Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
|
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights
Reserved.msofp_4_40RegularVersion 4.40;O365
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\PowerPoint\1380790193167760279.C4
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\PowerPoint\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\79850158-4F06-4507-AE8F-9FC7DE355E6D
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\POWERPNT\App1727824736971637700_7B0F9B8D-6A14-433F-BE09-6566FCB6CD3A.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\POWERPNT\App1727824736972202700_7B0F9B8D-6A14-433F-BE09-6566FCB6CD3A.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
Generic INItialization configuration [folders]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\ucb-overview.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Oct 1 22:18:25
2024, mtime=Tue Oct 1 22:18:57 2024, atime=Tue Oct 1 22:18:54 2024, length=29291, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\3d817110-a8cd-4a17-85fd-2a2c8379e2fe.tmp
|
OpenDocument Presentation
|
dropped
|
||
|
C:\Users\user\Downloads\ucb-overview.odp (copy)
|
OpenDocument Presentation
|
dropped
|
||
|
C:\Users\user\Downloads\ucb-overview.odp.crdownload
|
OpenDocument Presentation
|
dropped
|
||
|
C:\Users\user\Downloads\~$ucb-overview.odp
|
data
|
dropped
|
||
|
Chrome Cache Entry: 148
|
PNG image data, 86 x 75, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 149
|
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 150
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 640x502, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 151
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
little-endian, direntries=12, height=2448, manufacturer=SAMSUNG, model=GT-I9100, orientation=upper-left, xresolution=208,
yresolution=216, resolutionunit=2, software=I9100XWKG1, datetime=2014:02:01 11:45:19, width=3264], baseline, precision 8,
1024x768, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 152
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=140, yresolution=148, resolutionunit=2, software=Adobe Photoshop
CS Macintosh, datetime=2009:01:16 10:44:52], baseline, precision 8, 622x320, components 1
|
dropped
|
||
|
Chrome Cache Entry: 153
|
PNG image data, 420 x 490, 8-bit/color RGB, interlaced
|
dropped
|
||
|
Chrome Cache Entry: 155
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 157
|
PNG image data, 717 x 340, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 158
|
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 159
|
JPEG image data, baseline, precision 8, 500x404, components 3
|
dropped
|
||
|
Chrome Cache Entry: 160
|
gzip compressed data, from Unix, original size modulo 2^32 2554
|
downloaded
|
||
|
Chrome Cache Entry: 161
|
PNG image data, 690 x 692, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 162
|
PNG image data, 1000 x 250, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 163
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106,
resolutionunit=2, software=Adobe Photoshop CS6 (Macintosh), datetime=2013:03:20 18:05:09], baseline, precision 8, 650x500,
components 3
|
downloaded
|
||
|
Chrome Cache Entry: 164
|
PNG image data, 1112 x 257, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 166
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 500x408, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 167
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x370, components
1
|
dropped
|
||
|
Chrome Cache Entry: 168
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=11, manufacturer=NIKON CORPORATION, model=NIKON D90, orientation=upper-left, xresolution=174, yresolution=182,
resolutionunit=2, software=GIMP 2.8.6, datetime=2013:07:31 09:53:37, GPS-Data], progressive, precision 8, 680x1024, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 169
|
PNG image data, 600 x 122, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 170
|
PNG image data, 1 x 250, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 171
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x371, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 172
|
JPEG image data, baseline, precision 8, 500x404, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 173
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 500x405, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 174
|
gzip compressed data, from Unix, original size modulo 2^32 14785
|
dropped
|
||
|
Chrome Cache Entry: 175
|
gzip compressed data, from Unix, original size modulo 2^32 66191
|
downloaded
|
||
|
Chrome Cache Entry: 176
|
PNG image data, 690 x 692, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 177
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 178
|
JPEG image data, baseline, precision 8, 500x356, components 1
|
dropped
|
||
|
Chrome Cache Entry: 179
|
HTML document, Unicode text, UTF-8 text, with very long lines (941)
|
downloaded
|
||
|
Chrome Cache Entry: 180
|
JPEG image data, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 500x367, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 181
|
gzip compressed data, from Unix, original size modulo 2^32 278424
|
downloaded
|
||
|
Chrome Cache Entry: 182
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 183
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=11, manufacturer=NIKON CORPORATION, model=NIKON D90, orientation=upper-left, xresolution=174, yresolution=182,
resolutionunit=2, software=GIMP 2.8.6, datetime=2013:07:31 09:53:37, GPS-Data], progressive, precision 8, 680x1024, components
3
|
dropped
|
||
|
Chrome Cache Entry: 184
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=2], baseline, precision 8, 500x384, components 3
|
dropped
|
||
|
Chrome Cache Entry: 185
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 186
|
gzip compressed data, from Unix, original size modulo 2^32 25578
|
downloaded
|
||
|
Chrome Cache Entry: 187
|
JPEG image data, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 500x371, components 1
|
dropped
|
||
|
Chrome Cache Entry: 188
|
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 189
|
PNG image data, 420 x 490, 8-bit/color RGB, interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 190
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
little-endian, direntries=12, height=2448, manufacturer=SAMSUNG, model=GT-I9100, orientation=upper-left, xresolution=208,
yresolution=216, resolutionunit=2, software=I9100XWKG1, datetime=2014:02:01 11:05:51, width=3264], baseline, precision 8,
1024x768, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 191
|
JPEG image data, baseline, precision 8, 400x500, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 192
|
gzip compressed data, from Unix, original size modulo 2^32 13527
|
downloaded
|
||
|
Chrome Cache Entry: 193
|
JPEG image data, baseline, precision 8, 500x383, components 3
|
dropped
|
||
|
Chrome Cache Entry: 194
|
gzip compressed data, from Unix, original size modulo 2^32 15198
|
downloaded
|
||
|
Chrome Cache Entry: 195
|
GIF image data, version 89a, 99 x 55
|
dropped
|
||
|
Chrome Cache Entry: 196
|
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 197
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 198
|
JPEG image data, baseline, precision 8, 400x500, components 1
|
dropped
|
||
|
Chrome Cache Entry: 199
|
JPEG image data, baseline, precision 8, 500x377, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 200
|
PNG image data, 88 x 31, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 201
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 490x490, segment length 16, comment: "File source: http://commons.wikimedia.org/wiki/File:Unknown_Early_American_Football_Team.jpg",
baseline, precision 8, 592x480, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 202
|
PNG image data, 50 x 500, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 203
|
PNG image data, 348 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 204
|
JPEG image data, baseline, precision 8, 500x356, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 205
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 206
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=2], baseline, precision 8, 500x384, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 207
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 208
|
JPEG image data, baseline, precision 8, 499x408, components 1
|
dropped
|
||
|
Chrome Cache Entry: 209
|
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 210
|
JPEG image data, JFIF standard 1.00, resolution (DPI), density 120x120, segment length 16, comment: "LEAD Technologies Inc.
V1.01", baseline, precision 8, 987x481, components 3
|
dropped
|
||
|
Chrome Cache Entry: 213
|
PNG image data, 50 x 500, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 214
|
JPEG image data, baseline, precision 8, 640x469, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 216
|
gzip compressed data, from Unix, original size modulo 2^32 14785
|
downloaded
|
||
|
Chrome Cache Entry: 217
|
PNG image data, 88 x 31, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 218
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 219
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 220
|
PNG image data, 500 x 203, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 221
|
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 222
|
JPEG image data, baseline, precision 8, 640x465, components 1
|
dropped
|
||
|
Chrome Cache Entry: 223
|
PNG image data, 102 x 85, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 224
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x370, components
1
|
downloaded
|
||
|
Chrome Cache Entry: 225
|
JPEG image data, baseline, precision 8, 500x365, components 1
|
dropped
|
||
|
Chrome Cache Entry: 226
|
JPEG image data, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 500x367, components 1
|
dropped
|
||
|
Chrome Cache Entry: 227
|
JPEG image data, baseline, precision 8, 640x465, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 228
|
GIF image data, version 89a, 99 x 55
|
downloaded
|
||
|
Chrome Cache Entry: 229
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=2], baseline, precision 8, 499x309, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 230
|
gzip compressed data, from Unix, original size modulo 2^32 19672
|
downloaded
|
||
|
Chrome Cache Entry: 231
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 232
|
gzip compressed data, from Unix, original size modulo 2^32 67199
|
downloaded
|
||
|
Chrome Cache Entry: 233
|
GIF image data, version 89a, 81 x 1
|
dropped
|
||
|
Chrome Cache Entry: 234
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 235
|
gzip compressed data, from Unix, original size modulo 2^32 8379
|
downloaded
|
||
|
Chrome Cache Entry: 236
|
PNG image data, 188 x 76, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 237
|
PNG image data, 50 x 500, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 238
|
gzip compressed data, from Unix, original size modulo 2^32 8941
|
downloaded
|
||
|
Chrome Cache Entry: 239
|
PNG image data, 320 x 68, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 240
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 241
|
PNG image data, 50 x 500, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 242
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 243
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
little-endian, direntries=12, height=2448, manufacturer=SAMSUNG, model=GT-I9100, orientation=upper-left, xresolution=208,
yresolution=216, resolutionunit=2, software=I9100XWKG1, datetime=2014:02:01 15:57:46, width=3264], baseline, precision 8,
1024x768, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 244
|
ASCII text, with very long lines (57791)
|
downloaded
|
||
|
Chrome Cache Entry: 246
|
JPEG image data, baseline, precision 8, 500x360, components 1
|
dropped
|
||
|
Chrome Cache Entry: 247
|
PNG image data, 268 x 100, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 248
|
HTML document, ASCII text, with very long lines (626)
|
downloaded
|
||
|
Chrome Cache Entry: 249
|
JPEG image data, baseline, precision 8, 640x461, components 1
|
dropped
|
||
|
Chrome Cache Entry: 250
|
PNG image data, 429 x 175, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 251
|
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 252
|
PNG image data, 400 x 12, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 253
|
PNG image data, 1112 x 257, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 254
|
gzip compressed data, from Unix, original size modulo 2^32 14423
|
downloaded
|
||
|
Chrome Cache Entry: 255
|
PNG image data, 50 x 500, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 256
|
JPEG image data, baseline, precision 8, 500x369, components 1
|
dropped
|
||
|
Chrome Cache Entry: 257
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=140, yresolution=148, resolutionunit=2, software=Adobe Photoshop
CS Macintosh, datetime=2009:01:16 10:44:52], baseline, precision 8, 622x320, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 258
|
gzip compressed data, from Unix, original size modulo 2^32 9450
|
downloaded
|
||
|
Chrome Cache Entry: 259
|
JPEG image data, baseline, precision 8, 500x394, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 260
|
gzip compressed data, from Unix, original size modulo 2^32 11534
|
downloaded
|
||
|
Chrome Cache Entry: 261
|
gzip compressed data, from Unix, original size modulo 2^32 278424
|
dropped
|
||
|
Chrome Cache Entry: 262
|
PNG image data, 448 x 92, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 263
|
JPEG image data, baseline, precision 8, 640x469, components 1
|
dropped
|
||
|
Chrome Cache Entry: 264
|
ASCII text, with very long lines (20831)
|
downloaded
|
||
|
Chrome Cache Entry: 265
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=2], baseline, precision 8, 499x309, components 3
|
dropped
|
||
|
Chrome Cache Entry: 266
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
little-endian, direntries=12, height=2448, manufacturer=SAMSUNG, model=GT-I9100, orientation=upper-left, xresolution=208,
yresolution=216, resolutionunit=2, software=I9100XWKG1, datetime=2014:02:01 11:05:51, width=3264], baseline, precision 8,
1024x768, components 3
|
dropped
|
||
|
Chrome Cache Entry: 267
|
JPEG image data, baseline, precision 8, 393x500, components 3
|
dropped
|
||
|
Chrome Cache Entry: 268
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 269
|
JPEG image data, baseline, precision 8, 640x441, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 270
|
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 271
|
PNG image data, 86 x 75, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 272
|
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 273
|
PNG image data, 84 x 84, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 274
|
PNG image data, 50 x 500, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 275
|
JPEG image data, baseline, precision 8, 500x369, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 276
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 277
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 278
|
ASCII text, with very long lines (57791)
|
dropped
|
||
|
Chrome Cache Entry: 280
|
PNG image data, 600 x 122, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 281
|
PNG image data, 50 x 500, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 282
|
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 283
|
PNG image data, 88 x 31, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 284
|
PNG image data, 188 x 76, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 285
|
PNG image data, 50 x 500, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 286
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x371, components
3
|
dropped
|
||
|
Chrome Cache Entry: 288
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 289
|
PNG image data, 50 x 500, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 290
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
little-endian, direntries=12, height=2448, manufacturer=SAMSUNG, model=GT-I9100, orientation=upper-left, xresolution=208,
yresolution=216, resolutionunit=2, software=I9100XWKG1, datetime=2014:02:01 17:50:11, width=3264], baseline, precision 8,
1024x768, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 291
|
PNG image data, 1 x 250, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 292
|
gzip compressed data, from Unix, original size modulo 2^32 6625
|
dropped
|
||
|
Chrome Cache Entry: 293
|
JPEG image data, baseline, precision 8, 400x500, components 3
|
dropped
|
||
|
Chrome Cache Entry: 294
|
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 295
|
gzip compressed data, from Unix, original size modulo 2^32 10441
|
dropped
|
||
|
Chrome Cache Entry: 296
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 297
|
gzip compressed data, from Unix, original size modulo 2^32 42020
|
downloaded
|
||
|
Chrome Cache Entry: 298
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 299
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 300
|
JPEG image data, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 500x371, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 301
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 302
|
PNG image data, 84 x 84, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 303
|
gzip compressed data, from Unix, original size modulo 2^32 25578
|
dropped
|
||
|
Chrome Cache Entry: 304
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
little-endian, direntries=12, height=2448, manufacturer=SAMSUNG, model=GT-I9100, orientation=upper-left, xresolution=208,
yresolution=216, resolutionunit=2, software=I9100XWKG1, datetime=2014:02:01 15:57:46, width=3264], baseline, precision 8,
1024x768, components 3
|
dropped
|
||
|
Chrome Cache Entry: 305
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 490x490, segment length 16, comment: "File source: http://commons.wikimedia.org/wiki/File:Unknown_Early_American_Football_Team.jpg",
baseline, precision 8, 592x480, components 1
|
dropped
|
||
|
Chrome Cache Entry: 306
|
PNG image data, 268 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 307
|
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 308
|
gzip compressed data, from Unix, original size modulo 2^32 6789
|
downloaded
|
||
|
Chrome Cache Entry: 309
|
JPEG image data, JFIF standard 1.00, resolution (DPI), density 120x120, segment length 16, comment: "LEAD Technologies Inc.
V1.01", baseline, precision 8, 987x481, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 310
|
JPEG image data, baseline, precision 8, 500x365, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 311
|
PNG image data, 88 x 31, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 312
|
PNG image data, 348 x 100, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 313
|
PNG image data, 102 x 85, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 314
|
gzip compressed data, from Unix, original size modulo 2^32 63214
|
downloaded
|
||
|
Chrome Cache Entry: 315
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 639x497, components 1
|
dropped
|
||
|
Chrome Cache Entry: 316
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 639x497, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 317
|
gzip compressed data, from Unix, original size modulo 2^32 9021
|
downloaded
|
||
|
Chrome Cache Entry: 318
|
gzip compressed data, from Unix, original size modulo 2^32 10441
|
downloaded
|
||
|
Chrome Cache Entry: 319
|
gzip compressed data, from Unix, original size modulo 2^32 6625
|
downloaded
|
||
|
Chrome Cache Entry: 320
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 640x502, components
3
|
dropped
|
||
|
Chrome Cache Entry: 321
|
JPEG image data, baseline, precision 8, 500x377, components 1
|
dropped
|
||
|
Chrome Cache Entry: 322
|
ASCII text, with very long lines (20831)
|
dropped
|
||
|
Chrome Cache Entry: 323
|
PNG image data, 1000 x 250, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 324
|
gzip compressed data, from Unix, original size modulo 2^32 12626
|
downloaded
|
||
|
Chrome Cache Entry: 325
|
JPEG image data, baseline, precision 8, 640x441, components 3
|
dropped
|
||
|
Chrome Cache Entry: 326
|
JPEG image data, baseline, precision 8, 500x383, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 327
|
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 328
|
ASCII text, with very long lines (65241)
|
dropped
|
||
|
Chrome Cache Entry: 329
|
GIF image data, version 89a, 81 x 1
|
downloaded
|
||
|
Chrome Cache Entry: 330
|
PNG image data, 50 x 500, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 331
|
gzip compressed data, from Unix, original size modulo 2^32 8941
|
dropped
|
||
|
Chrome Cache Entry: 332
|
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 333
|
PNG image data, 400 x 12, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 334
|
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 335
|
ASCII text
|
dropped
|
||
|
Chrome Cache Entry: 336
|
PNG image data, 500 x 203, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 337
|
JPEG image data, baseline, precision 8, 640x461, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 338
|
JPEG image data, baseline, precision 8, 499x408, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 339
|
PNG image data, 50 x 500, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 340
|
PNG image data, 429 x 175, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 341
|
gzip compressed data, from Unix, original size modulo 2^32 1030
|
downloaded
|
||
|
Chrome Cache Entry: 342
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 343
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 344
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 345
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 346
|
ASCII text, with very long lines (15261)
|
downloaded
|
||
|
Chrome Cache Entry: 347
|
PNG image data, 320 x 68, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 348
|
ASCII text, with very long lines (65241)
|
downloaded
|
||
|
Chrome Cache Entry: 349
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 350
|
JPEG image data, baseline, precision 8, 500x394, components 3
|
dropped
|
||
|
Chrome Cache Entry: 351
|
JPEG image data, baseline, precision 8, 500x360, components 1
|
downloaded
|
||
|
Chrome Cache Entry: 352
|
PNG image data, 50 x 500, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 353
|
JPEG image data, baseline, precision 8, 400x500, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 354
|
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 355
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 500x408, components 3
|
dropped
|
||
|
Chrome Cache Entry: 356
|
PNG image data, 717 x 340, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 357
|
gzip compressed data, from Unix, original size modulo 2^32 63214
|
dropped
|
||
|
Chrome Cache Entry: 358
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 359
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 360
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
little-endian, direntries=12, height=2448, manufacturer=SAMSUNG, model=GT-I9100, orientation=upper-left, xresolution=208,
yresolution=216, resolutionunit=2, software=I9100XWKG1, datetime=2014:02:01 11:45:19, width=3264], baseline, precision 8,
1024x768, components 3
|
dropped
|
||
|
Chrome Cache Entry: 361
|
ASCII text, with very long lines (65324)
|
downloaded
|
||
|
Chrome Cache Entry: 362
|
gzip compressed data, from Unix, original size modulo 2^32 14373
|
downloaded
|
||
|
Chrome Cache Entry: 363
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106,
resolutionunit=2, software=Adobe Photoshop CS6 (Macintosh), datetime=2013:03:20 18:05:09], baseline, precision 8, 650x500,
components 3
|
dropped
|
||
|
Chrome Cache Entry: 364
|
PNG image data, 1000 x 250, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 365
|
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 500x405, components 3
|
dropped
|
||
|
Chrome Cache Entry: 366
|
JPEG image data, baseline, precision 8, 393x500, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 369
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 370
|
OpenDocument Presentation
|
downloaded
|
||
|
Chrome Cache Entry: 371
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 372
|
PNG image data, 448 x 92, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 373
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 374
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
downloaded
|
There are 223 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2012,i,17728066232561628691,17064003877230757809,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ucb.openoffice.org/"
|
||
|
C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\user\Downloads\ucb-overview.odp" /ou ""
|
||
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "0FFA3B2E-90CB-4145-9304-4EF460D32A32"
"0FA07480-B109-47D9-8792-7D27384370A1" "5852" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ucb.openoffice.org/
|
|||
|
https://www.apache.org/foundation/sponsorship.html
|
unknown
|
||
|
https://openoffice.apache.org/images/blog/an_apache_openoffice_timeline_email.png
|
151.101.2.132
|
||
|
http://cdn.knightlab.com/libs/timeline/latest/embed/index.html?source=0ApXDQB3bRocRdHd6OEVOeHVRTHBFQ
|
unknown
|
||
|
http://wiki.openoffice.org/wiki/Main_Page
|
unknown
|
||
|
https://useraudit.o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
http://markmail.org/message/oikdeetzc4ntlcgx
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
http://www.openoffice.org/images/sourceforge.png
|
65.108.131.22
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://farm4.staticflickr.com/3305/3595197971_77e49c61af_z.jpg?zz=1
|
3.161.76.68
|
||
|
https://live.staticflickr.com/4143/4858565516_f9e949e13a.jpg
|
3.161.76.68
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://farm3.staticflickr.com/2558/5832169030_25b99770a8.jpg
|
3.161.76.68
|
||
|
https://github.com/twbs/bootstrap/graphs/contributors)
|
unknown
|
||
|
http://robertogaloppini.net/2016/01/12/about-contributing-to-apache-openoffice/
|
unknown
|
||
|
https://openoffice.apache.org/images/blog/presentations_and_videos_from_fosdem_fosdem2014c-1024.jpeg
|
151.101.2.132
|
||
|
https://www.yammer.com
|
unknown
|
||
|
https://openoffice.apache.org/images/blog/21_million_per_day_world.jpeg
|
151.101.2.132
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://farm3.staticflickr.com/2177/2179849362_af4b0f1a48.jpg
|
3.161.76.68
|
||
|
https://messagebroker.mobile.m365.svc.cloud.microsoft
|
unknown
|
||
|
http://mail-archives.apache.org/mod_mbox/openoffice-users/201211.mbox/%3CCAP-ksogYeEC79xRSg4bFdQULro
|
unknown
|
||
|
http://mail-archives.apache.org
|
unknown
|
||
|
https://edge.skype.com/registrar/prod
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
http://www.openoffice.org/download/globalvars.js
|
65.108.131.22
|
||
|
https://tasks.office.com
|
unknown
|
||
|
http://www.openoffice.org/product/icons/impress.png
|
65.108.131.22
|
||
|
https://www.opengraph.xyz
|
unknown
|
||
|
https://my.microsoftpersonalcontent.com
|
unknown
|
||
|
https://flickr.com/e/FCOUzkm02FXLPZldq%2FM6Zj5UzK19dnfQF1RJbcTq0Zg%3D
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://www.flickr.com/photos/nationaalarchief/4681460753/
|
unknown
|
||
|
https://edge.skype.com/rps
|
unknown
|
||
|
http://www.openoffice.org/support/lightfade.gif
|
65.108.131.22
|
||
|
https://www.openoffice.org/support/
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://farm6.staticflickr.com/5013/5497263332_28b6b615be.jpg
|
3.161.76.68
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
http://www.openoffice.org/support/book.gif
|
65.108.131.22
|
||
|
https://graph.windows.net
|
unknown
|
||
|
http://www.freebsd.org/
|
unknown
|
||
|
https://consent.config.office.com/consentcheckin/v1.0/consents
|
unknown
|
||
|
https://flickr.com/e/gqVU76JHINDf8VZTOzSqMTmYfUntiXQyyrfxfdV3zUc%3D
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://flickr.com/e/noxq%2FUwiabBpRuDPnJAt1sbhN71jM3SsT2xgnu2aE8g%3D
|
unknown
|
||
|
https://www.flickr.com/photos/statelibraryofnsw/5882587233/
|
unknown
|
||
|
https://d.docs.live.net
|
unknown
|
||
|
https://flickr.com/e/IP3p08tm4x4KSL4DWi2SGuozRa77ZDUM9GaEZYFHomQ%3D
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
http://www.openoffice.org/ucb/docs/ucb-overview.odp
|
65.108.131.22
|
||
|
http://www.openoffice.org/product/icons/draw.png
|
65.108.131.22
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
http://wiki.openoffice.org/wiki/Documentation
|
unknown
|
||
|
https://www.flickr.com/photos/nlireland/7057077503/
|
unknown
|
||
|
https://people.apache.org/~pescetti/blog/2014-12-review/timeline.png
|
3.239.19.33
|
||
|
http://s.apache.org/openoffice-aceu2012-day-1
|
unknown
|
||
|
http://s.apache.org/openoffice-aceu2012-day-2
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
http://s.apache.org/openoffice-aceu2012-day-3
|
unknown
|
||
|
https://pushchannel.1drv.ms
|
unknown
|
||
|
http://www.openoffice.org/favicon.ico
|
65.108.131.22
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://www.flickr.com/photos/101590593
|
unknown
|
||
|
https://www.flickr.com/photos/library_of_virginia/3595197971/
|
unknown
|
||
|
http://s.apache.org/mx
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
http://www.marketwire.com/press-release/statements-on-openofficeorg-contribution-to-apache-nasdaq-or
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://extensions.openoffice.org/
|
unknown
|
||
|
https://sourceforge.net/
|
unknown
|
||
|
http://www.openoffice.org/images/logo-twitter-16.png
|
65.108.131.22
|
||
|
https://templates.openoffice.org/
|
unknown
|
||
|
http://www.openoffice.org/images/logo-rss-32.png
|
65.108.131.22
|
||
|
https://login.microsoftonline.com
|
unknown
|
||
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
||
|
https://www.apache.org/foundation/press/kit/feather.svg
|
151.101.2.132
|
||
|
https://www.openoffice.org/donations.html
|
unknown
|
||
|
http://www.openoffice.org/product/icons/writer.png
|
65.108.131.22
|
||
|
https://www.openoffice.org/download/
|
unknown
|
||
|
http://www.openoffice.org/images/logo-rss-16.png
|
65.108.131.22
|
||
|
http://www.openoffice.org/images/action-bg.png
|
65.108.131.22
|
||
|
https://openoffice.apache.org/images/blog/visualizing_the_aoo_dev_list_Dev_list_graph.png
|
151.101.2.132
|
||
|
https://service.powerapps.com
|
unknown
|
||
|
https://devnull.onenote.com
|
unknown
|
||
|
https://forum.openoffice.org/
|
unknown
|
||
|
https://farm8.staticflickr.com/7264/7496403768_aaed964939.jpg
|
3.161.76.68
|
||
|
http://www.openoffice.org/css/ooo.css
|
65.108.131.22
|
||
|
https://farm8.staticflickr.com/7135/7494447314_9c83562037.jpg
|
3.161.76.68
|
||
|
http://www.openoffice.org/download/cachedimages/button-green-top.png
|
65.108.131.22
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
||
|
https://skyapi.live.net/Activity/
|
unknown
|
||
|
https://www.apache.org/foundation/thanks.html
|
unknown
|
||
|
https://api.cortana.ai
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
d3j7xsc0vda5xv.cloudfront.net
|
3.161.76.68
|
||
|
farm3.static.flickr.com
|
3.161.76.68
|
||
|
openoffice.apache.org
|
151.101.2.132
|
||
|
aoo-extensions.sf.net
|
204.68.111.101
|
||
|
cwiki.apache.org
|
135.181.16.82
|
||
|
blogs.apache.org
|
178.156.132.205
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
www.apache.org
|
151.101.2.132
|
||
|
people.apache.org
|
3.239.19.33
|
||
|
www.google.com
|
216.58.206.68
|
||
|
apache.org
|
151.101.2.132
|
||
|
farm4.static.flickr.com
|
3.161.76.68
|
||
|
www.w3.org
|
104.18.22.19
|
||
|
tlpserver-he-fi.apache.org
|
65.108.131.22
|
||
|
extensions.openoffice.org
|
unknown
|
||
|
farm5.staticflickr.com
|
unknown
|
||
|
www.openoffice.org
|
unknown
|
||
|
live.staticflickr.com
|
unknown
|
||
|
ucb.openoffice.org
|
unknown
|
||
|
farm3.staticflickr.com
|
unknown
|
||
|
farm7.staticflickr.com
|
unknown
|
||
|
www.apachecon.com
|
unknown
|
||
|
farm8.staticflickr.com
|
unknown
|
||
|
farm2.staticflickr.com
|
unknown
|
||
|
farm4.staticflickr.com
|
unknown
|
||
|
farm6.staticflickr.com
|
unknown
|
There are 17 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
178.156.132.205
|
blogs.apache.org
|
Romania
|
||
|
65.108.131.22
|
tlpserver-he-fi.apache.org
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
104.18.22.19
|
www.w3.org
|
United States
|
||
|
216.58.206.68
|
www.google.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
184.28.90.27
|
unknown
|
United States
|
||
|
151.101.2.132
|
openoffice.apache.org
|
United States
|
||
|
3.239.19.33
|
people.apache.org
|
United States
|
||
|
3.161.76.68
|
d3j7xsc0vda5xv.cloudfront.net
|
United States
|
There are 1 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\POWERPNT\5852
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
<"0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
j"0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\powerpoint
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\powerpoint
|
EcsRequestPending
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\powerpoint
|
SubscriptionCustomerLicenseInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\WEF
|
PowerPoint_RequireForceRefreshAtBoot
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\DocumentRecovery\3E12B
|
3E12B
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Options
|
AppMaximized
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Options
|
Top
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Options
|
Left
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Options
|
Bottom
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Options
|
Right
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
9%0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
!&0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
&0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\DocumentRecovery\3E438
|
3E438
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Options
|
ShowSuggestionDialog
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
FOLDERID_Desktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
FOLDERID_Documents
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Place MRU
|
FOLDERID_Desktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Place MRU
|
FOLDERID_Documents
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\TeachingCallouts
|
AccCheckerStatusBarTeachingCallout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML
|
KnownIDs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor
|
Description
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\htmlfile
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\htmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML
|
KnownIDs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor
|
Description
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\mhtmlfile
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\mhtmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\powerpoint
|
BuildNumber
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.9
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.10
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.11
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.13
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.14
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.16
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.17
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.18
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.19
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.20
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.21
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.22
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.23
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.24
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.25
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
1.26
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
VersionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint
|
ETag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint
|
DeferredConfigs
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint
|
ConfigIds
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTimePowerPoint
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTimePowerPoint
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\BootTimeSkuOverride
|
{9E73CEA4-29D0-4D16-8FB9-5AB17387C960}
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\CachedLicenseData
|
powerpnt.exe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Security\FileBlock
|
FileTypeBlockList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Security\FileBlock
|
OoxmlConverterBlockList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint
|
PowerPointName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet
|
msoridShouldUseReauthRequestProxy
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\POWERPNT\5852
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\POWERPNT\5852
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\DocumentRecovery\3E12B
|
3E12B
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
j"0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\POWERPNT\5852
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
9%0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\DocumentRecovery\3E438
|
3E438
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--syslcid=8192&build=16.0.16827&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
LicenseCategoryInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
|
LicenseSKUInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
&0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
&0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\POWERPNT\5852
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 20
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\htmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\mhtmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\powerpoint
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\POWERPNT\5852
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\POWERPNT\5852
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\POWERPNT\5852
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
LastClean
|
There are 306 hidden registries, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
http://www.openoffice.org/ucb/
|
||
|
http://www.openoffice.org/download/index.html
|
||
|
http://www.openoffice.org/download/index.html
|
||
|
http://www.openoffice.org/support/index.html
|
||
|
http://www.openoffice.org/product/index.html
|
||
|
https://openoffice.apache.org/blogpage.html
|
||
|
https://openoffice.apache.org/blogpage.html
|
||
|
https://openoffice.apache.org/blog/announcing-apache-openoffice-4-1-15.html
|
||
|
https://openoffice.apache.org/blog/announcing-apache-openoffice-4-1-15.html
|
||
|
http://www.openoffice.org/extensions/index.html
|
||
|
https://openoffice.apache.org/get-involved.html
|
||
|
http://www.openoffice.org/projects/accepted.html
|
||
|
http://www.openoffice.org/
|
||
|
http://www.openoffice.org/projects/native-lang.html
|
There are 4 hidden doms, click here to show them.