IOC Report
PO-00006799868.xls

loading gif

Files

File Path
Type
Category
Malicious
PO-00006799868.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 10 12:40:54 2024, Security: 1
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\taskhostw[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{8ACACCBE-F49B-438C-81AF-59EF5D64236E}.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 malicious
C:\Users\user\AppData\Local\directory\name.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\7al0eY.url
MS Windows 95 Internet shortcut text (URL=<https://shuvi.io/7al0eY>), ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\shuvi.io.url
MS Windows 95 Internet shortcut text (URL=<https://shuvi.io/>), ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs
data
dropped
 malicious
C:\Users\user\AppData\Roaming\taskhostw.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Desktop\PO-00006799868.xls (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Sat Oct 12 15:40:15 2024, Security: 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\wecreatednewthigsforsuccessfulljournecyr________verynicepeoplesetirethigstogoformegreat________________nnicwaytoentreithigntochangewithmegreat[1].doc
Rich Text Format data, version 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\10EEF389.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\135D5E9C.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\14B4F450.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\329827A8.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\54DB6EDE.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6CABF5ED.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\90FF1547.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\96632497.doc
Rich Text Format data, version 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5E97EAB0-20B9-4BC8-840D-AF89CC135711}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{ED10E989-6710-496F-A882-ADFC8718EE13}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\Citlaltpetl
data
dropped
C:\Users\user\AppData\Local\Temp\aut1F25.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\aut1FE1.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\aut259B.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\aut2638.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\aut589C.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\aut5ADE.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\bhv35FF.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x1fad000f, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\slsrkklvishzfgljivqawntxyxjphjjhhw
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\teres
ASCII text, with very long lines (28674), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\{5DAD5114-8DEA-497E-ADB3-F2602CE15FDA}
data
dropped
C:\Users\user\AppData\Local\Temp\{C26A3DF4-1C3C-44DD-BDE3-B2D681DFE989}
data
dropped
C:\Users\user\AppData\Local\Temp\~DFCD702BC6860229DC.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFE2432C56C8FA8778.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFF2F9DC4D2772FBCE.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [xls]
modified
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\Desktop\68730000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Sat Oct 12 15:40:15 2024, Security: 1
dropped
C:\Users\user\Desktop\68730000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
There are 31 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Users\user\AppData\Roaming\taskhostw.exe
"C:\Users\user\AppData\Roaming\taskhostw.exe"
malicious
C:\Users\user\AppData\Local\directory\name.exe
"C:\Users\user\AppData\Roaming\taskhostw.exe"
malicious
C:\Windows\SysWOW64\svchost.exe
"C:\Users\user\AppData\Roaming\taskhostw.exe"
malicious
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe /stext "C:\Users\user\AppData\Local\Temp\slsrkklvishzfgljivqawntxyxjphjjhhw"
 malicious
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe /stext "C:\Users\user\AppData\Local\Temp\dnxjld"
 malicious
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe /stext "C:\Users\user\AppData\Local\Temp\nhlcmvhqk"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs"
malicious
C:\Users\user\AppData\Local\directory\name.exe
"C:\Users\user\AppData\Local\directory\name.exe"
malicious
C:\Windows\SysWOW64\svchost.exe
"C:\Users\user\AppData\Local\directory\name.exe"
malicious
There are 2 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://104.168.7.25/450/taskhostw.exennC:
unknown
 malicious
http://104.168.7.25/450/taskhostw.exe
104.168.7.25
 malicious
http://104.168.7.25/450/taskhostw.exegu4
unknown
 malicious
http://104.168.7.25/450/taskhostw.exedv
unknown
 malicious
http://geoplugin.net/json.gp
178.237.33.50
 malicious
http://104.168.7.25/xampp/ew/wecreatednewthigsforsuccessfulljournecyr________verynicepeoplesetirethigstogoformegreat________________nnicwaytoentreithigntochangewithmegreat.doc
104.168.7.25
 malicious
http://104.168.7.25/450/taskhostw.exej
unknown
 malicious
107.173.4.16
malicious
http://b.scorecardresearch.com/beacon.js
unknown
http://acdn.adnxs.com/ast/ast.js
unknown
http://www.imvu.comr
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_
unknown
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
unknown
https://shuvi.io/
unknown
https://support.google.com/chrome/?p=plugin_flash
unknown
http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
unknown
https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9
unknown
http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
unknown
http://www.nirsoft.netXB
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
http://cache.btrll.com/default/Pix-1x1.gif
unknown
http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683
unknown
https://www.google.com
unknown
http://geoplugin.net/json.gp/C
unknown
http://o.aolcdn.com/ads/adswrappermsni.js
unknown
http://cdn.taboola.com/libtrc/msn-home-network/loader.js
unknown
http://www.msn.com/?ocid=iehp
unknown
https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033
unknown
http://static.chartbeat.com/js/chartbeat.js
unknown
http://www.msn.com/de-de/?ocid=iehp
unknown
https://shuvi.io/7al0eYyX
unknown
http://geoplugin.net/json.gpR
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%
unknown
https://shuvi.io/7al0eY
188.114.96.3
http://www.nirsoft.net/
unknown
https://contextual.media.net/803288796/fcmain.js?&gdpr=1&cid=8CUT39MWR&cpcd=2K6DOtg60bLnBhB3D4RSbQ%3
unknown
http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683
unknown
http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(
unknown
https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_sh
unknown
http://cdn.taboola.com/libtrc/impl.thin.277-63-RELEASE.js
unknown
https://www.ccleaner.com/go/app_cc_pro_trialkey
unknown
https://support.google.com/chrome/?p=plugin_fl
unknown
https://contextual.media.net/8/nrrV73987.js
unknown
http://www.imvu.com
unknown
https://contextual.media.net/
unknown
http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
unknown
http://geoplugin.net/json.gp~
unknown
http://www.msn.com/
unknown
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
unknown
http://www.imvu.com/S
unknown
https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549
unknown
http://cdn.at.atwola.com/_media/uac/msn.html
unknown
http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fset
unknown
https://support.google.com/chrome/
unknown
https://policies.yahoo.com/w3c/p3p.xml
unknown
http://www.msn.com/advertisement.ad.js
unknown
http://www.ebuddy.com
unknown
There are 51 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
shuvi.io
188.114.96.3
 malicious
geoplugin.net
178.237.33.50
 malicious

IPs

IP
Domain
Country
Malicious
188.114.96.3
shuvi.io
European Union
malicious
104.168.7.25
unknown
United States
malicious
107.173.4.16
unknown
United States
malicious
178.237.33.50
geoplugin.net
Netherlands
malicious
188.114.97.3
unknown
European Union

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Rmc-FI789R
exepath
 malicious
HKEY_CURRENT_USER\Software\Rmc-FI789R
licence
 malicious
HKEY_CURRENT_USER\Software\Rmc-FI789R
time
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
100
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
2060
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1036
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2A44A
2A44A
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
f70
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\37916
37916
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\37A3E
37A3E
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\37ABB
37ABB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common
QMSessionCount
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\General
LastAutoSavePurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\37A3E
37A3E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
)-2
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
e.2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
Version
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
Count
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://shuvi.io/
Type
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://shuvi.io/
Protocol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://shuvi.io/
Version
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://shuvi.io/
Flags
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://shuvi.io/
CobaltMajorVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://shuvi.io/
CobaltMinorVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://shuvi.io/
MsDavExt
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://shuvi.io/
Expiration
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\https://shuvi.io/
EnableBHO
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
a82
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\333EC
333EC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
2060
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1036
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
2060
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 451 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
400000
system
page execute and read and write
 malicious
400000
system
page execute and read and write
 malicious
604000
heap
page read and write
 malicious
734000
heap
page read and write
 malicious
10B0000
direct allocation
page read and write
 malicious
10A0000
direct allocation
page read and write
 malicious
76A000
heap
page read and write
AC000
stack
page read and write
2DCE000
stack
page read and write
3F6F000
stack
page read and write
2B5A000
direct allocation
page read and write
3720000
trusted library allocation
page read and write
1D79000
heap
page read and write
1C7D000
heap
page read and write
190000
trusted library allocation
page read and write
264000
unkown
page readonly
526000
heap
page read and write
2D90000
direct allocation
page read and write
764000
heap
page read and write
31CB000
heap
page read and write
16B000
stack
page read and write
B19000
heap
page read and write
7A4000
heap
page read and write
2DA1000
direct allocation
page read and write
534000
heap
page read and write
3720000
trusted library allocation
page read and write
1FB0000
heap
page read and write
2AD000
heap
page read and write
B0A000
heap
page read and write
4270000
trusted library allocation
page read and write
555000
heap
page read and write
2200000
trusted library allocation
page read and write
550000
heap
page read and write
2366000
heap
page read and write
90B000
heap
page read and write
2CC0000
direct allocation
page read and write
762000
heap
page read and write
9A7000
heap
page read and write
569000
heap
page read and write
459000
system
page execute and read and write
A6A000
heap
page read and write
65F000
heap
page read and write
9DB000
heap
page read and write
2560000
trusted library allocation
page read and write
2D40000
direct allocation
page read and write
637000
heap
page read and write
2CD7000
direct allocation
page read and write
18A000
stack
page read and write
476000
heap
page read and write
541000
heap
page read and write
346000
heap
page read and write
49C000
heap
page read and write
876000
heap
page read and write
432000
heap
page read and write
2671000
heap
page read and write
1BD000
stack
page read and write
2CE0000
direct allocation
page read and write
7B6000
heap
page read and write
2A80000
direct allocation
page read and write
764000
heap
page read and write
28B000
stack
page read and write
EE2000
heap
page read and write
7E8000
heap
page read and write
99A000
heap
page read and write
310000
heap
page read and write
244F000
stack
page read and write
3720000
trusted library allocation
page read and write
89000
stack
page read and write
4270000
trusted library allocation
page read and write
46E000
stack
page read and write
4270000
trusted library allocation
page read and write
3770000
heap
page read and write
58B000
heap
page read and write
2CD4000
direct allocation
page read and write
2CD7000
direct allocation
page read and write
2ACF000
stack
page read and write
68E000
heap
page read and write
67E000
stack
page read and write
2CB0000
direct allocation
page read and write
10000
heap
page read and write
4270000
trusted library allocation
page read and write
40AF000
stack
page read and write
240000
heap
page read and write
7A4000
heap
page read and write
245F000
stack
page read and write
2D40000
direct allocation
page read and write
20CE000
stack
page read and write
2D90000
direct allocation
page read and write
2CB0000
direct allocation
page read and write
3B6D000
stack
page read and write
396D000
stack
page read and write
2A80000
direct allocation
page read and write
31C1000
heap
page read and write
25DF000
stack
page read and write
2D60000
heap
page read and write
2CB0000
direct allocation
page read and write
597000
heap
page read and write
2BE0000
direct allocation
page read and write
2A50000
direct allocation
page read and write
51F000
heap
page read and write
2560000
heap
page read and write
1314000
unkown
page readonly
243000
heap
page read and write
9C000
stack
page read and write
56C000
heap
page read and write
6E2000
heap
page read and write
71A000
heap
page read and write
255E000
stack
page read and write
29D000
heap
page read and write
3720000
trusted library allocation
page read and write
6A0000
heap
page read and write
1FF000
stack
page read and write
4FE000
heap
page read and write
E20000
heap
page read and write
1260000
unkown
page readonly
2CC0000
direct allocation
page read and write
20C0000
heap
page read and write
2A80000
direct allocation
page read and write
2B5A000
direct allocation
page read and write
26E000
unkown
page write copy
2CD4000
direct allocation
page read and write
2CD7000
direct allocation
page read and write
2BD000
heap
page read and write
3D2D000
stack
page read and write
478000
heap
page read and write
4A0000
heap
page read and write
534000
heap
page read and write
3BF000
unclassified section
page execute and read and write
131E000
unkown
page write copy
9A0000
heap
page read and write
755000
heap
page read and write
131E000
unkown
page write copy
2D38000
heap
page read and write
32B9000
unclassified section
page execute and read and write
2CD1000
direct allocation
page read and write
4E0000
heap
page read and write
2CD4000
direct allocation
page read and write
458000
heap
page read and write
4F7000
heap
page read and write
1327000
unkown
page readonly
43B000
heap
page read and write
2561000
heap
page read and write
2B5D000
direct allocation
page read and write
2B5D000
direct allocation
page read and write
2F61000
heap
page read and write
6B1000
heap
page read and write
7C9000
heap
page read and write
83C000
stack
page read and write
7BC000
heap
page read and write
4FA000
heap
page read and write
710000
heap
page read and write
166000
stack
page read and write
2CE0000
direct allocation
page read and write
3A6F000
stack
page read and write
277000
unkown
page readonly
400000
system
page execute and read and write
371C000
stack
page read and write
1F0000
heap
page read and write
A49000
heap
page read and write
2C6000
heap
page read and write
4270000
trusted library allocation
page read and write
6DB000
heap
page read and write
2DA7000
direct allocation
page read and write
4270000
trusted library allocation
page read and write
2CD1000
direct allocation
page read and write
3260000
unclassified section
page execute and read and write
6EF000
stack
page read and write
7E8000
heap
page read and write
2380000
heap
page read and write
184000
stack
page read and write
4270000
trusted library allocation
page read and write
1DC000
stack
page read and write
2B5A000
direct allocation
page read and write
7EC000
heap
page read and write
51B000
heap
page read and write
45D000
system
page execute and read and write
2BE0000
direct allocation
page read and write
6E9000
heap
page read and write
6EB000
heap
page read and write
257F000
stack
page read and write
412000
heap
page read and write
2B5A000
direct allocation
page read and write
25BD000
heap
page read and write
3336000
unclassified section
page execute and read and write
590000
heap
page read and write
523000
heap
page read and write
A2A000
heap
page read and write
6C2000
heap
page read and write
412000
heap
page read and write
65F000
stack
page read and write
1327000
unkown
page readonly
997000
heap
page read and write
5E6000
heap
page read and write
6C2000
heap
page read and write
408000
heap
page read and write
458000
heap
page read and write
F00000
heap
page read and write
3BAF000
stack
page read and write
51F000
heap
page read and write
3BCD000
stack
page read and write
2B03000
direct allocation
page read and write
2CE0000
direct allocation
page read and write
3EE000
heap
page read and write
530000
heap
page read and write
2CD4000
direct allocation
page read and write
766000
heap
page read and write
3720000
trusted library allocation
page read and write
200000
heap
page read and write
2B5D000
direct allocation
page read and write
23F000
unkown
page readonly
1322000
unkown
page write copy
32D3000
unclassified section
page execute and read and write
3BA000
stack
page read and write
2DA4000
direct allocation
page read and write
2CD1000
direct allocation
page read and write
76B000
heap
page read and write
285D000
stack
page read and write
4270000
trusted library allocation
page read and write
2CC0000
direct allocation
page read and write
3060000
heap
page read and write
541000
heap
page read and write
3182000
heap
page read and write
76A000
heap
page read and write
2560000
trusted library allocation
page read and write
2FD8000
heap
page read and write
6C2000
heap
page read and write
49C000
heap
page read and write
2330000
heap
page read and write
2A80000
direct allocation
page read and write
7DF000
heap
page read and write
EC4000
heap
page read and write
2B5D000
direct allocation
page read and write
23E2000
heap
page read and write
590000
heap
page read and write
25F000
stack
page read and write
2CE0000
direct allocation
page read and write
476000
heap
page read and write
27F000
stack
page read and write
C20000
heap
page read and write
2CD7000
direct allocation
page read and write
A6B000
heap
page read and write
4270000
trusted library allocation
page read and write
550000
heap
page read and write
3BE0000
heap
page read and write
5F7000
heap
page read and write
2D90000
direct allocation
page read and write
8C000
stack
page read and write
7B7000
heap
page read and write
322C000
heap
page read and write
692000
heap
page read and write
1261000
unkown
page execute read
AA0000
heap
page read and write
33D000
stack
page read and write
37B4000
heap
page read and write
2B5D000
direct allocation
page read and write
2B5D000
direct allocation
page read and write
2B5A000
direct allocation
page read and write
2CC0000
direct allocation
page read and write
764000
heap
page read and write
1B0000
trusted library allocation
page read and write
99A000
heap
page read and write
1E6000
heap
page read and write
76A000
heap
page read and write
1260000
unkown
page readonly
540000
heap
page read and write
182000
stack
page read and write
1190000
heap
page read and write
E00000
heap
page read and write
2A80000
direct allocation
page read and write
456000
system
page execute and read and write
3720000
trusted library allocation
page read and write
2CA0000
direct allocation
page read and write
A4A000
heap
page read and write
6C4000
heap
page read and write
32E0000
unclassified section
page execute and read and write
1FAE000
stack
page read and write
287000
heap
page read and write
3720000
trusted library allocation
page read and write
85D000
stack
page read and write
2CD7000
direct allocation
page read and write
1B1000
unkown
page execute read
2D3F000
stack
page read and write
2DB0000
direct allocation
page read and write
2BD0000
direct allocation
page read and write
1B1000
unkown
page execute read
4E9000
heap
page read and write
11A000
stack
page read and write
1261000
unkown
page execute read
AFA000
heap
page read and write
2A80000
direct allocation
page read and write
919000
heap
page read and write
24FE000
stack
page read and write
2DA1000
direct allocation
page read and write
2FD8000
heap
page read and write
2DA1000
direct allocation
page read and write
2C8E000
stack
page read and write
2CD7000
direct allocation
page read and write
4270000
trusted library allocation
page read and write
10000
heap
page read and write
523000
heap
page read and write
51F000
heap
page read and write
7B2000
heap
page read and write
4FA000
heap
page read and write
2D40000
direct allocation
page read and write
10000
heap
page read and write
2D40000
direct allocation
page read and write
2CA0000
direct allocation
page read and write
3FA000
heap
page read and write
1A0000
direct allocation
page execute and read and write
B1A000
heap
page read and write
2560000
trusted library allocation
page read and write
2E0000
heap
page read and write
2B5A000
direct allocation
page read and write
29D0000
direct allocation
page read and write
69E000
heap
page read and write
10000
heap
page read and write
91B000
heap
page read and write
5D4000
heap
page read and write
76A000
heap
page read and write
C26000
heap
page read and write
2DB0000
direct allocation
page read and write
41AF000
stack
page read and write
3730000
heap
page read and write
6BE000
stack
page read and write
2CA0000
direct allocation
page read and write
4A0000
heap
page read and write
523000
heap
page read and write
6B5000
heap
page read and write
322F000
heap
page read and write
A6A000
heap
page read and write
3720000
trusted library allocation
page read and write
458000
heap
page read and write
1322000
unkown
page write copy
4230000
heap
page read and write
2F61000
heap
page read and write
10001000
direct allocation
page execute and read and write
764000
heap
page read and write
7A4000
heap
page read and write
431000
heap
page read and write
6A5000
heap
page read and write
50E000
stack
page read and write
4270000
trusted library allocation
page read and write
534000
heap
page read and write
53D000
heap
page read and write
1314000
unkown
page readonly
2D90000
direct allocation
page read and write
56C000
heap
page read and write
3052000
heap
page read and write
4270000
trusted library allocation
page read and write
2B5A000
direct allocation
page read and write
406F000
stack
page read and write
2CB0000
direct allocation
page read and write
3A0000
unclassified section
page execute and read and write
290000
heap
page read and write
2F60000
heap
page read and write
480000
heap
page read and write
1F8000
stack
page read and write
2D30000
heap
page read and write
41F000
system
page execute and read and write
AFA000
heap
page read and write
436000
heap
page read and write
7BE000
heap
page read and write
1E50000
direct allocation
page read and write
2CD1000
direct allocation
page read and write
9C4000
heap
page read and write
280000
heap
page read and write
2E10000
direct allocation
page read and write
2CD4000
direct allocation
page read and write
277000
unkown
page readonly
2A80000
direct allocation
page read and write
2CC0000
direct allocation
page read and write
2CA0000
direct allocation
page read and write
1327000
unkown
page readonly
91E000
heap
page read and write
A2B000
heap
page read and write
A57000
heap
page read and write
2A5000
heap
page read and write
A6A000
heap
page read and write
174000
heap
page read and write
83A000
stack
page read and write
2B5A000
direct allocation
page read and write
988000
heap
page read and write
396000
heap
page read and write
7FC000
heap
page read and write
3BF0000
heap
page read and write
478000
heap
page read and write
12EF000
unkown
page readonly
2BE0000
direct allocation
page read and write
2BE0000
direct allocation
page read and write
31B7000
heap
page read and write
2DA7000
direct allocation
page read and write
8F4000
heap
page read and write
5E0000
heap
page read and write
4EA000
heap
page read and write
10000
heap
page read and write
478000
heap
page read and write
3720000
trusted library allocation
page read and write
2672000
heap
page read and write
A6A000
heap
page read and write
7E3000
heap
page read and write
531000
heap
page read and write
2BD0000
direct allocation
page read and write
1E0000
heap
page read and write
43B000
heap
page read and write
2DA7000
direct allocation
page read and write
40C000
heap
page read and write
70F000
stack
page read and write
DB4000
heap
page read and write
2D40000
direct allocation
page read and write
170000
heap
page read and write
280000
heap
page read and write
490000
heap
page read and write
2E10000
direct allocation
page read and write
2D90000
direct allocation
page read and write
2F61000
heap
page read and write
27D000
stack
page read and write
A1A000
heap
page read and write
4270000
trusted library allocation
page read and write
49C000
heap
page read and write
2DB0000
direct allocation
page read and write
2DB0000
direct allocation
page read and write
A1A000
heap
page read and write
433000
heap
page read and write
56C000
heap
page read and write
555000
heap
page read and write
322F000
heap
page read and write
7FB000
heap
page read and write
140000
heap
page read and write
2CB0000
direct allocation
page read and write
3720000
trusted library allocation
page read and write
764000
heap
page read and write
4FE000
heap
page read and write
7FB000
heap
page read and write
4F1000
heap
page read and write
25D000
heap
page read and write
2DB0000
direct allocation
page read and write
2E10000
direct allocation
page read and write
7B0000
heap
page read and write
340000
heap
page read and write
5D6000
heap
page read and write
333C000
unclassified section
page execute and read and write
474000
system
page execute and read and write
51F000
heap
page read and write
2FD000
stack
page read and write
2CD1000
direct allocation
page read and write
7BE000
heap
page read and write
F0000
heap
page read and write
216E000
stack
page read and write
478000
heap
page read and write
4FA000
heap
page read and write
1314000
unkown
page readonly
23C0000
heap
page read and write
31CB000
heap
page read and write
170000
direct allocation
page read and write
244000
heap
page read and write
82A000
heap
page read and write
2990000
heap
page read and write
1314000
unkown
page readonly
24EF000
stack
page read and write
A68000
heap
page read and write
2DA1000
direct allocation
page read and write
4270000
trusted library allocation
page read and write
8C000
stack
page read and write
2B5D000
direct allocation
page read and write
DD2000
heap
page read and write
2D0D000
stack
page read and write
2BE0000
direct allocation
page read and write
2D40000
direct allocation
page read and write
5B5000
heap
page read and write
4CE000
stack
page read and write
478000
system
page execute and read and write
400000
system
page execute and read and write
5BE000
stack
page read and write
2E10000
direct allocation
page read and write
478000
heap
page read and write
45C000
system
page execute and read and write
235F000
stack
page read and write
2A0000
heap
page read and write
262000
heap
page read and write
431000
heap
page read and write
2DA4000
direct allocation
page read and write
17F000
stack
page read and write
2E10000
direct allocation
page read and write
458000
heap
page read and write
379F000
heap
page read and write
12EF000
unkown
page readonly
221E000
stack
page read and write
247E000
stack
page read and write
755000
heap
page read and write
99B000
heap
page read and write
4FE000
heap
page read and write
1AC000
stack
page read and write
4A0000
heap
page read and write
1D5C000
heap
page read and write
24EF000
stack
page read and write
253000
heap
page read and write
99A000
heap
page read and write
759000
heap
page read and write
431000
heap
page read and write
3BF000
stack
page read and write
B0000
direct allocation
page execute and read and write
654000
heap
page read and write
2A80000
direct allocation
page read and write
2CE0000
direct allocation
page read and write
131E000
unkown
page read and write
A2A000
heap
page read and write
7BE000
heap
page read and write
7EB000
heap
page read and write
1C78000
heap
page read and write
2DA1000
direct allocation
page read and write
1260000
unkown
page readonly
80B000
heap
page read and write
2BA000
heap
page read and write
21FF000
stack
page read and write
51B000
heap
page read and write
3CDE000
stack
page read and write
99A000
heap
page read and write
51B000
heap
page read and write
2580000
heap
page read and write
2CE0000
direct allocation
page read and write
4FE000
heap
page read and write
3153000
heap
page read and write
5E7000
heap
page read and write
478000
system
page execute and read and write
4F1000
heap
page read and write
2A80000
direct allocation
page read and write
53A000
heap
page read and write
2DA7000
direct allocation
page read and write
7E8000
heap
page read and write
2BD0000
direct allocation
page read and write
2560000
trusted library allocation
page read and write
76A000
heap
page read and write
4270000
trusted library allocation
page read and write
3720000
trusted library allocation
page read and write
523000
heap
page read and write
4E0000
heap
page read and write
1260000
unkown
page readonly
56C000
heap
page read and write
12EF000
unkown
page readonly
7E4000
heap
page read and write
2500000
trusted library allocation
page read and write
49C000
heap
page read and write
131E000
unkown
page read and write
9EE000
heap
page read and write
A3D000
heap
page read and write
66F000
stack
page read and write
378D000
heap
page read and write
10000
heap
page read and write
2D3B000
heap
page read and write
3B0000
heap
page read and write
709000
heap
page read and write
520000
heap
page read and write
67A000
stack
page read and write
41B000
system
page execute and read and write
10016000
direct allocation
page execute and read and write
51F000
heap
page read and write
2B5A000
direct allocation
page read and write
2A80000
direct allocation
page read and write
10000
heap
page read and write
2A80000
direct allocation
page read and write
48D000
heap
page read and write
4FE000
heap
page read and write
69D000
stack
page read and write
2DA4000
direct allocation
page read and write
476000
heap
page read and write
400000
system
page execute and read and write
3F2F000
stack
page read and write
526000
heap
page read and write
4270000
trusted library allocation
page read and write
10000
heap
page read and write
3720000
trusted library allocation
page read and write
759000
heap
page read and write
476000
heap
page read and write
12EF000
unkown
page readonly
9EE000
heap
page read and write
76A000
heap
page read and write
5CE000
stack
page read and write
51F000
heap
page read and write
23C4000
heap
page read and write
1261000
unkown
page execute read
A6A000
heap
page read and write
72E000
stack
page read and write
A3A000
heap
page read and write
717000
heap
page read and write
371E000
stack
page read and write
765000
heap
page read and write
3B7000
heap
page read and write
A67000
heap
page read and write
2B0000
heap
page read and write
3720000
trusted library allocation
page read and write
69F000
heap
page read and write
82F000
stack
page read and write
8D0000
heap
page read and write
2CD4000
direct allocation
page read and write
32BD000
unclassified section
page execute and read and write
4FE000
heap
page read and write
1261000
unkown
page execute read
21CE000
stack
page read and write
473000
system
page execute and read and write
23F0000
heap
page read and write
120000
heap
page read and write
26E000
unkown
page read and write
7BE000
heap
page read and write
2CD1000
direct allocation
page read and write
2B11000
direct allocation
page read and write
B0000
direct allocation
page execute and read and write
76A000
heap
page read and write
FA000
stack
page read and write
2BE0000
direct allocation
page read and write
10000000
direct allocation
page read and write
AFB000
heap
page read and write
2B5A000
direct allocation
page read and write
2DA4000
direct allocation
page read and write
2BD0000
direct allocation
page read and write
412000
heap
page read and write
3720000
trusted library allocation
page read and write
250000
heap
page read and write
525000
heap
page read and write
10000
heap
page read and write
3FF000
heap
page read and write
431000
heap
page read and write
56C000
heap
page read and write
1C7B000
heap
page read and write
3E2D000
stack
page read and write
272000
unkown
page write copy
528000
heap
page read and write
998000
heap
page read and write
4270000
trusted library allocation
page read and write
67C000
stack
page read and write
2A80000
direct allocation
page read and write
53B000
heap
page read and write
1B0000
unkown
page readonly
24C000
heap
page read and write
390000
heap
page read and write
8D7000
heap
page read and write
37AF000
heap
page read and write
81A000
heap
page read and write
4FA000
heap
page read and write
2B5D000
direct allocation
page read and write
2CA0000
direct allocation
page read and write
24FF000
stack
page read and write
5D0000
heap
page read and write
31FC000
heap
page read and write
99A000
heap
page read and write
3720000
trusted library allocation
page read and write
2DA7000
direct allocation
page read and write
764000
heap
page read and write
755000
heap
page read and write
31FB000
heap
page read and write
3720000
trusted library allocation
page read and write
76A000
heap
page read and write
6ED000
heap
page read and write
5F0000
heap
page read and write
236E000
stack
page read and write
264000
unkown
page readonly
A57000
heap
page read and write
1C60000
heap
page read and write
525000
heap
page read and write
29CF000
stack
page read and write
9E9000
heap
page read and write
474000
system
page execute and read and write
2BD0000
direct allocation
page read and write
7E4000
heap
page read and write
2CCE000
stack
page read and write
68F000
stack
page read and write
3720000
trusted library allocation
page read and write
410000
heap
page read and write
630000
heap
page read and write
718000
heap
page read and write
5DE000
heap
page read and write
764000
heap
page read and write
99A000
heap
page read and write
2D90000
direct allocation
page read and write
25FF000
stack
page read and write
1F1F000
stack
page read and write
DB0000
heap
page read and write
2DA1000
direct allocation
page read and write
2C3000
heap
page read and write
790000
heap
page read and write
23F000
unkown
page readonly
360000
heap
page read and write
1B0000
unkown
page readonly
766000
heap
page read and write
755000
heap
page read and write
2B5D000
direct allocation
page read and write
A6A000
heap
page read and write
2B5D000
direct allocation
page read and write
2E10000
direct allocation
page read and write
77E000
stack
page read and write
2DA4000
direct allocation
page read and write
6BD000
heap
page read and write
2513000
trusted library allocation
page read and write
2B5D000
direct allocation
page read and write
2DA7000
direct allocation
page read and write
2BA000
heap
page read and write
AEA000
heap
page read and write
56C000
heap
page read and write
2D34000
heap
page read and write
160000
heap
page read and write
412000
heap
page read and write
EC0000
heap
page read and write
52E000
heap
page read and write
2A0000
heap
page read and write
240000
heap
page read and write
6A7000
heap
page read and write
537000
heap
page read and write
1327000
unkown
page readonly
525000
heap
page read and write
36DC000
stack
page read and write
2C60000
heap
page read and write
2519000
trusted library allocation
page read and write
2B5A000
direct allocation
page read and write
91E000
heap
page read and write
2FD8000
heap
page read and write
5DA000
stack
page read and write
2B5A000
direct allocation
page read and write
988000
heap
page read and write
5FD000
stack
page read and write
10000
heap
page read and write
525000
heap
page read and write
81F000
stack
page read and write
2CB0000
direct allocation
page read and write
2B5D000
direct allocation
page read and write
81B000
heap
page read and write
AEA000
heap
page read and write
2CA0000
direct allocation
page read and write
43B000
heap
page read and write
2CC0000
direct allocation
page read and write
870000
heap
page read and write
756000
heap
page read and write
3720000
trusted library allocation
page read and write
20BE000
stack
page read and write
3AF000
stack
page read and write
DA0000
heap
page read and write
286000
stack
page read and write
2DA4000
direct allocation
page read and write
4270000
trusted library allocation
page read and write
4E2000
heap
page read and write
2DB0000
direct allocation
page read and write
9EB000
heap
page read and write
3BB000
unclassified section
page execute and read and write
43B000
heap
page read and write
2BD0000
direct allocation
page read and write
3061000
heap
page read and write
There are 734 hidden memdumps, click here to show them.