Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
sample.doc
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: SANS Institute Student,
Template: Normal.dotm, Last Saved By: SANS Institute Student, Revision Number: 5, Name of Creating Application: Microsoft
Office Word, Total Editing Time: 06:00, Create Time/Date: Thu Mar 16 14:36:00 2023, Last Saved Time/Date: Tue Mar 28 15:30:00
2023, Number of Pages: 1, Number of Words: 165, Number of Characters: 941, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_39.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_39RegularVersion 4.39;O365
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRF{AB7C7B4B-3594-4A4F-9111-C24D4F87982E}.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{ED2468CA-BADC-4085-835D-05D59199ADA5}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1714056890196467600_E3459BC0-629C-4192-A769-1F1564BB480B.log
|
ASCII text, with very long lines (6515), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB5FF.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB5FF.tmp\chevronaccent.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB600.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB600.tmp\PictureFrame.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB611.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB611.tmp\harvardanglia2008officeonline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB621.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB621.tmp\gostname.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB622.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB622.tmp\ConvergingText.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB633.tmp\CircleProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB633.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB644.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB644.tmp\gosttitle.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB655.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB655.tmp\Equations.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB66D.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB66D.tmp\iso690.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB66E.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB66E.tmp\sist02.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB67F.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB67F.tmp\RadialPictureList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB68F.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB68F.tmp\VaryingWidthList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6A0.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6A0.tmp\ThemePictureAlternatingAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6B0.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6B0.tmp\TabList.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6B1.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6B1.tmp\ThemePictureGrid.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6C2.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6C2.tmp\ThemePictureAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6D3.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6D3.tmp\pictureorgchart.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6E3.tmp\BracketList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB6E3.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB704.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB704.tmp\architecture.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB733.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB733.tmp\iso690nmerical.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB783.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB783.tmp\ieee2006officeonline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB801.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB801.tmp\gb.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB811.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB811.tmp\Text Sidebar (Annual Report Red and Black design).docx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB95A.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB95A.tmp\InterconnectedBlockProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB95B.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB95B.tmp\HexagonRadial.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB97E.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB97E.tmp\turabian.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB9A0.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB9A0.tmp\mlaseventheditionofficeonline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB9C4.tmp\Dividend.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB9C4.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB9D5.tmp\Banded.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDB9D5.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA05.tmp\Metropolitan.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA05.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA06.tmp\View.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA06.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA16.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA16.tmp\chicago.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA17.tmp\APASixthEditionOfficeOnline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA17.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA37.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA37.tmp\TabbedArc.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA48.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA48.tmp\rings.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA5B.tmp\Frame.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA5B.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA8B.tmp\Savon.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA8B.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA9B.tmp\Basis.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBA9B.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBADB.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBADB.tmp\Element design set.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBB0B.tmp\Wood_Type.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBB0B.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBB1B.tmp\Quotable.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBB1B.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBB8C.tmp\Berlin.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBB8C.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBBDC.tmp\Circuit.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBBDC.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBC1F.tmp\Slate.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBC1F.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBC3F.tmp\Droplet.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBC3F.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBCAE.tmp\Main_Event.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBCAE.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBCDE.tmp\Mesh.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBCDE.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBD31.tmp\Damask.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBD31.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBD70.tmp\Parallax.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBD70.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBDA0.tmp\Parcel.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBDA0.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBDFF.tmp\Vapor_Trail.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBDFF.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBE10.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBE10.tmp\Insight design set.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBF3A.tmp\Gallery.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDBF3A.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB52D.tmp
|
Microsoft Cabinet archive data, many, 18672 bytes, 2 files, at 0x4c "APASixthEditionOfficeOnline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB53D.tmp
|
Microsoft Cabinet archive data, many, 30269 bytes, 2 files, at 0x4c "Text Sidebar (Annual Report Red and Black design).docx",
iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB54E.tmp
|
Microsoft Cabinet archive data, many, 12767 bytes, 2 files, at 0x4c "ieee2006officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB54F.tmp
|
Microsoft Cabinet archive data, many, 15691 bytes, 2 files, at 0x4c "gb.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags
0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB550.tmp
|
Microsoft Cabinet archive data, many, 15418 bytes, 2 files, at 0x4c "harvardanglia2008officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB551.tmp
|
Microsoft Cabinet archive data, many, 15338 bytes, 2 files, at 0x4c "gosttitle.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB552.tmp
|
Microsoft Cabinet archive data, many, 15327 bytes, 2 files, at 0x4c "sist02.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB553.tmp
|
Microsoft Cabinet archive data, many, 15461 bytes, 2 files, at 0x4c "gostname.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB564.tmp
|
Microsoft Cabinet archive data, many, 19375 bytes, 2 files, at 0x4c "turabian.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB565.tmp
|
Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB566.tmp
|
Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB567.tmp
|
Microsoft Cabinet archive data, many, 14864 bytes, 2 files, at 0x4c "mlaseventheditionofficeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB568.tmp
|
Microsoft Cabinet archive data, many, 27509 bytes, 2 files, at 0x4c "Equations.dotx", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB569.tmp
|
Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB56A.tmp
|
Microsoft Cabinet archive data, many, 14813 bytes, 2 files, at 0x4c "iso690nmerical.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 7 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB57A.tmp
|
Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB57B.tmp
|
Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB57C.tmp
|
Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB57D.tmp
|
Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB57E.tmp
|
Microsoft Cabinet archive data, many, 16689 bytes, 2 files, at 0x4c "iso690.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB57F.tmp
|
Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB590.tmp
|
Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB591.tmp
|
Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x4c "chicago.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 10 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB645.tmp
|
Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB656.tmp
|
Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB657.tmp
|
Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB658.tmp
|
Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB659.tmp
|
Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB65A.tmp
|
Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB65B.tmp
|
Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB65C.tmp
|
Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB97C.tmp
|
Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB97D.tmp
|
Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB98E.tmp
|
Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778,
number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB98F.tmp
|
Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB9A1.tmp
|
Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID
19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB9A2.tmp
|
Microsoft Cabinet archive data, many, 26644 bytes, 2 files, at 0x4c "Element design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB9A3.tmp
|
Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169,
number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabB9B3.tmp
|
Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885,
number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBA49.tmp
|
Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609,
number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBA5A.tmp
|
Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBB4B.tmp
|
Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBB7B.tmp
|
Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309,
number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBB8D.tmp
|
Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969,
number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBBEC.tmp
|
Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417,
number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBBED.tmp
|
Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852,
number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBBFE.tmp
|
Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID
59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBBFF.tmp
|
Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129,
number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBCEE.tmp
|
Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081,
number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBCEF.tmp
|
Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500,
number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBCF0.tmp
|
Microsoft Cabinet archive data, many, 3400898 bytes, 2 files, at 0x4c "Insight design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 106 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBCF1.tmp
|
Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID
19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabBEDC.tmp
|
Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349,
number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF96A372850DCF2672.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFD05774B9BC4E7214.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Thu Apr 25 13:54:50
2024, mtime=Thu Apr 25 13:55:55 2024, atime=Thu Apr 25 13:55:55 2024, length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
Generic INItialization configuration [folders]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\sample.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Oct 4 11:02:26
2023, mtime=Thu Apr 25 13:54:53 2024, atime=Thu Apr 25 13:54:48 2024, length=2987008, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging
Text]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected
Block Process]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization
Chart]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture
Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture
Alternating Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture
Grid]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl
(copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl
(copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text
Sidebar (Annual Report Red and Black design)]].docx (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\Desktop\~$sample.doc
|
data
|
dropped
|
There are 221 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
7g<
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AutoRecoverySaveIntervalMetadata
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
EcsRequestPending
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
SubscriptionCustomerLicenseInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
ACUpdated
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
DefaultKerningLigatures
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\WEF
|
Word_RequireForceRefreshAtBoot
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
#r<
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\FileBlock
|
FileTypeBlockList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\FileBlock
|
OoxmlConverterBlockList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\285B1
|
285B1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ExdCache\Word8.0
|
MSForms
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ExdCache\Word8.0
|
MSComctlLib
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
|
EnableActiveXControlArchitetureIndependent
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
|
EnableActiveXControlMSWebBrowserArchiteturePersistenceIssue
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{B3B222F3-6A5A-47FB-98B0-FA9D06135912}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{B3B222F3-6A5A-47FB-98B0-FA9D06135912}\2.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{B3B222F3-6A5A-47FB-98B0-FA9D06135912}\2.0\FLAGS
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{B3B222F3-6A5A-47FB-98B0-FA9D06135912}\2.0\0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{B3B222F3-6A5A-47FB-98B0-FA9D06135912}\2.0\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{B3B222F3-6A5A-47FB-98B0-FA9D06135912}\2.0\HELPDIR
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
BuildNumber
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.9
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.10
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.11
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.13
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.14
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.16
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.17
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.18
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.19
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.20
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.21
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.22
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.23
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.24
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.25
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.26
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.27
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.28
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
VersionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
ETag
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
DeferredConfigs
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
ConfigIds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming\Identities\Anonymous\Settings\1342\{00000000-0000-0000-0000-000000000000}
|
Placeholder
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming\Identities\Anonymous\Settings\1342\{00000000-0000-0000-0000-000000000000}\PendingChanges
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Draw
|
InkToolboxPensWordV2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800ED18439C7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851216
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328884
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090430
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457444
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033917
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328893
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328905
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851217
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328908
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328916
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033921
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457464
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998158
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM01840907
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457475
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001114
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851218
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851219
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851220
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851221
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851222
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998159
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851223
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851224
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033927
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457485
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457491
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851225
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457496
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001115
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328932
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328935
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457503
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328940
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328998
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457510
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851227
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033929
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328972
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328951
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM02835233
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328975
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328983
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328986
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851226
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033937
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328990
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457515
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090434
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTimeWord
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTimeWord
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency
|
PotentialDataLossInfo2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Extensions
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Cambria Math
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Calibri
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\2FDCF
|
2FDCF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
File Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
Datetime
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
Position
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Data
|
Toolbars
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Toolbars\Settings
|
Microsoft Word
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Times New Roman
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Calibri Light
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Wingdings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Data
|
Settings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
VisiForceField
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
IgnoreFilenamesEmailAliases
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AutoSpell
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
NoContextSpell
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
InsPic
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
SoundFeedback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
BkgrndPag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
ATUserAdded
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AccentOnUpper
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AppWindowPos
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AppWindowPosKey
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Signals\Stats\Anonymous\Microsoft.Word.Document
|
ClicksData
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
msoridShouldUseReauthRequestProxy
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
LicenseCategoryInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
LicenseSKUInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{B3B222F3-6A5A-47FB-98B0-FA9D06135912}\2.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{B3B222F3-6A5A-47FB-98B0-FA9D06135912}\2.0\FLAGS
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{B3B222F3-6A5A-47FB-98B0-FA9D06135912}\2.0\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{B3B222F3-6A5A-47FB-98B0-FA9D06135912}\2.0\HELPDIR
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
Expires
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming\Identities\Anonymous\Settings\1342\{00000000-0000-0000-0000-000000000000}\PendingChanges
|
Data
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328940
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328990
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328972
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328884
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328935
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851223
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328893
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851220
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851219
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM02835233
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851218
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM01840907
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851225
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457464
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851226
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090430
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328932
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328951
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328975
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328998
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457475
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851222
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328983
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851227
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328916
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328908
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457510
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851216
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457444
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328986
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851224
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851221
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998158
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457515
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328905
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457491
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851217
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033917
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090434
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457503
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033929
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033927
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033921
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457485
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001115
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457496
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033937
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998159
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001114
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTimeWord
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Extensions
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\285B1
|
285B1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency
|
PotentialDataLossInfo2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\6620
|
0
|
There are 392 hidden registries, click here to show them.