IOC Report
SUNLIGHT ORDER.xls

loading gif

Files

File Path
Type
Category
Malicious
SUNLIGHT ORDER.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Oct 21 06:17:53 2024, Security: 1
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\greatthingswithgreatideasgivenmerestthignstgood[1].hta
HTML document, ASCII text, with very long lines (8880), with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\SUNLIGHT ORDER.xls (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Oct 21 12:16:12 2024, Security: 1
dropped
malicious
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\41B7A260.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4CC84B02.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5C657EE1.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\70EB0497.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7409B1B.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\85AE176E.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8ECA0FC5.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\92EDB1BD.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\9A6981D4.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A716F5F.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\AFD9942D.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Temp\~DF158845498119A1F7.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF1EAE3FF2EBD13FDB.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFCA59669636BABDC8.TMP
data
dropped
C:\Users\user\Desktop\0D840000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Oct 21 12:16:12 2024, Security: 1
dropped
C:\Users\user\Desktop\0D840000:Zone.Identifier
ASCII text, with CRLF line terminators
modified
There are 10 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
malicious
C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe -Embedding
malicious
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\SUNLIGHT ORDER.xls"
malicious
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288

URLs

Name
IP
Malicious
https://rdt.li/1JVeT9?&demur=lean&venom=good&angora=fast&epee=tightfisted&pocket=obscene&methodology=enthusiastic&flintlock=flippant&pilot=moaning&company
76.76.21.22
https://rdt.li/1JVeT9?&demur=lean&venom=good&angora=fast&epee=tightfisted&pocket=obscene&methodology
unknown
https://rdt.li/1JVeT9?&demur=lean&venom=
unknown

Domains

Name
IP
Malicious
rdt.li
76.76.21.22
s-part-0017.t-0009.t-msedge.net
13.107.246.45

IPs

IP
Domain
Country
Malicious
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
76.76.21.22
rdt.li
United States
172.245.123.45
unknown
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
fr-FR
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
l+5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML
KnownIDs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor
Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\ShellEx\IconHandler
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML
KnownIDs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor
Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\ShellEx\IconHandler
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command
NULL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookOpenedCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\36822
36822
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ExdCache\Excel8.0
MSForms
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ExdCache\Excel8.0
MSComctlLib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
EnableActiveXControlArchitetureIndependent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
EnableActiveXControlMSWebBrowserArchiteturePersistenceIssue
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1036&uilcid=1033&build=16.0.16827&crev=3
Last
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1036&uilcid=1033&build=16.0.16827&crev=3\0
FilePath
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1036&uilcid=1033&build=16.0.16827&crev=3\0
StartDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1036&uilcid=1033&build=16.0.16827&crev=3\0
EndDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1036&uilcid=1033&build=16.0.16827&crev=3\0
Properties
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1036&uilcid=1033&build=16.0.16827&crev=3\0
Url
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSAllCategories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Security\FileBlock
FileTypeBlockList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Security\FileBlock
OoxmlConverterBlockList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\FileIO
FileActivityStoreVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
4d5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.7
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.9
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.10
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.11
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.13
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.14
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.16
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.17
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.18
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.19
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.20
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.21
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.22
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.23
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.24
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.25
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.26
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.27
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.28
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
0.29
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
ETag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
ConfigIds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
MsaDevice
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\IOAV
LastBootTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSAllCategories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
excel.exe_queried
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSAllCategories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\491FC
4920C
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-GB
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelPreviousSessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
SessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default Editor\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\ShellEx\IconHandler
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default Editor\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\ShellEx\IconHandler
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command
NULL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookOpenedCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache
LastClean
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTimeExcel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTimeExcel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
VersionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
Expires
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
DeferredConfigs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\IOAV
LastBootTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookOpenedCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
excel.exe_queried
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Signals\Stats\Anonymous\Microsoft.Excel.Workbook
ClicksData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\5076
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe
JScriptSetScriptStateStarted
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe
JScriptSetScriptStateStarted
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe
JScriptSetScriptStateStarted
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe
JScriptSetScriptStateStarted
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\6960
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
v{
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
g~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\49A68
49A78
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\49BC0
49BC0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSTagIds2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
ULSAllCategories
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 21
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
fr-FR
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-CH
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
fr-FR
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookOpenedCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelPreviousSessionId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\6960
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\6960
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\49A68
49A78
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookOpenedCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\6960
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\6960
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\6960
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\6960
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\6960
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\6960
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\6960
0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 5
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 7
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 9
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 10
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 11
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 13
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 14
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 16
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 17
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 18
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 19
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\File MRU
Item 20
There are 399 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
29AD000
heap
page read and write
29A4000
heap
page read and write
4A36000
heap
page read and write
29A4000
heap
page read and write
4F5F000
stack
page read and write
2F40000
heap
page read and write
50000
remote allocation
page read and write
29A4000
heap
page read and write
505F000
stack
page read and write
509E000
stack
page read and write
4A30000
heap
page read and write
4E3E000
stack
page read and write
2A75000
heap
page read and write
4BA0000
heap
page read and write
2900000
heap
page read and write
29A4000
heap
page read and write
4E50000
heap
page read and write
29A4000
heap
page read and write
2F10000
heap
page read and write
28FB000
stack
page read and write
297B000
heap
page read and write
4E54000
heap
page read and write
519F000
stack
page read and write
6F370000
trusted library allocation
page execute read
4A34000
heap
page read and write
2938000
heap
page read and write
4B40000
heap
page read and write
4C00000
heap
page read and write
25A0000
remote allocation
page read and write
2930000
heap
page read and write
25B0000
remote allocation
page read and write
29A4000
heap
page read and write
2EE0000
trusted library allocation
page read and write
29A4000
heap
page read and write
4BEE000
stack
page read and write
25F0000
heap
page read and write
2993000
heap
page read and write
40000
remote allocation
page read and write
256A000
stack
page read and write
29A4000
heap
page read and write
4A3F000
heap
page read and write
28EF000
stack
page read and write
29BE000
heap
page read and write
2A70000
heap
page read and write
There are 34 hidden memdumps, click here to show them.