Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO0000001552.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved
By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Thu Nov 10 07:26:07 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\98S549LJ\o0oHPECmC0WPIXcvQPJOXzFOO7w00z7mkDO[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CE8D676K\EvvmhfKiKFhKrSuHfBq[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\elv2.ooocccxxx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\elv3.ooocccxxx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_17RegularVersion 4.17;O365
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E9097BEB-F41B-41FA-A529-2854DCDBD67E
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
|
XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\9aad439831564ef9f88438a70a63c87e26ef3852.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\PO0000001552.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Aug 30 12:46:13
2022, mtime=Sun Nov 13 17:26:48 2022, atime=Sun Nov 13 17:26:48 2022, length=93184, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
Generic INItialization configuration [xls]
|
dropped
|
||
|
C:\Windows\System32\GanZhs\FrugrCuQjdEr.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\System32\XEzXl\JZazaZgAOY.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
|
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\PO0000001552.xls
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\elv1.ooocccxxx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\elv2.ooocccxxx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XEzXl\JZazaZgAOY.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\elv3.ooocccxxx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\GanZhs\FrugrCuQjdEr.dll"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://182.162.143.56/qqvehgyxm/bitss/ktcpnaio/
|
182.162.143.56
|
|
|
|
http://sbm.xinmoshiwang.com/upload/VaOfWEb3pW76UO/
|
47.92.35.35
|
|
|
|
https://182.162.143.56/tkafmhcgcid/
|
182.162.143.56
|
|
|
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
http://ly.yjlianyi.top/wp-admin/4cChao/
|
81.68.152.197
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://roaming.edog.
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://powerlift.acompli.net
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://cortana.ai
|
unknown
|
||
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/imports
|
unknown
|
||
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
||
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
||
|
https://182.162.143.56/qqvehgyxm/bitss/ktcpnaio/F
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
||
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
||
|
https://45.63.99.23:7080/qqvehgyxm/bitss/ktcpnaio/
|
unknown
|
||
|
https://graph.ppe.windows.net
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
https://45.63.99.23:7080/tkafmhcgcid/
|
unknown
|
||
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
||
|
https://api.scheduler.
|
unknown
|
||
|
https://my.microsoftpersonalcontent.com
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://api.aadrm.com
|
unknown
|
||
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
||
|
https://globaldisco.crm.dynamics.com
|
unknown
|
||
|
https://messaging.engagement.office.com/
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/feedback
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://45.63.99.23:7080/b
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://dataservice.o365filtering.com/
|
unknown
|
||
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
||
|
https://analysis.windows.net/powerbi/api
|
unknown
|
||
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
||
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
||
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
||
|
https://consent.config.office.com/consentcheckin/v1.0/consents
|
unknown
|
||
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
||
|
https://45.63.99.23:7080/tkafmhcgcid/8eM
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://apis.live.net/v5.0/
|
unknown
|
||
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://messaging.lifecycle.office.com/
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://management.azure.com
|
unknown
|
||
|
https://outlook.office365.com
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://incidents.diagnostics.office.com
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://182.162.143.56/
|
unknown
|
||
|
https://45.63.99.23:7080/2
|
unknown
|
||
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
||
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://api.office.net
|
unknown
|
||
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
||
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://45.63.99.23:7080/qqvehgyxm/bitss/ktcpnaio/%
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://outlook.office365.com/
|
unknown
|
||
|
https://webshell.suite.office.com
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sbm.xinmoshiwang.com
|
47.92.35.35
|
||
|
datie-tw.com
|
175.98.167.165
|
||
|
copunupo.ac.zm
|
41.63.0.22
|
||
|
ly.yjlianyi.top
|
81.68.152.197
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
110.232.117.186
|
unknown
|
Australia
|
|
|
|
103.132.242.26
|
unknown
|
India
|
|
|
|
104.168.155.143
|
unknown
|
United States
|
|
|
|
79.137.35.198
|
unknown
|
France
|
|
|
|
45.118.115.99
|
unknown
|
Indonesia
|
|
|
|
172.104.251.154
|
unknown
|
United States
|
|
|
|
115.68.227.76
|
unknown
|
Korea Republic of
|
|
|
|
163.44.196.120
|
unknown
|
Singapore
|
|
|
|
206.189.28.199
|
unknown
|
United States
|
|
|
|
45.63.99.23
|
unknown
|
United States
|
|
|
|
107.170.39.149
|
unknown
|
United States
|
|
|
|
197.242.150.244
|
unknown
|
South Africa
|
|
|
|
185.4.135.165
|
unknown
|
Greece
|
|
|
|
183.111.227.137
|
unknown
|
Korea Republic of
|
|
|
|
45.176.232.124
|
unknown
|
Colombia
|
|
|
|
139.59.56.73
|
unknown
|
Singapore
|
|
|
|
169.57.156.166
|
unknown
|
United States
|
|
|
|
164.68.99.3
|
unknown
|
Germany
|
|
|
|
139.59.126.41
|
unknown
|
Singapore
|
|
|
|
167.172.253.162
|
unknown
|
United States
|
|
|
|
147.139.166.154
|
unknown
|
United States
|
|
|
|
202.129.205.3
|
unknown
|
Thailand
|
|
|
|
167.172.199.165
|
unknown
|
United States
|
|
|
|
153.92.5.27
|
unknown
|
Germany
|
|
|
|
159.65.140.115
|
unknown
|
United States
|
|
|
|
159.65.88.10
|
unknown
|
United States
|
|
|
|
172.105.226.75
|
unknown
|
United States
|
|
|
|
164.90.222.65
|
unknown
|
United States
|
|
|
|
213.239.212.5
|
unknown
|
Germany
|
|
|
|
5.135.159.50
|
unknown
|
France
|
|
|
|
173.255.211.88
|
unknown
|
United States
|
|
|
|
212.24.98.99
|
unknown
|
Lithuania
|
|
|
|
186.194.240.217
|
unknown
|
Brazil
|
|
|
|
91.187.140.35
|
unknown
|
Serbia
|
|
|
|
119.59.103.152
|
unknown
|
Thailand
|
|
|
|
159.89.202.34
|
unknown
|
United States
|
|
|
|
201.94.166.162
|
unknown
|
Brazil
|
|
|
|
160.16.142.56
|
unknown
|
Japan
|
|
|
|
103.75.201.2
|
unknown
|
Thailand
|
|
|
|
91.207.28.33
|
unknown
|
Kyrgyzstan
|
|
|
|
103.43.75.120
|
unknown
|
Japan
|
|
|
|
188.44.20.25
|
unknown
|
Macedonia
|
|
|
|
45.235.8.30
|
unknown
|
Brazil
|
|
|
|
153.126.146.25
|
unknown
|
Japan
|
|
|
|
72.15.201.15
|
unknown
|
United States
|
|
|
|
82.223.21.224
|
unknown
|
Spain
|
|
|
|
173.212.193.249
|
unknown
|
Germany
|
|
|
|
95.217.221.146
|
unknown
|
Germany
|
|
|
|
149.56.131.28
|
unknown
|
Canada
|
|
|
|
209.97.163.214
|
unknown
|
United States
|
|
|
|
182.162.143.56
|
unknown
|
Korea Republic of
|
|
|
|
1.234.2.232
|
unknown
|
Korea Republic of
|
|
|
|
129.232.188.93
|
unknown
|
South Africa
|
|
|
|
94.23.45.86
|
unknown
|
France
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
81.68.152.197
|
ly.yjlianyi.top
|
China
|
||
|
175.98.167.165
|
datie-tw.com
|
Taiwan; Republic of China (ROC)
|
||
|
47.92.35.35
|
sbm.xinmoshiwang.com
|
China
|
||
|
41.63.0.22
|
copunupo.ac.zm
|
Zambia
|
There are 49 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
JZazaZgAOY.dll
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FrugrCuQjdEr.dll
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL\4380
|
0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
zu&
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
|
SessionId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
RemoteClearDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=1033&build=16.0.13929&crev=3
|
Last
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=1033&build=16.0.13929&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=1033&build=16.0.13929&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=1033&build=16.0.13929&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=1033&build=16.0.13929&crev=3\0
|
Properties
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=1033&build=16.0.13929&crev=3\0
|
Url
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
LicenseCategoryInfo
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
LicenseSKUInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML
|
KnownIDs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Default Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Old Default Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Default Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Old Default Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Old Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Default Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Old Default Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default HTML
Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default HTML
Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default HTML
Editor\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default HTML
Editor
|
Description
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default HTML
Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Default Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Old Default Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Default Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Old Default Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\htmlfile
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\htmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML
|
KnownIDs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Default Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Old Default Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Default Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Old Default Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Default Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default MHTML
Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default MHTML
Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default MHTML
Editor\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default MHTML
Editor
|
Description
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default MHTML
Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Default Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Old Default Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Default Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Old Default Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\mhtmlfile
|
NULL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Fonts
|
CloudFontsVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\mhtmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\excel
|
BuildNumber
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
CountryCode
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
|
Expires
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
1.21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
VersionId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
|
ETag
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
|
DeferredConfigs
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
|
ConfigIds
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
|
excel.exe_queried
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
|
excel.exe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe
|
RulesEndpoint
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSCategoriesSeverities
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSAllCategories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
2a&
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\1D1B3
|
1D1B3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\1D3A7
|
1D3A7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel
|
ExcelWorkbookAutoRecoverDirty
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\DownloadManager
|
NULL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General
|
FirstRunTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
Categories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSCategoriesSeverities
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSAllCategories
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
|
1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel
|
ImmersiveWorkbookDirtySentinel
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel
|
ExcelWorkbookOpenedCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel
|
ExcelPreviousSessionId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL\4380
|
0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Old Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Default Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Old Default Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Old Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default HTML
Editor\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default HTML
Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Default Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Old Default Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Default Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\HTML\Old Default Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\htmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Default Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default MHTML
Editor\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Default MHTML
Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\mhtmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
|
Expires
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL\4380
|
0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL\4380
|
0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\1D1B3
|
1D1B3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel
|
ExcelWorkbookOpenedCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL\4380
|
0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel
|
ExcelWorkbookOpenedCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel
|
ImmersiveWorkbookDirtySentinel
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL\4380
|
0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTimeExcel
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTimeExcel
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C003C10B7DF4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
There are 276 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9BB000
|
heap
|
page read and write
|
|
|
|
BBB000
|
heap
|
page read and write
|
|
|
|
980000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
BD213FE000
|
stack
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
1F990690000
|
heap
|
page read and write
|
||
|
15AD83FA000
|
heap
|
page read and write
|
||
|
2D4E000
|
heap
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
C52000
|
heap
|
page read and write
|
||
|
1F990669000
|
heap
|
page read and write
|
||
|
15AD8FAB000
|
heap
|
page read and write
|
||
|
15AD8280000
|
heap
|
page read and write
|
||
|
25CE000
|
stack
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
C82000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
4E5117F000
|
stack
|
page read and write
|
||
|
15AD83CA000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
15AD8403000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page readonly
|
||
|
15AD8399000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
E66937C000
|
stack
|
page read and write
|
||
|
15AD8D3A000
|
heap
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
15AD8D3C000
|
heap
|
page read and write
|
||
|
921A5FF000
|
stack
|
page read and write
|
||
|
15AD83B7000
|
heap
|
page read and write
|
||
|
A96000
|
heap
|
page read and write
|
||
|
213BB800000
|
heap
|
page read and write
|
||
|
186E95F0000
|
trusted library allocation
|
page read and write
|
||
|
2451000
|
heap
|
page read and write
|
||
|
15AD83A2000
|
heap
|
page read and write
|
||
|
15AD83F6000
|
heap
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
7FFD2B082000
|
unkown
|
page readonly
|
||
|
4E50DFE000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
A51000
|
heap
|
page read and write
|
||
|
1F990647000
|
heap
|
page read and write
|
||
|
620DEFE000
|
stack
|
page read and write
|
||
|
6DB000
|
stack
|
page read and write
|
||
|
4E50D77000
|
stack
|
page read and write
|
||
|
15AD83C3000
|
heap
|
page read and write
|
||
|
BD211FE000
|
stack
|
page read and write
|
||
|
355F000
|
stack
|
page read and write
|
||
|
A34000
|
heap
|
page read and write
|
||
|
268C000
|
heap
|
page read and write
|
||
|
20EB71DB000
|
heap
|
page read and write
|
||
|
15F4000
|
heap
|
page read and write
|
||
|
1FEA0478000
|
heap
|
page read and write
|
||
|
25A1000
|
heap
|
page read and write
|
||
|
1F990659000
|
heap
|
page read and write
|
||
|
5BDFBFB000
|
stack
|
page read and write
|
||
|
15AD8FD0000
|
heap
|
page read and write
|
||
|
15AD8FDE000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
15AD83DD000
|
heap
|
page read and write
|
||
|
15AD835E000
|
heap
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
4E5107E000
|
stack
|
page read and write
|
||
|
15AD8380000
|
heap
|
page read and write
|
||
|
3117000
|
stack
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
15AD8394000
|
heap
|
page read and write
|
||
|
A43000
|
heap
|
page read and write
|
||
|
186E9420000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
15AD8D42000
|
heap
|
page read and write
|
||
|
213BB680000
|
heap
|
page read and write
|
||
|
186E9645000
|
heap
|
page read and write
|
||
|
1509000
|
heap
|
page read and write
|
||
|
A79000
|
heap
|
page read and write
|
||
|
A4E000
|
heap
|
page read and write
|
||
|
213BC143000
|
heap
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
15AD83DD000
|
heap
|
page read and write
|
||
|
15AD8403000
|
heap
|
page read and write
|
||
|
15AD8D55000
|
heap
|
page read and write
|
||
|
A6E000
|
heap
|
page read and write
|
||
|
23DD000
|
heap
|
page read and write
|
||
|
15AD83CA000
|
heap
|
page read and write
|
||
|
20EB722D000
|
heap
|
page read and write
|
||
|
186E9702000
|
heap
|
page read and write
|
||
|
186E9C02000
|
trusted library allocation
|
page read and write
|
||
|
24BC000
|
heap
|
page read and write
|
||
|
2879E266000
|
heap
|
page read and write
|
||
|
5BDF977000
|
stack
|
page read and write
|
||
|
5BDFAF8000
|
stack
|
page read and write
|
||
|
A22000
|
heap
|
page read and write
|
||
|
15AD83B8000
|
heap
|
page read and write
|
||
|
213BC100000
|
heap
|
page read and write
|
||
|
15AD83FC000
|
heap
|
page read and write
|
||
|
A79A97D000
|
stack
|
page read and write
|
||
|
A29000
|
heap
|
page read and write
|
||
|
C75000
|
heap
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
294A000
|
stack
|
page read and write
|
||
|
5B0000
|
remote allocation
|
page read and write
|
||
|
A48000
|
heap
|
page read and write
|
||
|
C4A000
|
heap
|
page read and write
|
||
|
15AD83AA000
|
heap
|
page read and write
|
||
|
1F990660000
|
heap
|
page read and write
|
||
|
15AD8D33000
|
heap
|
page read and write
|
||
|
245A000
|
heap
|
page read and write
|
||
|
C55000
|
heap
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
15AD83EE000
|
heap
|
page read and write
|
||
|
E6688EC000
|
stack
|
page read and write
|
||
|
1FEA045B000
|
heap
|
page read and write
|
||
|
BEB000
|
heap
|
page read and write
|
||
|
E66947C000
|
stack
|
page read and write
|
||
|
15AD8356000
|
heap
|
page read and write
|
||
|
15AD8D37000
|
heap
|
page read and write
|
||
|
1F990627000
|
heap
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
15AD835D000
|
heap
|
page read and write
|
||
|
9FC000
|
heap
|
page read and write
|
||
|
20EB7841000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
15AD83B8000
|
heap
|
page read and write
|
||
|
20EB7789000
|
heap
|
page read and write
|
||
|
15AD83E5000
|
heap
|
page read and write
|
||
|
A91000
|
heap
|
page read and write
|
||
|
BF7000
|
heap
|
page read and write
|
||
|
A72000
|
heap
|
page read and write
|
||
|
20EB7740000
|
heap
|
page read and write
|
||
|
A34000
|
heap
|
page read and write
|
||
|
234E000
|
stack
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
A79AEFD000
|
stack
|
page read and write
|
||
|
B60000
|
remote allocation
|
page read and write
|
||
|
1F990674000
|
heap
|
page read and write
|
||
|
1F990613000
|
heap
|
page read and write
|
||
|
2427000
|
heap
|
page read and write
|
||
|
620E1FD000
|
stack
|
page read and write
|
||
|
1FEA0350000
|
heap
|
page read and write
|
||
|
20EB71E7000
|
heap
|
page read and write
|
||
|
213BB913000
|
heap
|
page read and write
|
||
|
BD215FF000
|
stack
|
page read and write
|
||
|
15AD8310000
|
heap
|
page read and write
|
||
|
15AD83AE000
|
heap
|
page read and write
|
||
|
1FEA0402000
|
heap
|
page read and write
|
||
|
BE3000
|
heap
|
page read and write
|
||
|
A4B000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
20EB7415000
|
heap
|
page read and write
|
||
|
15AD83D8000
|
heap
|
page read and write
|
||
|
20EB7410000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page readonly
|
||
|
2650000
|
heap
|
page read and write
|
||
|
186E962B000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
15AD83E5000
|
heap
|
page read and write
|
||
|
1F99066D000
|
heap
|
page read and write
|
||
|
213BB902000
|
heap
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
287E000
|
stack
|
page read and write
|
||
|
15AD83D3000
|
heap
|
page read and write
|
||
|
7FFD2B052000
|
unkown
|
page readonly
|
||
|
A0D000
|
heap
|
page read and write
|
||
|
15AD8FAE000
|
heap
|
page read and write
|
||
|
15AD83DD000
|
heap
|
page read and write
|
||
|
2879E180000
|
trusted library allocation
|
page read and write
|
||
|
1F990644000
|
heap
|
page read and write
|
||
|
A79AC7F000
|
stack
|
page read and write
|
||
|
213BB890000
|
heap
|
page read and write
|
||
|
1F99066B000
|
heap
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
1F990694000
|
heap
|
page read and write
|
||
|
15AD8388000
|
heap
|
page read and write
|
||
|
1571000
|
heap
|
page read and write
|
||
|
C04000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
15AD83A2000
|
heap
|
page read and write
|
||
|
620E0FE000
|
stack
|
page read and write
|
||
|
C5A000
|
heap
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
15AD83B7000
|
heap
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
20EB7100000
|
heap
|
page read and write
|
||
|
15AD83DD000
|
heap
|
page read and write
|
||
|
15AD83AA000
|
heap
|
page read and write
|
||
|
213BC140000
|
heap
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
15AD8402000
|
heap
|
page read and write
|
||
|
15AD8343000
|
heap
|
page read and write
|
||
|
15AD8D3E000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
213BB898000
|
heap
|
page read and write
|
||
|
15AD8394000
|
heap
|
page read and write
|
||
|
15AD8FE6000
|
heap
|
page read and write
|
||
|
A5A000
|
heap
|
page read and write
|
||
|
C33000
|
heap
|
page read and write
|
||
|
C06000
|
heap
|
page read and write
|
||
|
A79AB7E000
|
stack
|
page read and write
|
||
|
22CB000
|
heap
|
page read and write
|
||
|
15AD8FD9000
|
heap
|
page read and write
|
||
|
BD214FD000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
15AD840E000
|
heap
|
page read and write
|
||
|
15AD83BB000
|
heap
|
page read and write
|
||
|
BD212FC000
|
stack
|
page read and write
|
||
|
1355000
|
heap
|
page read and write
|
||
|
15AD8409000
|
heap
|
page read and write
|
||
|
2879E200000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
15AD83B3000
|
heap
|
page read and write
|
||
|
15AD839B000
|
heap
|
page read and write
|
||
|
E6691FF000
|
stack
|
page read and write
|
||
|
15AD832A000
|
heap
|
page read and write
|
||
|
5BDF87F000
|
stack
|
page read and write
|
||
|
15AD8FA0000
|
heap
|
page read and write
|
||
|
252A000
|
heap
|
page read and write
|
||
|
1547000
|
heap
|
page read and write
|
||
|
1FEA046A000
|
heap
|
page read and write
|
||
|
15AD83BB000
|
heap
|
page read and write
|
||
|
7FFD2B0AF000
|
unkown
|
page readonly
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
C4D000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
186E965C000
|
heap
|
page read and write
|
||
|
15AD837C000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
240A000
|
heap
|
page read and write
|
||
|
20EB7784000
|
heap
|
page read and write
|
||
|
15AD83EF000
|
heap
|
page read and write
|
||
|
C4F000
|
heap
|
page read and write
|
||
|
15AD8FAA000
|
heap
|
page read and write
|
||
|
15AD838B000
|
heap
|
page read and write
|
||
|
A61000
|
heap
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
15AD832F000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
15AD83AA000
|
heap
|
page read and write
|
||
|
213BB670000
|
heap
|
page read and write
|
||
|
15AD83D2000
|
heap
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
24B9000
|
heap
|
page read and write
|
||
|
15AD8FD7000
|
heap
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
20EB778E000
|
heap
|
page read and write
|
||
|
1F990600000
|
heap
|
page read and write
|
||
|
20EB7886000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
2879E150000
|
heap
|
page read and write
|
||
|
5BDF35B000
|
stack
|
page read and write
|
||
|
1F990642000
|
heap
|
page read and write
|
||
|
1367000
|
trusted library allocation
|
page read and write
|
||
|
20EB727D000
|
heap
|
page read and write
|
||
|
15AD83CA000
|
heap
|
page read and write
|
||
|
2640000
|
heap
|
page read and write
|
||
|
25D0000
|
trusted library allocation
|
page read and write
|
||
|
1F99067C000
|
heap
|
page read and write
|
||
|
C82000
|
heap
|
page read and write
|
||
|
BEB000
|
heap
|
page read and write
|
||
|
15AD8FDB000
|
heap
|
page read and write
|
||
|
28CC000
|
stack
|
page read and write
|
||
|
213BC11F000
|
heap
|
page read and write
|
||
|
15AD837E000
|
heap
|
page read and write
|
||
|
1F990678000
|
heap
|
page read and write
|
||
|
15AD838B000
|
heap
|
page read and write
|
||
|
15AD837F000
|
heap
|
page read and write
|
||
|
A13000
|
heap
|
page read and write
|
||
|
1F990676000
|
heap
|
page read and write
|
||
|
1FEA042B000
|
heap
|
page read and write
|
||
|
1F99066E000
|
heap
|
page read and write
|
||
|
15AD836E000
|
heap
|
page read and write
|
||
|
2521000
|
heap
|
page read and write
|
||
|
C18000
|
heap
|
page read and write
|
||
|
26FF000
|
stack
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
20EB7794000
|
heap
|
page read and write
|
||
|
BD20FFB000
|
stack
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
15AD83EC000
|
heap
|
page read and write
|
||
|
15AD83EF000
|
heap
|
page read and write
|
||
|
A55000
|
heap
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
15AD8FE1000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
15AD83B1000
|
heap
|
page read and write
|
||
|
1F990520000
|
heap
|
page read and write
|
||
|
15AD8364000
|
heap
|
page read and write
|
||
|
15AD82D0000
|
heap
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
15AD83F5000
|
heap
|
page read and write
|
||
|
C34000
|
heap
|
page read and write
|
||
|
E6690FB000
|
stack
|
page read and write
|
||
|
15AD8FB0000
|
heap
|
page read and write
|
||
|
2590000
|
heap
|
page read and write
|
||
|
20EB71DF000
|
heap
|
page read and write
|
||
|
15AD83D1000
|
heap
|
page read and write
|
||
|
2C5B000
|
stack
|
page read and write
|
||
|
B60000
|
remote allocation
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
9FB000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page readonly
|
||
|
157A000
|
heap
|
page read and write
|
||
|
A4B000
|
heap
|
page read and write
|
||
|
B74000
|
heap
|
page read and write
|
||
|
E668EFC000
|
stack
|
page read and write
|
||
|
A77000
|
heap
|
page read and write
|
||
|
BFF000
|
heap
|
page read and write
|
||
|
1F990646000
|
heap
|
page read and write
|
||
|
213BB7E0000
|
trusted library allocation
|
page read and write
|
||
|
C6C000
|
heap
|
page read and write
|
||
|
15AD83BD000
|
heap
|
page read and write
|
||
|
15AD83A2000
|
heap
|
page read and write
|
||
|
A04000
|
heap
|
page read and write
|
||
|
C95000
|
heap
|
page read and write
|
||
|
2879E0F0000
|
heap
|
page read and write
|
||
|
23E9000
|
heap
|
page read and write
|
||
|
A4F000
|
heap
|
page read and write
|
||
|
24C4000
|
heap
|
page read and write
|
||
|
1F99063F000
|
heap
|
page read and write
|
||
|
2D0C000
|
stack
|
page read and write
|
||
|
A1F000
|
heap
|
page read and write
|
||
|
A79AA7E000
|
stack
|
page read and write
|
||
|
7FFD2B012000
|
unkown
|
page readonly
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2879E27E000
|
heap
|
page read and write
|
||
|
A18000
|
heap
|
page read and write
|
||
|
213BB813000
|
heap
|
page read and write
|
||
|
15AD8373000
|
heap
|
page read and write
|
||
|
BE5000
|
heap
|
page read and write
|
||
|
20EB71C2000
|
heap
|
page read and write
|
||
|
1FEA0C02000
|
trusted library allocation
|
page read and write
|
||
|
15AD83FC000
|
heap
|
page read and write
|
||
|
921A0FE000
|
stack
|
page read and write
|
||
|
20EB78A9000
|
heap
|
page read and write
|
||
|
277C000
|
stack
|
page read and write
|
||
|
A46000
|
heap
|
page read and write
|
||
|
1F990686000
|
heap
|
page read and write
|
||
|
15AD83B0000
|
heap
|
page read and write
|
||
|
1F99065F000
|
heap
|
page read and write
|
||
|
E668E7F000
|
stack
|
page read and write
|
||
|
15AD83E7000
|
heap
|
page read and write
|
||
|
15AD83B3000
|
heap
|
page read and write
|
||
|
2645000
|
heap
|
page read and write
|
||
|
15AD83F5000
|
heap
|
page read and write
|
||
|
7FFD2B0CA000
|
unkown
|
page readonly
|
||
|
E668CFB000
|
stack
|
page read and write
|
||
|
2879E202000
|
heap
|
page read and write
|
||
|
1FEA0340000
|
heap
|
page read and write
|
||
|
20EB7217000
|
heap
|
page read and write
|
||
|
15AD86A5000
|
heap
|
page read and write
|
||
|
1F99066C000
|
heap
|
page read and write
|
||
|
15AD83FE000
|
heap
|
page read and write
|
||
|
A4C000
|
heap
|
page read and write
|
||
|
620E2FF000
|
stack
|
page read and write
|
||
|
15AD83E5000
|
heap
|
page read and write
|
||
|
15AD83BD000
|
heap
|
page read and write
|
||
|
20EB78AA000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
BFB000
|
heap
|
page read and write
|
||
|
15AD83C4000
|
heap
|
page read and write
|
||
|
15AD8FA4000
|
heap
|
page read and write
|
||
|
309C000
|
stack
|
page read and write
|
||
|
C47000
|
heap
|
page read and write
|
||
|
1F9904C0000
|
heap
|
page read and write
|
||
|
1F990663000
|
heap
|
page read and write
|
||
|
C22000
|
heap
|
page read and write
|
||
|
264B000
|
heap
|
page read and write
|
||
|
620DE7F000
|
stack
|
page read and write
|
||
|
15AD83E5000
|
heap
|
page read and write
|
||
|
13AB000
|
heap
|
page read and write
|
||
|
7FFD2B0CD000
|
unkown
|
page readonly
|
||
|
15AD83DA000
|
heap
|
page read and write
|
||
|
22CB000
|
heap
|
page read and write
|
||
|
C06000
|
heap
|
page read and write
|
||
|
15AD83D8000
|
heap
|
page read and write
|
||
|
C04000
|
heap
|
page read and write
|
||
|
2879E24F000
|
heap
|
page read and write
|
||
|
15AD8402000
|
heap
|
page read and write
|
||
|
15AD83FE000
|
heap
|
page read and write
|
||
|
15AD83D8000
|
heap
|
page read and write
|
||
|
5BDF77E000
|
stack
|
page read and write
|
||
|
15AD83EE000
|
heap
|
page read and write
|
||
|
1F99065D000
|
heap
|
page read and write
|
||
|
1F9904B0000
|
heap
|
page read and write
|
||
|
15AD8D32000
|
heap
|
page read and write
|
||
|
186E9600000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
10BB000
|
stack
|
page read and write
|
||
|
15AD82F0000
|
heap
|
page read and write
|
||
|
87B000
|
stack
|
page read and write
|
||
|
BD210FF000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
2879EA02000
|
trusted library allocation
|
page read and write
|
||
|
1F990648000
|
heap
|
page read and write
|
||
|
5BDFDFB000
|
stack
|
page read and write
|
||
|
2280000
|
trusted library allocation
|
page read and write
|
||
|
15AD83A2000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1FEA0502000
|
heap
|
page read and write
|
||
|
20EB7889000
|
heap
|
page read and write
|
||
|
15AD83DA000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
248C000
|
heap
|
page read and write
|
||
|
15AD83B3000
|
heap
|
page read and write
|
||
|
C43000
|
heap
|
page read and write
|
||
|
125B000
|
heap
|
page read and write
|
||
|
921A07B000
|
stack
|
page read and write
|
||
|
1514000
|
heap
|
page read and write
|
||
|
15AD83AA000
|
heap
|
page read and write
|
||
|
2879E269000
|
heap
|
page read and write
|
||
|
1F990698000
|
heap
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
1FEA0442000
|
heap
|
page read and write
|
||
|
15AD838B000
|
heap
|
page read and write
|
||
|
15AD8409000
|
heap
|
page read and write
|
||
|
7FFD2AFF0000
|
unkown
|
page readonly
|
||
|
9F8000
|
heap
|
page read and write
|
||
|
C62000
|
heap
|
page read and write
|
||
|
186E93B0000
|
heap
|
page read and write
|
||
|
C1F000
|
heap
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
15AD838C000
|
heap
|
page read and write
|
||
|
15AD83D1000
|
heap
|
page read and write
|
||
|
15AD8FAA000
|
heap
|
page read and write
|
||
|
20EB7865000
|
heap
|
page read and write
|
||
|
700000
|
remote allocation
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
15AD836B000
|
heap
|
page read and write
|
||
|
1F990667000
|
heap
|
page read and write
|
||
|
15AD83C4000
|
heap
|
page read and write
|
||
|
C8E000
|
heap
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
15AD8318000
|
heap
|
page read and write
|
||
|
C18000
|
heap
|
page read and write
|
||
|
1F990672000
|
heap
|
page read and write
|
||
|
BFB000
|
heap
|
page read and write
|
||
|
22CB000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page readonly
|
||
|
186E963F000
|
heap
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
14DC000
|
heap
|
page read and write
|
||
|
15AD8348000
|
heap
|
page read and write
|
||
|
1524000
|
heap
|
page read and write
|
||
|
620E17E000
|
stack
|
page read and write
|
||
|
15AD83BB000
|
heap
|
page read and write
|
||
|
1F990638000
|
heap
|
page read and write
|
||
|
15AD83CF000
|
heap
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
1F99066A000
|
heap
|
page read and write
|
||
|
F0B000
|
stack
|
page read and write
|
||
|
15AD83C1000
|
heap
|
page read and write
|
||
|
2645000
|
heap
|
page read and write
|
||
|
1F99064B000
|
heap
|
page read and write
|
||
|
620DC7D000
|
stack
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
1F990E02000
|
trusted library allocation
|
page read and write
|
||
|
20EB7253000
|
heap
|
page read and write
|
||
|
20EB7891000
|
heap
|
page read and write
|
||
|
A2E000
|
heap
|
page read and write
|
||
|
15AD8FA7000
|
heap
|
page read and write
|
||
|
15AD8D49000
|
heap
|
page read and write
|
||
|
23F4000
|
heap
|
page read and write
|
||
|
15AD83D1000
|
heap
|
page read and write
|
||
|
C2E000
|
heap
|
page read and write
|
||
|
213BB842000
|
heap
|
page read and write
|
||
|
2E8D000
|
stack
|
page read and write
|
||
|
213BC119000
|
heap
|
page read and write
|
||
|
BD20BFB000
|
stack
|
page read and write
|
||
|
1FEA03A0000
|
heap
|
page read and write
|
||
|
15AD8352000
|
heap
|
page read and write
|
||
|
213BB870000
|
heap
|
page read and write
|
||
|
15AD8409000
|
heap
|
page read and write
|
||
|
5BDFA7E000
|
stack
|
page read and write
|
||
|
15AD8D30000
|
heap
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
154E000
|
heap
|
page read and write
|
||
|
A18000
|
heap
|
page read and write
|
||
|
C93000
|
heap
|
page read and write
|
||
|
213BB6E0000
|
heap
|
page read and write
|
||
|
15AD83FE000
|
heap
|
page read and write
|
||
|
25A0000
|
heap
|
page read and write
|
||
|
7FFD2B060000
|
unkown
|
page readonly
|
||
|
A0D000
|
heap
|
page read and write
|
||
|
7FFD2B057000
|
unkown
|
page read and write
|
||
|
15AD8D51000
|
heap
|
page read and write
|
||
|
186E93C0000
|
heap
|
page read and write
|
||
|
E66957F000
|
stack
|
page read and write
|
||
|
1F990664000
|
heap
|
page read and write
|
||
|
2D3D000
|
stack
|
page read and write
|
||
|
2D5B000
|
stack
|
page read and write
|
||
|
A55000
|
heap
|
page read and write
|
||
|
20EB77A1000
|
heap
|
page read and write
|
||
|
213BC15F000
|
heap
|
page read and write
|
||
|
4E5127F000
|
stack
|
page read and write
|
||
|
15AD83D3000
|
heap
|
page read and write
|
||
|
C47000
|
heap
|
page read and write
|
||
|
2879E25C000
|
heap
|
page read and write
|
||
|
1F99065B000
|
heap
|
page read and write
|
||
|
2879E213000
|
heap
|
page read and write
|
||
|
15AD83A2000
|
heap
|
page read and write
|
||
|
A1F000
|
heap
|
page read and write
|
||
|
20EB777D000
|
heap
|
page read and write
|
||
|
20EB78AB000
|
heap
|
page read and write
|
||
|
620E279000
|
stack
|
page read and write
|
||
|
B60000
|
remote allocation
|
page read and write
|
||
|
20EB7240000
|
heap
|
page read and write
|
||
|
20EB71AA000
|
heap
|
page read and write
|
||
|
1F99062B000
|
heap
|
page read and write
|
||
|
23DC000
|
heap
|
page read and write
|
||
|
2BC0000
|
trusted library allocation
|
page read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
15AD8FDC000
|
heap
|
page read and write
|
||
|
22C5000
|
heap
|
page read and write
|
||
|
2D8D000
|
stack
|
page read and write
|
||
|
C67000
|
heap
|
page read and write
|
||
|
7FFD2B061000
|
unkown
|
page execute read
|
||
|
23EC000
|
heap
|
page read and write
|
||
|
15AD83AA000
|
heap
|
page read and write
|
||
|
15AD8398000
|
heap
|
page read and write
|
||
|
15AD83BD000
|
heap
|
page read and write
|
||
|
20EB7780000
|
heap
|
page read and write
|
||
|
15AD83E0000
|
heap
|
page read and write
|
||
|
251E000
|
stack
|
page read and write
|
||
|
24F7000
|
heap
|
page read and write
|
||
|
984000
|
heap
|
page read and write
|
||
|
27FA000
|
stack
|
page read and write
|
||
|
2BC2000
|
trusted library allocation
|
page read and write
|
||
|
2C3D000
|
stack
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
213BC112000
|
heap
|
page read and write
|
||
|
20EB7238000
|
heap
|
page read and write
|
||
|
15AD8389000
|
heap
|
page read and write
|
||
|
C25000
|
heap
|
page read and write
|
||
|
15AD86A0000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
15AD8392000
|
heap
|
page read and write
|
||
|
1F990702000
|
heap
|
page read and write
|
||
|
15AD83BF000
|
heap
|
page read and write
|
||
|
150C000
|
heap
|
page read and write
|
||
|
15AD83B0000
|
heap
|
page read and write
|
||
|
A0D000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
7FFD2B057000
|
unkown
|
page read and write
|
||
|
15AD8409000
|
heap
|
page read and write
|
||
|
E668FFE000
|
stack
|
page read and write
|
||
|
C47000
|
heap
|
page read and write
|
||
|
2CBF000
|
stack
|
page read and write
|
||
|
15AD8386000
|
heap
|
page read and write
|
||
|
1F990662000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
2897000
|
stack
|
page read and write
|
||
|
C1F000
|
heap
|
page read and write
|
||
|
20EB7841000
|
heap
|
page read and write
|
||
|
921A2FE000
|
stack
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
2280000
|
trusted library allocation
|
page read and write
|
||
|
24FE000
|
heap
|
page read and write
|
||
|
264B000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
C5A000
|
heap
|
page read and write
|
||
|
C8A000
|
heap
|
page read and write
|
||
|
15AD8D51000
|
heap
|
page read and write
|
||
|
1FEA03D0000
|
trusted library allocation
|
page read and write
|
||
|
921A17E000
|
stack
|
page read and write
|
||
|
C34000
|
heap
|
page read and write
|
||
|
1F99065A000
|
heap
|
page read and write
|
||
|
A79A67B000
|
stack
|
page read and write
|
||
|
C93000
|
heap
|
page read and write
|
||
|
1F990652000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
1FEA0413000
|
heap
|
page read and write
|
||
|
15AD83DA000
|
heap
|
page read and write
|
||
|
15AD8FE4000
|
heap
|
page read and write
|
||
|
1402000
|
heap
|
page read and write
|
||
|
1F990665000
|
heap
|
page read and write
|
||
|
15AD83EB000
|
heap
|
page read and write
|
||
|
7FFD2B0CC000
|
unkown
|
page execute
|
||
|
15AD8FAA000
|
heap
|
page read and write
|
||
|
A79AAFE000
|
stack
|
page read and write
|
||
|
A18000
|
heap
|
page read and write
|
||
|
5BDFCFE000
|
stack
|
page read and write
|
||
|
15AD8FA3000
|
heap
|
page read and write
|
||
|
BF4000
|
heap
|
page read and write
|
||
|
1F99068C000
|
heap
|
page read and write
|
||
|
1F99068E000
|
heap
|
page read and write
|
||
|
C75000
|
heap
|
page read and write
|
||
|
186E9602000
|
heap
|
page read and write
|
||
|
C4D000
|
heap
|
page read and write
|
||
|
135B000
|
heap
|
page read and write
|
||
|
20EB7840000
|
heap
|
page read and write
|
||
|
C55000
|
heap
|
page read and write
|
||
|
213BB8D5000
|
heap
|
page read and write
|
||
|
A79A7FA000
|
stack
|
page read and write
|
||
|
B70000
|
trusted library allocation
|
page read and write
|
||
|
15AD8389000
|
heap
|
page read and write
|
||
|
C22000
|
heap
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
15AD8FA7000
|
heap
|
page read and write
|
||
|
2290000
|
trusted library allocation
|
page read and write
|
||
|
20EB7120000
|
heap
|
page read and write
|
||
|
A79AD7D000
|
stack
|
page read and write
|
||
|
921A3FF000
|
stack
|
page read and write
|
||
|
15AD8D3D000
|
heap
|
page read and write
|
||
|
135B000
|
heap
|
page read and write
|
||
|
15AD83B3000
|
heap
|
page read and write
|
||
|
264B000
|
heap
|
page read and write
|
||
|
15AD8D42000
|
heap
|
page read and write
|
||
|
2E98000
|
heap
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
23BC000
|
heap
|
page read and write
|
||
|
A7D000
|
heap
|
page read and write
|
||
|
A22000
|
heap
|
page read and write
|
||
|
2879E243000
|
heap
|
page read and write
|
||
|
15AD83E5000
|
heap
|
page read and write
|
||
|
213BB8DD000
|
heap
|
page read and write
|
||
|
C15000
|
heap
|
page read and write
|
||
|
20EB7180000
|
heap
|
page read and write
|
||
|
C13000
|
heap
|
page read and write
|
||
|
15AD8399000
|
heap
|
page read and write
|
||
|
9B0000
|
direct allocation
|
page execute and read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
1F99065E000
|
heap
|
page read and write
|
||
|
A04000
|
heap
|
page read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
20EB780A000
|
heap
|
page read and write
|
||
|
C1C000
|
heap
|
page read and write
|
||
|
15AD836B000
|
heap
|
page read and write
|
||
|
A6A000
|
heap
|
page read and write
|
||
|
20EB7140000
|
trusted library allocation
|
page read and write
|
||
|
15AD8394000
|
heap
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
22C5000
|
heap
|
page read and write
|
||
|
15AD837A000
|
heap
|
page read and write
|
||
|
15AD8394000
|
heap
|
page read and write
|
||
|
15AD83C1000
|
heap
|
page read and write
|
||
|
AA0000
|
trusted library allocation
|
page read and write
|
||
|
15AD83CA000
|
heap
|
page read and write
|
||
|
213BC002000
|
heap
|
page read and write
|
||
|
1F990636000
|
heap
|
page read and write
|
||
|
C0D000
|
heap
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
620DF7C000
|
stack
|
page read and write
|
||
|
C58000
|
heap
|
page read and write
|
||
|
15AD8372000
|
heap
|
page read and write
|
||
|
2879E22B000
|
heap
|
page read and write
|
||
|
15AD8394000
|
heap
|
page read and write
|
||
|
213BB82B000
|
heap
|
page read and write
|
||
|
4E511FB000
|
stack
|
page read and write
|
||
|
7FFD2B0C7000
|
unkown
|
page read and write
|
||
|
A4D000
|
heap
|
page read and write
|
||
|
A13000
|
heap
|
page read and write
|
||
|
15AD8FA5000
|
heap
|
page read and write
|
||
|
186E9713000
|
heap
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
921A4FE000
|
stack
|
page read and write
|
||
|
C6D000
|
heap
|
page read and write
|
||
|
1FEA0513000
|
heap
|
page read and write
|
||
|
15AD83FC000
|
heap
|
page read and write
|
||
|
A34000
|
heap
|
page read and write
|
||
|
135B000
|
heap
|
page read and write
|
||
|
4E510FC000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
2DDC000
|
heap
|
page read and write
|
||
|
1F990C80000
|
trusted library allocation
|
page read and write
|
||
|
15AD83D3000
|
heap
|
page read and write
|
||
|
4E512FE000
|
stack
|
page read and write
|
||
|
C31000
|
heap
|
page read and write
|
||
|
A79ADFF000
|
stack
|
page read and write
|
||
|
15AD83C3000
|
heap
|
page read and write
|
||
|
20EB7188000
|
heap
|
page read and write
|
||
|
15AD83B7000
|
heap
|
page read and write
|
||
|
15AD8D49000
|
heap
|
page read and write
|
||
|
2879E302000
|
heap
|
page read and write
|
||
|
186E9B90000
|
trusted library allocation
|
page read and write
|
||
|
1F99069D000
|
heap
|
page read and write
|
||
|
15AD83FA000
|
heap
|
page read and write
|
||
|
1F990684000
|
heap
|
page read and write
|
||
|
15AD8FA2000
|
heap
|
page read and write
|
||
|
1FEA0400000
|
heap
|
page read and write
|
||
|
20EB6FD0000
|
heap
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
213BB8CC000
|
heap
|
page read and write
|
||
|
20EB7792000
|
heap
|
page read and write
|
||
|
186E9613000
|
heap
|
page read and write
|
||
|
15AD8357000
|
heap
|
page read and write
|
||
|
242E000
|
heap
|
page read and write
|
||
|
15AD83CF000
|
heap
|
page read and write
|
||
|
35DB000
|
stack
|
page read and write
|
||
|
2879E100000
|
heap
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
15AD8D32000
|
heap
|
page read and write
|
||
|
24BC000
|
heap
|
page read and write
|
||
|
A79AFFD000
|
stack
|
page read and write
|
||
|
620E07F000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
1F990670000
|
heap
|
page read and write
|
||
|
20EB787A000
|
heap
|
page read and write
|
||
|
1F990683000
|
heap
|
page read and write
|
||
|
15AD83CA000
|
heap
|
page read and write
|
||
|
7FFD2B0C7000
|
unkown
|
page read and write
|
||
|
C55000
|
heap
|
page read and write
|
||
|
2E0F000
|
stack
|
page read and write
|
||
|
15AD8402000
|
heap
|
page read and write
|
||
|
87B000
|
stack
|
page read and write
|
||
|
20EB778C000
|
heap
|
page read and write
|
||
|
20EB721D000
|
heap
|
page read and write
|
||
|
620DFF9000
|
stack
|
page read and write
|
||
|
5BDF9FE000
|
stack
|
page read and write
|
||
|
1355000
|
heap
|
page read and write
|
||
|
E6692FE000
|
stack
|
page read and write
|
||
|
1FEA046F000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
1F990641000
|
heap
|
page read and write
|
||
|
1F990681000
|
heap
|
page read and write
|
There are 714 hidden memdumps, click here to show them.