and write
3786000
direct allocation
page read and write
225E3952000
heap
page read and write
1B75000
direct allocation
page read and write
263E000
direct allocation
page read and write
2B11000
heap
page read and write
262E000
direct allocation
page read and write
1F31000
heap
page read and write
2BCE000
stack
page read and write
1BAD000
unkown
page read and write
8F4E000
stack
page read and write
8A25FA000
stack
page read and write
14E3000
unkown
page read and write
1BE0000
heap
page read and write
944D000
stack
page read and write
28D3000
heap
page read and write
1EFA000
heap
page read and write
5D9E000
stack
page read and write
1B53A7F7000
heap
page read and write
1EC5000
heap
page read and write
1EFD000
heap
page read and write
1BAD000
unkown
page read and write
8CCD000
stack
page read and write
314E000
stack
page read and write
1EFA000
heap
page read and write
81B000
heap
page read and write
1B5386CD000
heap
page read and write
4681000
heap
page read and write
225E3940000
heap
page read and write
2721000
direct allocation
page read and write
225E397D000
heap
page read and write
225E308F000
heap
page read and write
DB3000
unkown
page execute read
225E313C000
heap
page read and write
3C6C000
direct allocation
page read and write
2F8E000
stack
page read and write
2E8F000
stack
page read and write
3F70000
heap
page read and write
78E000
heap
page read and write
1EFC000
heap
page read and write
2B11000
heap
page read and write
1F4F000
direct allocation
page read and write
5AFF000
stack
page read and write
54FE000
heap
page read and write
1B6D000
unkown
page read and write
150A3F04000
trusted library allocation
page read and write
B0ACB7E000
unkown
page readonly
1ED6000
heap
page read and write
1F31000
heap
page read and write
1B53C6B1000
heap
page read and write
225E3976000
heap
page read and write
131D000
unkown
page execute read
3CE1000
heap
page read and write
41AA000
direct allocation
page read and write
B0AD47B000
stack
page read and write
225E314D000
heap
page read and write
1B60000
direct allocation
page read and write
1A3E000
stack
page read and write
20A0000
direct allocation
page read and write
1B53872C000
heap
page read and write
72DC000
heap
page read and write
5A60000
heap
page read and write
1EFD000
heap
page read and write
1ADF000
unkown
page read and write
19B0000
heap
page read and write
7A8000
heap
page read and write
8A23FF000
stack
page read and write
2725000
heap
page read and write
1598000
unkown
page read and write
4CEF000
direct allocation
page read and write
2653000
direct allocation
page read and write
1FC8000
direct allocation
page read and write
28D1000
heap
page read and write
1B53BD70000
trusted library allocation
page read and write
A74000
heap
page read and write
37BD000
direct allocation
page read and write
1EFA000
heap
page read and write
6F0000
heap
page read and write
1EFC000
heap
page read and write
756000
heap
page read and write
3E20000
heap
page read and write
1F0E000
unkown
page readonly
28B0000
heap
page read and write
6A6F000
stack
page read and write
225E4078000
heap
page read and write
1FB5000
direct allocation
page read and write
1EFA000
heap
page read and write
1EFA000
heap
page read and write
1B53A730000
heap
page read and write
3B60000
heap
page read and write
295B000
heap
page read and write
BA8F000
stack
page read and write
1B8B000
direct allocation
page read and write
1B53870C000
heap
page read and write
5522000
heap
page read and write
1F55000
direct allocation
page read and write
7278000
heap
page read and write
27B8000
heap
page read and write
8FB000
stack
page read and write
25F3000
direct allocation
page read and write
1B53C744000
heap
page read and write
1E70000
heap
page read and write
26ED000
heap
page read and write
200C000
direct allocation
page read and write
4681000
heap
page read and write
2C4E000
stack
page read and write
225E40CB000
heap
page read and write
55E0000
heap
page read and write
5550000
heap
page read and write
3EFF000
stack
page read and write
1EA6000
unkown
page readonly
1509EA8D000
heap
page read and write
1F08000
unkown
page readonly
6C28000
heap
page read and write
A38F000
stack
page read and write
1EFD000
heap
page read and write
3CE1000
heap
page read and write
3CC1000
heap
page read and write
3D40000
direct allocation
page execute and read and write
36F1000
heap
page read and write
1EFA000
heap
page read and write
1509EAFF000
heap
page read and write
207B000
heap
page read and write
779B000
stack
page read and write
1C0A000
heap
page read and write
3CE1000
heap
page read and write
624E000
stack
page read and write
1A6D000
heap
page read and write
36F1000
heap
page read and write
783000
heap
page read and write
225E392D000
heap
page read and write
150A404E000
heap
page read and write
3CF0000
heap
page read and write
3B61000
heap
page read and write
1C2D000
heap
page read and write
1B53A831000
heap
page read and write
4211000
direct allocation
page read and write
1F31000
heap
page read and write
1E78000
heap
page read and write
1EFD000
heap
page read and write
1B538709000
heap
page read and write
3B61000
heap
page read and write
350E000
stack
page read and write
1B53C60E000
heap
page read and write
1FCF000
direct allocation
page read and write
36F1000
heap
page read and write
225E4102000
heap
page read and write
3F23000
heap
page read and write
5C7E000
stack
page read and write
5FFA6000
unkown
page execute read
601AC000
unkown
page read and write
225E313B000
heap
page read and write
601AD000
unkown
page read and write
6002D000
unkown
page execute read
1FA9000
direct allocation
page read and write
50C6000
heap
page read and write
2638000
direct allocation
page read and write
225E3092000
heap
page read and write
1B538660000
heap
page read and write
3BBC000
direct allocation
page read and write
617F000
stack
page read and write
1B79000
unkown
page read and write
1F19000
unkown
page readonly
1EFA000
heap
page read and write
225E3077000
heap
page read and write
1D20000
heap
page read and write
1F3C000
unkown
page readonly
C59000
unkown
page execute read
5FE7C000
unkown
page execute read
1B79000
unkown
page read and write
4181000
direct allocation
page read and write
1B39000
unkown
page read and write
1B53C66F000
heap
page read and write
1F30000
heap
page read and write
265B000
direct allocation
page read and write
57A1000
heap
page read and write
82AE000
stack
page read and write
1B53A830000
heap
page read and write
225E3977000
heap
page read and write
1B53BD78000
heap
page read and write
1D14000
heap
page read and write
274D000
heap
page read and write
26E8000
direct allocation
page read and write
1C05000
heap
page read and write
1EFD000
heap
page read and write
1D14000
heap
page read and write
225E3933000
heap
page read and write
2244000
heap
page read and write
1509F401000
trusted library allocation
page read and write
A74000
heap
page read and write
37DA000
direct allocation
page read and write
79E000
heap
page read and write
5B71000
heap
page read and write
2731000
heap
page read and write
225E3935000
heap
page read and write
5464000
direct allocation
page read and write
5E75000
direct allocation
page read and write
38D0000
direct allocation
page read and write
225E408B000
heap
page read and write
25D4000
heap
page read and write
25D0000
heap
page read and write
15CB000
unkown
page readonly
388A000
direct allocation
page read and write
1B78000
unkown
page read and write
37D2000
direct allocation
page read and write
1F4B000
unkown
page readonly
1F31000
heap
page read and write
225E3932000
heap
page read and write
1B538693000
heap
page read and write
72A2000
heap
page read and write
2741000
heap
page read and write
57A0000
heap
page read and write
1B53873B000
heap
page read and write
150A40BA000
heap
page read and write
5FEA9000
unkown
page execute read
225E3800000
heap
page read and write
21F9000
heap
page read and write
4306000
direct allocation
page read and write
1EFA000
heap
page read and write
225E3933000
heap
page read and write
1EFA000
heap
page read and write
225E3099000
heap
page read and write
1F6F000
unkown
page readonly
1F59000
direct allocation
page read and write
1F7F000
direct allocation
page read and write
28A0000
heap
page read and write
1B53A975000
heap
page read and write
5E5E000
direct allocation
page read and write
1509F302000
heap
page read and write
1BDA000
direct allocation
page read and write
3A2EBFE000
stack
page read and write
2038000
direct allocation
page read and write
83BD000
stack
page read and write
3CE1000
heap
page read and write
1AF5000
unkown
page read and write
1B53A610000
heap
page read and write
1E88000
heap
page read and write
1EFD000
heap
page read and write
14D6000
unkown
page read and write
225E4050000
heap
page read and write
3E1C000
stack
page read and write
36F1000
heap
page read and write
377A000
direct allocation
page read and write
4B21000
heap
page read and write
46BB000
heap
page read and write
25B3000
direct allocation
page read and write
150A40D9000
heap
page read and write
1F31000
heap
page read and write
225E3913000
heap
page read and write
1BE8000
direct allocation
page read and write
3842000
direct allocation
page read and write
42B8000
direct allocation
page read and write
225E3952000
heap
page read and write
53B000
stack
page read and write
6F4000
heap
page read and write
51F0000
trusted library allocation
page read and write
A0E000
stack
page read and write
225E30F6000
heap
page read and write
24FB000
stack
page read and write
41B8000
direct allocation
page read and write
225E4112000
heap
page read and write
21CD000
stack
page read and write
3790000
direct allocation
page read and write
225E395B000
heap
page read and write
7F560000
direct allocation
page read and write
1AE6000
direct allocation
page read and write
41B0000
direct allocation
page read and write
1F2D000
heap
page read and write
1B51000
direct allocation
page read and write
7FF7C99FB000
unkown
page read and write
225E403B000
heap
page read and write
18BF000
stack
page read and write
520B000
trusted library allocation
page read and write
2B11000
heap
page read and write
755000
heap
page read and write
150A4102000
heap
page read and write
7FF7C99E8000
unkown
page readonly
3CC1000
heap
page read and write
4E41000
heap
page read and write
50D0000
remote allocation
page read and write
225E3974000
heap
page read and write
273A000
heap
page read and write
2F4D000
stack
page read and write
1F93000
unkown
page readonly
C5B000
unkown
page execute read
4601000
heap
page read and write
270B000
heap
page read and write
37AE000
direct allocation
page read and write
3834000
direct allocation
page read and write
5F5F000
direct allocation
page read and write
150F000
unkown
page read and write
225E3910000
heap
page read and write
150A4020000
heap
page read and write
4601000
heap
page read and write
4601000
heap
page read and write
27CF000
stack
page read and write
5BA9000
direct allocation
page read and write
AD80000
heap
page read and write
72CC000
heap
page read and write
1BAD000
unkown
page read and write
37E8000
direct allocation
page read and write
60236000
unkown
page readonly
225E405A000
heap
page read and write
225E40A3000
heap
page read and write
1EC2000
unkown
page readonly
1B5385C0000
heap
page read and write
1B5385E0000
heap
page read and write
1EF4000
heap
page read and write
225E395B000
heap
page read and write
2590000
direct allocation
page read and write
225E3952000
heap
page read and write
4228000
direct allocation
page read and write
2747000
heap
page read and write
225E3929000
heap
page read and write
5BC0000
direct allocation
page read and write
1AF1000
unkown
page read and write
74A000
heap
page read and write
3BF8000
direct allocation
page read and write
7286000
heap
page read and write
3650000
direct allocation
page read and write
1B538739000
heap
page read and write
3A2EB7E000
unkown
page readonly
670000
heap
page read and write
7A8000
heap
page read and write
425B000
direct allocation
page read and write
8A1CF9000
stack
page read and write
1509EABC000
heap
page read and write
620000
heap
page read and write
1EFA000
heap
page read and write
1B53A871000
heap
page read and write
656D000
stack
page read and write
1EFC000
heap
page read and write
92E000
stack
page read and write
4601000
heap
page read and write
1509EA6E000
heap
page read and write
8A1CF5000
stack
page read and write
1B538728000
heap
page read and write
1B8D000
unkown
page read and write
28D1000
heap
page read and write
225E3978000
heap
page read and write
1509F31B000
heap
page read and write
2730000
heap
page read and write
3A2E7FE000
stack
page read and write
1ED4000
unkown
page readonly
3CC1000
heap
page read and write
1B53873F000
heap
page read and write
225E3930000
heap
page read and write
5480000
direct allocation
page read and write
9AE000
stack
page read and write
28D1000
heap
page read and write
4294000
direct allocation
page read and write
1AAA000
unkown
page read and write
2708000
heap
page read and write
2955000
heap
page read and write
225E3932000
heap
page read and write
225E37E0000
remote allocation
page read and write
2725000
heap
page read and write
1B53A872000
heap
page read and write
5F1A000
direct allocation
page read and write
3CC1000
heap
page read and write
1EE0000
heap
page read and write
2580000
heap
page read and write
87BF000
stack
page read and write
20CA000
direct allocation
page read and write
4272000
direct allocation
page read and write
69E000
stack
page read and write
1B53C674000
heap
page read and write
225E392B000
heap
page read and write
3F73000
heap
page read and write
225E3978000
heap
page read and write
7270000
heap
page read and write
1EFA000
heap
page read and write
26E5000
heap
page read and write
601B4000
unkown
page readonly
274B000
heap
page read and write
1B538703000
heap
page read and write
26FD000
heap
page read and write
7F670000
direct allocation
page read and write
150F000
unkown
page read and write
2B11000
heap
page read and write
225E397B000
heap
page read and write
601AD000
unkown
page read and write
2005000
direct allocation
page read and write
1D24000
heap
page read and write
26DE000
heap
page read and write
7E2000
heap
page read and write
225E3930000
heap
page read and write
225E395D000
heap
page read and write
1EBA000
heap
page read and write
2B11000
heap
page read and write
80B000
heap
page read and write
225E392B000
heap
page read and write
1D24000
heap
page read and write
295D000
heap
page read and write
1B53A7F4000
heap
page read and write
1D14000
heap
page read and write
1509F8A0000
trusted library section
page readonly
4D20000
direct allocation
page read and write
1F31000
heap
page read and write
4D49000
direct allocation
page read and write
7FF7C9A04000
unkown
page read and write
1B31000
direct allocation
page read and write
A68D000
stack
page read and write
5EBF000
direct allocation
page read and write
2244000
heap
page read and write
36F1000
heap
page read and write
FF8000
unkown
page execute read
3CC1000
heap
page read and write
36F1000
heap
page read and write
C70000
unkown
page readonly
3B61000
heap
page read and write
4681000
heap
page read and write
1B3C000
unkown
page read and write
3CE1000
heap
page read and write
225E3076000
heap
page read and write
1ABE000
unkown
page read and write
1EFA000
heap
page read and write
2788000
heap
page read and write
1EFA000
heap
page read and write
7B910000
direct allocation
page read and write
1EF3000
unkown
page readonly
1B5386AE000
heap
page read and write
1FCE000
unkown
page readonly
4109000
direct allocation
page read and write
6FDE000
stack
page read and write
3CE1000
heap
page read and write
544E000
direct allocation
page read and write
1B53893E000
heap
page read and write
28D1000
heap
page read and write
1B84000
direct allocation
page read and write
A74000
heap
page read and write
1AAD000
unkown
page read and write
1EA0000
unkown
page readonly
15B9000
unkown
page read and write
1B53A935000
heap
page read and write
7EB000
heap
page read and write
4601000
heap
page read and write
14CB000
unkown
page execute read
601D1000
unkown
page readonly
3CC1000
heap
page read and write
3CC1000
heap
page read and write
257E000
stack
page read and write
685E000
stack
page read and write
36F1000
heap
page read and write
515E000
stack
page read and write
3A2F17E000
stack
page read and write
2700000
heap
page read and write
1F3E000
direct allocation
page read and write
B0ACF7E000
unkown
page readonly
5ECA000
direct allocation
page read and write
1C3A000
heap
page read and write
B0AC67E000
unkown
page readonly
1B538736000
heap
page read and write
3CC1000
heap
page read and write
225E40F2000
heap
page read and write
225E3979000
heap
page read and write
28D1000
heap
page read and write
6E9E000
stack
page read and write
822000
heap
page read and write
1509F200000
heap
page read and write
51F0000
trusted library allocation
page read and write
9F0D000
stack
page read and write
1B53870D000
heap
page read and write
60247000
unkown
page readonly
1AAA000
unkown
page read and write
7305000
heap
page read and write
1AEC000
unkown
page read and write
3898000
direct allocation
page read and write
527E000
stack
page read and write
1BCC000
direct allocation
page read and write
225E395A000
heap
page read and write
428D000
direct allocation
page read and write
1C0E000
heap
page read and write
A28F000
stack
page read and write
225E3084000
heap
page read and write
2063000
direct allocation
page read and write
904F000
stack
page read and write
7D6000
heap
page read and write
225E4081000
heap
page read and write
654000
heap
page read and write
1AB2000
unkown
page read and write
150A3F00000
trusted library allocation
page read and write
225E311B000
heap
page read and write
225E392E000
heap
page read and write
150A4010000
trusted library allocation
page read and write
225E392F000
heap
page read and write
4601000
heap
page read and write
5C3F000
stack
page read and write
225E390E000
heap
page read and write
7C5000
heap
page read and write
1AA5000
unkown
page read and write
1B53A73D000
heap
page read and write
5EF9000
direct allocation
page read and write
50D0000
remote allocation
page read and write
225E3927000
heap
page read and write
225E3987000
heap
page read and write
26BC000
direct allocation
page read and write
225E3987000
heap
page read and write
14E3000
unkown
page read and write
7270000
heap
page read and write
7E3000
heap
page read and write
654000
heap
page read and write
1B53C6D8000
heap
page read and write
7D1000
heap
page read and write
1FD9000
direct allocation
page read and write
3CC1000
heap
page read and write
2244000
heap
page read and write
1507000
unkown
page read and write
4180000
direct allocation
page read and write
5E6E000
direct allocation
page read and write
2B4E000
stack
page read and write
80A000
heap
page read and write
150A4054000
heap
page read and write
150A410B000
heap
page read and write
1E7C000
heap
page read and write
225E407E000
heap
page read and write
36F1000
heap
page read and write
1A94000
heap
page read and write
225E3976000
heap
page read and write
1E97000
unkown
page readonly
2B10000
heap
page read and write
1F2D000
heap
page read and write
1F23000
unkown
page readonly
413F000
direct allocation
page read and write
225E3933000
heap
page read and write
1D14000
heap
page read and write
1EFA000
heap
page read and write
1B53870D000
heap
page read and write
1D24000
heap
page read and write
799F000
stack
page read and write
73CF000
stack
page read and write
2ECE000
stack
page read and write
2B11000
heap
page read and write
AF0000
direct allocation
page execute and read and write
5409000
direct allocation
page read and write
225E30F5000
heap
page read and write
563D000
stack
page read and write
1F5A000
direct allocation
page read and write
225E397A000
heap
page read and write
3CC2000
heap
page read and write
4199000
direct allocation
page read and write
3CC1000
heap
page read and write
20EE000
direct allocation
page read and write
5FFAA000
unkown
page execute read
601C0000
unkown
page readonly
1509EA8F000
heap
page read and write
1F2D000
heap
page read and write
1B53D194000
heap
page read and write
4601000
heap
page read and write
225E4106000
heap
page read and write
2244000
heap
page read and write
200C000
direct allocation
page read and write
2713000
direct allocation
page read and write
1D24000
heap
page read and write
1D14000
heap
page read and write
1AEF000
unkown
page read and write
1EFA000
heap
page read and write
4B20000
heap
page read and write
3CE1000
heap
page read and write
1B7C000
direct allocation
page read and write
5FD30000
unkown
page readonly
225E4116000
heap
page read and write
1F5E000
unkown
page readonly
156D000
unkown
page read and write
B0AC579000
stack
page read and write
2705000
heap
page read and write
34CE000
stack
page read and write
2723000
heap
page read and write
36F1000
heap
page read and write
5FD31000
unkown
page execute read
1AA5000
unkown
page read and write
5FF9C000
unkown
page execute read
3CE1000
heap
page read and write
3CE1000
heap
page read and write
225E40C2000
heap
page read and write
26FD000
heap
page read and write
1F8E000
direct allocation
page read and write
1FEF000
direct allocation
page read and write
225E30A5000
heap
page read and write
225E3929000
heap
page read and write
1B53A8F3000
heap
page read and write
2602000
direct allocation
page read and write
3B00000
direct allocation
page read and write
1F31000
heap
page read and write
1EFA000
heap
page read and write
1EFA000
heap
page read and write
14D9000
unkown
page read and write
1BF8000
heap
page read and write
25D4000
heap
page read and write
1B5386BC000
heap
page read and write
3CE1000
heap
page read and write
1509E900000
heap
page read and write
225E2FC0000
heap
page read and write
3CE1000
heap
page read and write
1F5B000
direct allocation
page read and write
628E000
stack
page read and write
1ECC000
unkown
page readonly
1B53873E000
heap
page read and write
28D1000
heap
page read and write
3A2E6FE000
stack
page read and write
1EAA000
unkown
page readonly
3A2E67E000
unkown
page readonly
225E3953000
heap
page read and write
3A2E17E000
unkown
page readonly
8A21FE000
stack
page read and write
1EFC000
heap
page read and write
1F30000
heap
page read and write
5B70000
heap
page read and write
225E397D000
heap
page read and write
1B53A7F3000
heap
page read and write
1B53A772000
heap
page read and write
1B53BD71000
heap
page read and write
3817000
direct allocation
page read and write
28F0000
heap
page read and write
1FA7000
direct allocation
page read and write
201B000
direct allocation
page read and write
1F58000
unkown
page readonly
4DC0000
heap
page read and write
431C000
direct allocation
page read and write
3CE1000
heap
page read and write
818000
heap
page read and write
2B11000
heap
page read and write
1A94000
heap
page read and write
4601000
heap
page read and write
1EBE000
unkown
page readonly
585E000
stack
page read and write
21E4000
heap
page read and write
41A3000
direct allocation
page read and write
150D000
unkown
page read and write
562E000
stack
page read and write
2723000
heap
page read and write
2050000
heap
page read and write
3A2EE7E000
unkown
page readonly
1B58000
direct allocation
page read and write
1ADD000
unkown
page read and write
1509F300000
heap
page read and write
1D14000
heap
page read and write
203F000
direct allocation
page read and write
646D000
stack
page read and write
3E90000
heap
page read and write
1B53871A000
heap
page read and write
2655000
direct allocation
page read and write
28D1000
heap
page read and write
225E398B000
heap
page read and write
225E395A000
heap
page read and write
81B000
heap
page read and write
60267000
unkown
page write copy
3CE1000
heap
page read and write
295A000
heap
page read and write
2B11000
heap
page read and write
BD8F000
stack
page read and write
41FF000
stack
page read and write
1B49000
direct allocation
page read and write
4281000
direct allocation
page read and write
1509EB02000
heap
page read and write
1515000
unkown
page read and write
7C2000
heap
page read and write
225E314D000
heap
page read and write
7CE000
heap
page read and write
1B8D000
unkown
page read and write
1EFA000
heap
page read and write
7290000
heap
page read and write
1B53871A000
heap
page read and write
225E40CB000
heap
page read and write
26F1000
heap
page read and write
3BA0000
direct allocation
page read and write
1593000
unkown
page read and write
6001F000
unkown
page execute read
2731000
heap
page read and write
225E3935000
heap
page read and write
1B53A441000
trusted library allocation
page read and write
429C000
direct allocation
page read and write
5B10000
direct allocation
page read and write
225E3985000
heap
page read and write
225E313C000
heap
page read and write
19ED000
heap
page read and write
432A000
direct allocation
page read and write
2780000
heap
page read and write
21E4000
heap
page read and write
5B9E000
direct allocation
page read and write
3CE1000
heap
page read and write
5488000
direct allocation
page read and write
225E3983000
heap
page read and write
6F9000
heap
page read and write
1B74000
unkown
page read and write
4681000
heap
page read and write
410F000
direct allocation
page read and write
3EA0000
heap
page read and write
26A7000
direct allocation
page read and write
1B538704000
heap
page read and write
2244000
heap
page read and write
1940000
direct allocation
page execute and read and write
15C9000
unkown
page readonly
1EFA000
heap
page read and write
3CC1000
heap
page read and write
26E2000
heap
page read and write
5507000
heap
page read and write
14E5000
unkown
page read and write
412C000
direct allocation
page read and write
225E3977000
heap
page read and write
8E4E000
stack
page read and write
2B11000
heap
page read and write
2645000
direct allocation
page read and write
7F070000
direct allocation
page read and write
340E000
stack
page read and write
1B53873D000
heap
page read and write
1FE0000
direct allocation
page read and write
4601000
heap
page read and write
225E4106000
heap
page read and write
26DF000
stack
page read and write
1B0D000
direct allocation
page read and write
3849000
direct allocation
page read and write
1A94000
heap
page read and write
4103000
direct allocation
page read and write
602E000
stack
page read and write
806000
heap
page read and write
5FFDA000
unkown
page execute read
26DE000
heap
page read and write
5BC8000
direct allocation
page read and write
4681000
heap
page read and write
1BD3000
direct allocation
page read and write
8A24FB000
stack
page read and write
338F000
stack
page read and write
1C00000
heap
page read and write
3B61000
heap
page read and write
225E3953000
heap
page read and write
5EDF000
stack
page read and write
225E40DE000
heap
page read and write
568E000
stack
page read and write
3B61000
heap
page read and write
5220000
heap
page read and write
1BBD000
direct allocation
page read and write
1F30000
heap
page read and write
225E3954000
heap
page read and write
5A67000
heap
page read and write
A74000
heap
page read and write
2910000
heap
page read and write
934F000
stack
page read and write
3A54000
direct allocation
page read and write
430D000
direct allocation
page read and write
1BAF000
direct allocation
page read and write
418E000
direct allocation
page read and write
28D1000
heap
page read and write
260A000
direct allocation
page read and write
3CE1000
heap
page read and write
1B538720000
heap
page read and write
3CCE000
stack
page read and write
1EFA000
heap
page read and write
207C000
heap
page read and write
42B7000
direct allocation
page read and write
3825000
direct allocation
page read and write
6017E000
unkown
page readonly
28D1000
heap
page read and write
72D9000
heap
page read and write
A74000
heap
page read and write
3CE1000
heap
page read and write
1509F202000
heap
page read and write
1B05000
direct allocation
page read and write
1ADF000
unkown
page read and write
8EF000
stack
page read and write
C60000
heap
page read and write
728A000
heap
page read and write
1EFA000
heap
page read and write
5E84000
direct allocation
page read and write
2737000
heap
page read and write
3D20000
heap
page read and write
150A40BC000
heap
page read and write
771F000
stack
page read and write
C79000
unkown
page execute read
3CC1000
heap
page read and write
9EE000
stack
page read and write
1ECF000
unkown
page readonly
5419000
direct allocation
page read and write
14F8000
unkown
page write copy
1FD9000
direct allocation
page read and write
1EFC000
heap
page read and write
5FF5F000
unkown
page execute read
210B000
direct allocation
page read and write
2103000
direct allocation
page read and write
225E406F000
heap
page read and write
150A40E6000
heap
page read and write
1B53C719000
heap
page read and write
60362000
unkown
page read and write
3A2E47B000
stack
page read and write
225E405F000
heap
page read and write
A74000
heap
page read and write
225E406E000
heap
page read and write
6026F000
unkown
page readonly
225E4100000
heap
page read and write
469A000
heap
page read and write
601A9000
unkown
page read and write
42D4000
direct allocation
page read and write
1F2D000
heap
page read and write
271E000
stack
page read and write
1725000
unkown
page readonly
1B4D000
unkown
page read and write
1DEE000
stack
page read and write
7280000
heap
page read and write
4681000
heap
page read and write
3CE1000
heap
page read and write
1F30000
heap
page read and write
4231000
heap
page read and write
1FFE000
direct allocation
page read and write
7DF000
heap
page read and write
225E397F000
heap
page read and write
225E2FF0000
heap
page read and write
5471000
direct allocation
page read and write
3CE1000
heap
page read and write
1FBC000
direct allocation
page read and write
79C000
heap
page read and write
5240000
heap
page read and write
27A5000
heap
page read and write
1509EA28000
heap
page read and write
225E3956000
heap
page read and write
7D6000
heap
page read and write
3801000
direct allocation
page read and write
7E5D4000
direct allocation
page read and write
2021000
direct allocation
page read and write
1D14000
heap
page read and write
225E3987000
heap
page read and write
19FA000
heap
page read and write
3A2D6FB000
stack
page read and write
6F4000
heap
page read and write
7E2B0000
direct allocation
page read and write
1B53A8B3000
heap
page read and write
225E4112000
heap
page read and write
B10000
unkown
page readonly
4286000
direct allocation
page read and write
1B538727000
heap
page read and write
1BB1000
unkown
page read and write
1FA1000
direct allocation
page read and write
1AF3000
unkown
page read and write
3CE1000
heap
page read and write
1B53A8B2000
heap
page read and write
2022000
direct allocation
page read and write
789F000
stack
page read and write
601AD000
unkown
page read and write
225E3981000
heap
page read and write
1C44000
heap
page read and write
225E3000000
heap
page read and write
6B6F000
stack
page read and write
1B8D000
unkown
page read and write
7EB80000
direct allocation
page read and write
1EFA000
heap
page read and write
1ADD000
unkown
page read and write
42B1000
direct allocation
page read and write
563E000
stack
page read and write
225E4102000
heap
page read and write
7E2000
heap
page read and write
1EFD000
heap
page read and write
150A3E30000
trusted library allocation
page read and write
220E000
stack
page read and write
3B61000
heap
page read and write
BB8F000
stack
page read and write
2723000
heap
page read and write
85BF000
stack
page read and write
1EFA000
heap
page read and write
150F000
unkown
page read and write
225E4106000
heap
page read and write
5FE79000
unkown
page execute read
788000
heap
page read and write
5560000
heap
page read and write
1AA8000
unkown
page read and write
5C9C000
stack
page read and write
1509EA77000
heap
page read and write
225E3952000
heap
page read and write
225E3973000
heap
page read and write
631E000
stack
page read and write
1B5386EA000
heap
page read and write
5B70000
heap
page read and write
1BE1000
direct allocation
page read and write
2726000
heap
page read and write
7ED000
heap
page read and write
212B000
stack
page read and write
1EAE000
unkown
page readonly
1AF1000
unkown
page read and write
225E410A000
heap
page read and write
BF8F000
stack
page read and write
4D27000
direct allocation
page read and write
225E390E000
heap
page read and write
3CE1000
heap
page read and write
1F30000
heap
page read and write
1F4D000
unkown
page readonly
33CE000
stack
page read and write
1B53A871000
heap
page read and write
7CDE0000
direct allocation
page read and write
225E3980000
heap
page read and write
B0ACE7B000
stack
page read and write
15BC000
unkown
page read and write
37E1000
direct allocation
page read and write
1AA5000
unkown
page read and write
1515000
unkown
page read and write
205C000
direct allocation
page read and write
B0AD07B000
stack
page read and write
7FF7C99A0000
unkown
page readonly
2B11000
heap
page read and write
1B59000
unkown
page read and write
225E400A000
heap
page read and write
1509F8D0000
trusted library section
page readonly
2070000
heap
page read and write
1EFA000
heap
page read and write
B0ACC7E000
stack
page read and write
1A94000
heap
page read and write
225E3953000
heap
page read and write
1F31000
heap
page read and write
26DF000
heap
page read and write
208A000
heap
page read and write
There are 2469 hidden memdumps, click here to show them.