Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Faturados_Externo_26_09.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: multibras eletrodomesticos,
Last Saved By: HENRIQUE Tempesta, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Aug 27 14:16:27 2008,
Last Saved Time/Date: Mon Sep 27 17:53:48 2021, Security: 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\1E49091D-2F41-4D12-AA8A-5E0F0E8C3392
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\77110AAA.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7DA74C0D.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\251D90EB.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B250F412.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://roaming.edog.
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-user.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://ncus.contentsync.
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://outlook.office365.com
|
unknown
|
|
|
|
https://wus2.contentsync.
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
|
|
https://webshell.suite.office.com
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
|
|
|
https://management.azure.com/
|
unknown
|
|
|
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://graph.windows.net/
|
unknown
|
|
|
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
|
|
|
https://devnull.onenote.com
|
unknown
|
|
|
|
https://ncus.pagecontentsync.
|
unknown
|
|
|
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
|
|
|
https://messaging.office.com/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://augloop.office.com/v2
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
|
|
|
https://skyapi.live.net/Activity/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
|
|
|
https://dataservice.o365filtering.com
|
unknown
|
|
|
|
https://api.cortana.ai
|
unknown
|
|
|
|
https://onedrive.live.com
|
unknown
|
|
|
|
https://ovisualuiapp.azurewebsites.net/pbiagave/
|
unknown
|
|
|
|
https://augloop.office.com;https://augloop-gcc.office.com;https://augloop.gov.online.office365.us;ht
|
unknown
|
|
|
|
https://visio.uservoice.com/forums/368202-visio-on-devices
|
unknown
|
|
There are 90 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
k&;
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
l&;
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSForms
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSComctlLib
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F502C0B3-6F28-435B-B54A-95F1B0AC54EE}\2.0
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F502C0B3-6F28-435B-B54A-95F1B0AC54EE}\2.0\FLAGS
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F502C0B3-6F28-435B-B54A-95F1B0AC54EE}\2.0\0\win32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F502C0B3-6F28-435B-B54A-95F1B0AC54EE}\2.0\HELPDIR
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\TypeLib\{F502C0B3-6F28-435B-B54A-95F1B0AC54EE}\2.0
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\TypeLib\{F502C0B3-6F28-435B-B54A-95F1B0AC54EE}\2.0\FLAGS
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\TypeLib\{F502C0B3-6F28-435B-B54A-95F1B0AC54EE}\2.0\0\win32
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\TypeLib\{F502C0B3-6F28-435B-B54A-95F1B0AC54EE}\2.0\HELPDIR
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\WOW6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\27343
|
27343
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
-`;
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General
|
Authorized
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
1<&
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8DA2F8FC-A890-41A2-9AF5-591D557CCA2D}\2.0
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8DA2F8FC-A890-41A2-9AF5-591D557CCA2D}\2.0\FLAGS
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8DA2F8FC-A890-41A2-9AF5-591D557CCA2D}\2.0\0\win32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8DA2F8FC-A890-41A2-9AF5-591D557CCA2D}\2.0\HELPDIR
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{8DA2F8FC-A890-41A2-9AF5-591D557CCA2D}\2.0
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{8DA2F8FC-A890-41A2-9AF5-591D557CCA2D}\2.0\FLAGS
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{8DA2F8FC-A890-41A2-9AF5-591D557CCA2D}\2.0\0\win32
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{8DA2F8FC-A890-41A2-9AF5-591D557CCA2D}\2.0\HELPDIR
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\38E1C
|
38E1C
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
y.&
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
There are 309 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
25DC6D10000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE02F000
|
unkown image
|
page readonly
|
|
|
|
25DC7620000
|
unkown
|
page read and write
|
|
|
|
25DC66D0000
|
unkown image
|
page readonly
|
|
|
|
25DC66F0000
|
unkown image
|
page readonly
|
|
|
|
25DC69B0000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE863000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE7DC000
|
unkown image
|
page readonly
|
|
|
|
7DF5FFCB2000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE6DC000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE856000
|
unkown image
|
page readonly
|
|
|
|
25DC7680000
|
unkown
|
page read and write
|
|
|
|
25DC6AF0000
|
heap private
|
page read and write
|
|
|
|
25DC6830000
|
unkown image
|
page readonly
|
|
|
|
25DC6890000
|
unkown
|
page read and write
|
|
|
|
7FF5FE791000
|
unkown image
|
page readonly
|
|
|
|
7DF5FFCB2000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE5E7000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE68E000
|
unkown image
|
page readonly
|
|
|
|
25DC68FF000
|
unkown
|
page read and write
|
|
|
|
7FF5FE776000
|
unkown image
|
page readonly
|
|
|
|
25DC68B0000
|
heap default
|
page read and write
|
|
|
|
25DC66D0000
|
unkown image
|
page readonly
|
|
|
|
25DC7610000
|
unkown
|
page readonly
|
|
|
|
7DF5FFCC0000
|
unkown image
|
page readonly
|
|
|
|
25DC68B7000
|
heap default
|
page read and write
|
|
|
|
25DC68FD000
|
unkown
|
page read and write
|
|
|
|
25DC7630000
|
unkown
|
page read and write
|
|
|
|
25DC68A0000
|
unkown
|
page read and write
|
|
|
|
7FF5FE778000
|
unkown image
|
page readonly
|
|
|
|
25DC66B0000
|
unkown image
|
page read and write
|
|
|
|
A909D9E000
|
unkown
|
page read and write
|
|
|
|
7FF5FE7B5000
|
unkown image
|
page readonly
|
|
|
|
25DC6B00000
|
unkown
|
page read and write
|
|
|
|
25DC6880000
|
unkown
|
page read and write
|
|
|
|
7FF5FE7D2000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE846000
|
unkown image
|
page readonly
|
|
|
|
7DF5FFCB0000
|
unkown image
|
page readonly
|
|
|
|
A90A0FF000
|
unkown
|
page read and write
|
|
|
|
7DF5FFCB0000
|
unkown image
|
page readonly
|
|
|
|
7DF5FFCD0000
|
unkown image
|
page readonly
|
|
|
|
25DC66C0000
|
unkown
|
page read and write
|
|
|
|
7DF4FDB80000
|
unkown image
|
page readonly
|
|
|
|
25DC6908000
|
heap default
|
page read and write
|
|
|
|
7FF5FE093000
|
unkown image
|
page readonly
|
|
|
|
A90A27B000
|
unkown
|
page read and write
|
|
|
|
7FF5FE863000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE7E6000
|
unkown image
|
page readonly
|
|
|
|
25DC6906000
|
heap default
|
page read and write
|
|
|
|
7DF5FFCD0000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE05F000
|
unkown image
|
page readonly
|
|
|
|
7FF5DC266000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE7D9000
|
unkown image
|
page readonly
|
|
|
|
25DC68FF000
|
unkown
|
page read and write
|
|
|
|
7FF5FE780000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE675000
|
unkown image
|
page readonly
|
|
|
|
25DC68FD000
|
unkown
|
page read and write
|
|
|
|
7DF5FFCC2000
|
unkown image
|
page readonly
|
|
|
|
7DF5FFCC0000
|
unkown image
|
page readonly
|
|
|
|
A90A1FE000
|
unkown
|
page read and write
|
|
|
|
25DC67F0000
|
unkown
|
page read and write
|
|
|
|
25DC6900000
|
unkown
|
page read and write
|
|
|
|
25DC73E0000
|
unkown
|
page read and write
|
|
|
|
7FF5DC266000
|
unkown image
|
page readonly
|
|
|
|
A909D1B000
|
unkown
|
page read and write
|
|
|
|
25DC7090000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE67A000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE05D000
|
unkown image
|
page readonly
|
|
|
|
7DF5FFCC2000
|
unkown image
|
page readonly
|
|
|
|
25DC6910000
|
heap default
|
page read and write
|
|
|
|
25DC6AF5000
|
heap private
|
page read and write
|
|
|
|
7FF5FE7CC000
|
unkown image
|
page readonly
|
|
|
|
25DC6700000
|
unkown image
|
page readonly
|
|
|
|
A90A07E000
|
unkown
|
page read and write
|
|
|
|
25DC68F6000
|
unkown
|
page read and write
|
|
|
|
A90A179000
|
unkown
|
page read and write
|
|
|
|
25DC6AF9000
|
heap private
|
page read and write
|
|
|
|
7FF5FE768000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE036000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE784000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE770000
|
unkown image
|
page readonly
|
|
|
|
25DC6AE0000
|
unkown
|
page read and write
|
|
|
|
25DC6F10000
|
unkown image
|
page readonly
|
|
|
|
25DC68FE000
|
unkown
|
page read and write
|
|
|
|
25DC6810000
|
unkown
|
page read and write
|
|
|
|
7FF5FE6D5000
|
unkown image
|
page readonly
|
|
|
|
7FF5FE0F8000
|
unkown image
|
page readonly
|
|
There are 77 hidden memdumps, click here to show them.