Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
week6.rtf
|
data
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRF{2123FD7F-1ADA-47BC-9754-0EB519570EDC}.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_39.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_39RegularVersion 4.39;O365
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{009A9F84-2409-4676-B0DF-BD8511B3333A}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{029BBBE6-EF8D-435E-9D69-A56631B23E7D}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{0998D8E1-0078-46B9-AA65-A2E2E3676FC2}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{21A82193-CD89-4A8B-8AA1-17CD3C8034E1}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{546B61F2-45E3-4234-AB8A-010928587D9D}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{7F8E50B6-C8A7-4012-AC90-FB0DE4AD8431}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{827BCD98-9113-4386-BE48-4C950E9D6780}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9DEB9672-E3E7-4557-9316-89144E8787BB}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B3EBDEFD-27F0-49F2-9936-EB0E1728CC3D}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B8ED2702-ED38-4093-B926-E1DA4AFE2CCD}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B9CB071C-85C5-43D2-A1C2-A81EC1E806A7}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{D2A06EB0-223A-4E5E-B42B-5BE5E697D0AA}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{DD1A0FFD-49C9-4643-B268-94C4806DF63C}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1714081481538667800_653C2292-9EF1-4ED2-A35B-F4C13E99AE5E.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1714081481539165700_653C2292-9EF1-4ED2-A35B-F4C13E99AE5E.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC305.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC305.tmp\pictureorgchart.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC345.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC345.tmp\gostname.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC357.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC357.tmp\TabbedArc.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC358.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC358.tmp\RadialPictureList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC369.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC369.tmp\ThemePictureAlternatingAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC36A.tmp\APASixthEditionOfficeOnline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC36A.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC37B.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC37B.tmp\ThemePictureGrid.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC39B.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC39B.tmp\ConvergingText.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC39C.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC39C.tmp\Equations.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC39D.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC39D.tmp\TabList.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3AE.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3AE.tmp\ieee2006officeonline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3AF.tmp\CircleProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3AF.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3B1.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3B1.tmp\VaryingWidthList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3C1.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3C1.tmp\InterconnectedBlockProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3C2.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3C2.tmp\Text Sidebar (Annual Report Red and Black design).docx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D3.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D3.tmp\sist02.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D4.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D4.tmp\architecture.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D5.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D5.tmp\iso690.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D6.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D6.tmp\mlaseventheditionofficeonline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D7.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D7.tmp\harvardanglia2008officeonline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D8.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D8.tmp\chicago.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D9.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3D9.tmp\PictureFrame.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3DA.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3DA.tmp\Element design set.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3EA.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3EA.tmp\chevronaccent.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3EB.tmp\BracketList.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3EB.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3EC.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3EC.tmp\iso690nmerical.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3FD.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3FD.tmp\HexagonRadial.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3FE.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC3FE.tmp\rings.glox
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC40F.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC40F.tmp\ThemePictureAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC420.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC420.tmp\gb.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC493.tmp\Dividend.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC493.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC4B4.tmp\Basis.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC4B4.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC4C5.tmp\Frame.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC4C5.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC4D5.tmp\Metropolitan.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC4D5.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC516.tmp\Wood_Type.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC516.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC555.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC555.tmp\gosttitle.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC566.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC566.tmp\turabian.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC596.tmp\Banded.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC596.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC5A6.tmp\View.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC5A6.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC5F6.tmp\Parallax.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC5F6.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC6D5.tmp\Berlin.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC6D5.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC6F5.tmp\Savon.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC6F5.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC6F6.tmp\Parcel.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC6F6.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC8EE.tmp\Circuit.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC8EE.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC920.tmp\Droplet.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC920.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC931.tmp\Gallery.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC931.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC992.tmp\Slate.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC992.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC9B2.tmp\Damask.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC9B2.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC9D3.tmp\Mesh.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDC9D3.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDCA33.tmp\Content.inf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDCA33.tmp\Insight design set.dotx
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDCAC1.tmp\Main_Event.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDCAC1.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDCAC2.tmp\Vapor_Trail.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDCAC2.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDCBAE.tmp\Quotable.thmx
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TCDCBAE.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Word8.0\MSComctlLib.exd
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC28B.tmp
|
Microsoft Cabinet archive data, many, 15691 bytes, 2 files, at 0x4c "gb.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags
0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC28C.tmp
|
Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x4c "chicago.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 10 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC28D.tmp
|
Microsoft Cabinet archive data, many, 15338 bytes, 2 files, at 0x4c "gosttitle.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC28E.tmp
|
Microsoft Cabinet archive data, many, 15418 bytes, 2 files, at 0x4c "harvardanglia2008officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC28F.tmp
|
Microsoft Cabinet archive data, many, 15461 bytes, 2 files, at 0x4c "gostname.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC290.tmp
|
Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC291.tmp
|
Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC292.tmp
|
Microsoft Cabinet archive data, many, 14864 bytes, 2 files, at 0x4c "mlaseventheditionofficeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC293.tmp
|
Microsoft Cabinet archive data, many, 16689 bytes, 2 files, at 0x4c "iso690.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2A3.tmp
|
Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2A4.tmp
|
Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2B5.tmp
|
Microsoft Cabinet archive data, many, 27509 bytes, 2 files, at 0x4c "Equations.dotx", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2E5.tmp
|
Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2E6.tmp
|
Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2E7.tmp
|
Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2E8.tmp
|
Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2E9.tmp
|
Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2EA.tmp
|
Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2EB.tmp
|
Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2FB.tmp
|
Microsoft Cabinet archive data, many, 12767 bytes, 2 files, at 0x4c "ieee2006officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2FC.tmp
|
Microsoft Cabinet archive data, many, 14813 bytes, 2 files, at 0x4c "iso690nmerical.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 7 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2FD.tmp
|
Microsoft Cabinet archive data, many, 15327 bytes, 2 files, at 0x4c "sist02.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2FE.tmp
|
Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC2FF.tmp
|
Microsoft Cabinet archive data, many, 19375 bytes, 2 files, at 0x4c "turabian.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC300.tmp
|
Microsoft Cabinet archive data, many, 18672 bytes, 2 files, at 0x4c "APASixthEditionOfficeOnline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC301.tmp
|
Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC302.tmp
|
Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC303.tmp
|
Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC304.tmp
|
Microsoft Cabinet archive data, many, 30269 bytes, 2 files, at 0x4c "Text Sidebar (Annual Report Red and Black design).docx",
iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC355.tmp
|
Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC356.tmp
|
Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC3B0.tmp
|
Microsoft Cabinet archive data, many, 26644 bytes, 2 files, at 0x4c "Element design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC410.tmp
|
Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC450.tmp
|
Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC461.tmp
|
Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC462.tmp
|
Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID
19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC472.tmp
|
Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169,
number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC4A3.tmp
|
Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885,
number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC4D6.tmp
|
Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778,
number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC5C7.tmp
|
Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081,
number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC6A3.tmp
|
Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC6A4.tmp
|
Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500,
number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC6A5.tmp
|
Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609,
number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC8BD.tmp
|
Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309,
number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC8DD.tmp
|
Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349,
number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC8DE.tmp
|
Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417,
number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC91E.tmp
|
Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969,
number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC91F.tmp
|
Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852,
number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC942.tmp
|
Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129,
number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC962.tmp
|
Microsoft Cabinet archive data, many, 3400898 bytes, 2 files, at 0x4c "Insight design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 106 datablocks, 0x1203 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC9C3.tmp
|
Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID
19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabC9D4.tmp
|
Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID
59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cabCB30.tmp
|
Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF66B5A4FE9949A25F.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
Generic INItialization configuration [folders]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\week6.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Apr 25 20:44:30
2024, mtime=Thu Apr 25 20:44:47 2024, atime=Thu Apr 25 20:44:39 2024, length=1147021, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging
Text]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected
Block Process]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization
Chart]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture
Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture
Alternating Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture
Grid]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl
(copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl
(copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text
Sidebar (Annual Report Red and Black design)]].docx (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\Desktop\~$week6.rtf
|
data
|
dropped
|
There are 229 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
|
||
|
C:\Windows\splwow64.exe
|
C:\Windows\splwow64.exe 12288
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://volafile.io/get/D3-IPntWw65mlQ/nature.exe
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\7488
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
%a?
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AutoRecoverySaveIntervalMetadata
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
EcsRequestPending
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
SubscriptionCustomerLicenseInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
ACUpdated
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
DefaultKerningLigatures
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\WEF
|
Word_RequireForceRefreshAtBoot
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
7k?
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\FileBlock
|
FileTypeBlockList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\FileBlock
|
OoxmlConverterBlockList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
BuildNumber
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.9
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.10
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.11
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.13
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.14
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.16
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.17
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.18
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.19
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.20
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.21
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.22
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.23
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.24
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.25
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.26
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.27
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.28
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
VersionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
ETag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
DeferredConfigs
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
ConfigIds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ExdCache\Word8.0
|
MSForms
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ExdCache\Word8.0
|
MSComctlLib
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
|
EnableActiveXControlArchitetureIndependent
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
|
EnableActiveXControlMSWebBrowserArchiteturePersistenceIssue
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTimeWord
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTimeWord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{A171DEC0-BF26-449D-AAF0-18761A13D292}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{A171DEC0-BF26-449D-AAF0-18761A13D292}\2.2
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{A171DEC0-BF26-449D-AAF0-18761A13D292}\2.2\FLAGS
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{A171DEC0-BF26-449D-AAF0-18761A13D292}\2.2\0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{A171DEC0-BF26-449D-AAF0-18761A13D292}\2.2\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{A171DEC0-BF26-449D-AAF0-18761A13D292}\2.2\HELPDIR
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A1-8586-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A1-8586-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\TypeLib
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\29830
|
29830
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming\Identities\Anonymous\Settings\1342\{00000000-0000-0000-0000-000000000000}
|
Placeholder
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming\Identities\Anonymous\Settings\1342\{00000000-0000-0000-0000-000000000000}\PendingChanges
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Draw
|
InkToolboxPensWordV2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851216
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328884
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090430
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457444
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033917
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328893
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328905
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851217
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328908
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328916
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033921
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457464
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998158
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM01840907
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457475
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001114
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851218
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851219
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851220
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851221
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851222
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998159
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851223
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851224
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033927
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457485
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457491
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851225
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457496
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001115
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328932
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328935
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457503
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328940
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328998
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457510
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851227
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033929
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328972
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328951
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM02835233
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328975
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328983
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328986
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851226
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033937
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328990
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457515
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090434
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800ED250FDDC
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Extensions
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Cambria Math
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Calibri
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\307D2
|
307D2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
File Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
Datetime
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
Position
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Data
|
Toolbars
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Toolbars\Settings
|
Microsoft Word
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
msoridShouldUseReauthRequestProxy
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\7488
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\7488
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\7488
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\7488
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\7488
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\7488
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
LicenseCategoryInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
LicenseSKUInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\7488
|
0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{A171DEC0-BF26-449D-AAF0-18761A13D292}\2.2
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{A171DEC0-BF26-449D-AAF0-18761A13D292}\2.2\FLAGS
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{A171DEC0-BF26-449D-AAF0-18761A13D292}\2.2\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{A171DEC0-BF26-449D-AAF0-18761A13D292}\2.2\HELPDIR
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A1-8586-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B8-8589-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{DD9DA662-8594-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F21-8591-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F24-8591-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6599-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FED-8583-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A1-8586-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B7-8589-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming\Identities\Anonymous\Settings\1342\{00000000-0000-0000-0000-000000000000}\PendingChanges
|
Data
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTimeWord
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328916
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328972
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328932
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328990
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM01840907
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851221
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851216
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851227
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851224
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457444
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328935
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457491
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851225
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851219
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328893
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328940
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328884
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851223
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851222
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328986
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328905
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328951
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457464
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328908
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998158
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851226
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851217
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090430
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457475
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851218
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328998
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328983
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM02835233
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033
|
TM03328975
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocBibs\1033
|
TM02851220
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457515
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457496
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03090434
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001115
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033917
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457510
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033919
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM10001114
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033925
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033921
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457485
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033929
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\WordDocParts\1033
|
TM03998159
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033927
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM04033937
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LCCache\Themes\1033
|
TM03457503
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\7488
|
0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Word\Text
Converters\Import
|
Extensions
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\29830
|
29830
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe
|
JScriptSetScriptStateStarted
|
There are 437 hidden registries, click here to show them.