diff --git a/malware-tech_ref_and_memo.md b/malware-tech_ref_and_memo.md
index fba4f89..65a3882 100644
--- a/malware-tech_ref_and_memo.md
+++ b/malware-tech_ref_and_memo.md
@@ -308,18 +308,20 @@ New-Object System.IO.Compression.DeflateStream([iO.mEmoRySTream] [sysTEM.ConVert
 - 利用されるWin32API
     - RegSetValue
 - 利用されるレジストリ
-    - HKCU\Software\Microsoft\Windows\CurrentVersion\Run
-    - HKLM\Software\Microsoft\Windows\CurrentVersion\Run
-    - HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
-    - HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
-    - HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
-    - HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
-    - HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
-    - HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
-    - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
-    - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
-    - HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
-    - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+```
+- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+- HKLM\Software\Microsoft\Windows\CurrentVersion\Run
+- HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
+- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
+- HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
+- HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
+- HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
+- HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
+- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
+- HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
+- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
+- HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+```
 
 # Shell Backdoor
 - Web Shell等