|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D C2 19 00 00 C9 10 03 78 36 34 C5 11 84 16 D2 12
0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80 04 C9 18 08 32 33 30 38 2D 41 75
67 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
CantBootResolution
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
| Value name: |
CantBootResolution
|
| Value data: |
BootSuccess
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
ProfileBeingOpened
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
| Value name: |
ProfileBeingOpened
|
| Value data: |
NoEmail
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
SessionId
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
| Value name: |
SessionId
|
| Value data: |
AD275963-73A2-4482-9119-A1976BEDB513
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
BootDiagnosticsLogFile
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
| Value name: |
BootDiagnosticsLogFile
|
| Value data: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250116T0707480630-5368.etl
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
|
OutlookBootFlag
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
|
| Value name: |
OutlookBootFlag
|
| Value data: |
1
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
%0.
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
| Value name: |
%0.
|
| Value data: |
25 30 2E 00 04 0B 00 00 01 00 00 00 00 00 00 00 1F 0A 63 50 0F 68 DB 01 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
SessionId
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
| Value name: |
SessionId
|
| Value data: |
7EF99101-3B8A-4B94-9547-D7C385FA40D2
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
ProfileBeingOpened
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
| Value name: |
ProfileBeingOpened
|
| Value data: |
NoEmail
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
| Value name: |
Accounts
|
| Value data: |
[{"scope":"global","userUpn":"","accountAge":0,"timestamp":0,"anchorMailbox":"","primarySmtp":"","roamingStatus":"GLOBALANDACCOUNTUNVERIFIED","ownerType":"UNKNOWN"}]
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing
|
EligibleForExtendedGrace
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing
|
| Value name: |
EligibleForExtendedGrace
|
| Value data: |
1
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
| Value name: |
PageSize
|
| Value data: |
A4
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
| Value name: |
Template
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
WMACUpdated
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
| Value name: |
WMACUpdated
|
| Value data: |
38
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
|
DefaultKerningLigatures
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options
|
| Value name: |
DefaultKerningLigatures
|
| Value data: |
1
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4612
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
| Value name: |
@%SystemRoot%\system32\mlang.dll,-4612
|
| Value data: |
Western European (Windows)
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
NULL
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
| Value name: |
NULL
|
| Value data: |
NU LL
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
HyphenationFiles_3082
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
| Value name: |
HyphenationFiles_3082
|
| Value data: |
1513095169
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
000b046b
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
| Value name: |
000b046b
|
| Value data: |
00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
BootDiagnosticsLogFile
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
| Value name: |
BootDiagnosticsLogFile
|
| Value data: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250116T0708110674-2820.etl
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
CantBootResolution
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
| Value name: |
CantBootResolution
|
| Value data: |
BootSuccess
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountSignaturesDialogOpen
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
| Value name: |
global_AccountSignaturesDialogOpen
|
| Value data: |
{"name":"AccountSignaturesDialogOpen","itemClass":"","id":"","scope":"global","parentSetting":"","secondaryKey":"","status":"PENDINGSYNC","type":"Bool","timestamp":0,"metadata":"","value":"false","isFirstSync":"true","source":"UserOverride"}
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
c:.
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
| Value name: |
c:.
|
| Value data: |
63 3A 2E 00 04 0B 00 00 02 00 00 00 00 00 00 00 0A A8 06 52 0F 68 DB 01 F8 00 00 00 01 00 00 00 A2 00 00 00 4A 00 00 00 63
00 3A 00 5C 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 66 00 69 00 6C 00 65 00 73 00 20 00 28 00 78 00 38 00 36 00
29 00 5C 00 6D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 6F 00 66 00 66 00 69 00 63 00 65 00 5C 00 72 00 6F
00 6F 00 74 00 5C 00 6F 00 66 00 66 00 69 00 63 00 65 00 31 00 36 00 5C 00 61 00 64 00 64 00 69 00 6E 00 73 00 5C 00 63 00
6F 00 6C 00 6C 00 65 00 61 00 67 00 75 00 65 00 69 00 6D 00 70 00 6F 00 72 00 74 00 2E 00 64 00 6C 00 6C 00 00 00 63 00 6F
00 6C 00 6C 00 65 00 61 00 67 00 75 00 65 00 69 00 6D 00 70 00 6F 00 72 00 74 00 2E 00 63 00 6F 00 6C 00 6C 00 65 00 61 00
67 00 75 00 65 00 69 00 6D 00 70 00 6F 00 72 00 74 00 61 00 64 00 64 00 69 00 6E 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin
|
1
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\ColleagueImport.ColleagueImportAddin
|
| Value name: |
1
|
| Value data: |
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1
|
1
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\Microsoft.VbaAddinForOutlook.1
|
| Value name: |
1
|
| Value data: |
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
1;.
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
| Value name: |
1;.
|
| Value data: |
31 3B 2E 00 04 0B 00 00 02 00 00 00 00 00 00 00 09 CF 0D 52 0F 68 DB 01 BC 00 00 00 01 00 00 00 86 00 00 00 2A 00 00 00 63
00 3A 00 5C 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 66 00 69 00 6C 00 65 00 73 00 20 00 28 00 78 00 38 00 36 00
29 00 5C 00 6D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 6F 00 66 00 66 00 69 00 63 00 65 00 5C 00 72 00 6F
00 6F 00 74 00 5C 00 6F 00 66 00 66 00 69 00 63 00 65 00 31 00 36 00 5C 00 6F 00 6E 00 62 00 74 00 74 00 6E 00 6F 00 6C 00
2E 00 64 00 6C 00 6C 00 00 00 6F 00 6E 00 65 00 6E 00 6F 00 74 00 65 00 2E 00 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 61
00 64 00 64 00 69 00 6E 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin
|
1
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin
|
| Value name: |
1
|
| Value data: |
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Office Autorun Keys Modification |
System Summary |
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
!;.
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
| Value name: |
!;.
|
| Value data: |
21 3B 2E 00 04 0B 00 00 02 00 00 00 00 00 00 00 1E 31 10 52 0F 68 DB 01 C2 00 00 00 01 00 00 00 94 00 00 00 22 00 00 00 63
00 3A 00 5C 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 66 00 69 00 6C 00 65 00 73 00 20 00 28 00 78 00 38 00 36 00
29 00 5C 00 6D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 6F 00 66 00 66 00 69 00 63 00 65 00 5C 00 72 00 6F
00 6F 00 74 00 5C 00 6F 00 66 00 66 00 69 00 63 00 65 00 31 00 36 00 5C 00 73 00 6F 00 63 00 69 00 61 00 6C 00 63 00 6F 00
6E 00 6E 00 65 00 63 00 74 00 6F 00 72 00 2E 00 64 00 6C 00 6C 00 00 00 6F 00 73 00 63 00 61 00 64 00 64 00 69 00 6E 00 2E
00 63 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect
|
1
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OscAddin.Connect
|
| Value name: |
1
|
| Value data: |
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
1;.
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
| Value name: |
1;.
|
| Value data: |
31 3B 2E 00 04 0B 00 00 02 00 00 00 00 00 00 00 B8 93 12 52 0F 68 DB 01 B8 00 00 00 01 00 00 00 84 00 00 00 28 00 00 00 63
00 3A 00 5C 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 66 00 69 00 6C 00 65 00 73 00 20 00 28 00 78 00 38 00 36 00
29 00 5C 00 6D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 6F 00 66 00 66 00 69 00 63 00 65 00 5C 00 72 00 6F
00 6F 00 74 00 5C 00 6F 00 66 00 66 00 69 00 63 00 65 00 31 00 36 00 5C 00 75 00 63 00 61 00 64 00 64 00 69 00 6E 00 2E 00
64 00 6C 00 6C 00 00 00 75 00 63 00 61 00 64 00 64 00 69 00 6E 00 2E 00 6C 00 79 00 6E 00 63 00 61 00 64 00 64 00 69 00 6E
00 2E 00 31 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UCAddin.LyncAddin.1
|
1
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UCAddin.LyncAddin.1
|
| Value name: |
1
|
| Value data: |
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
1;.
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
| Value name: |
1;.
|
| Value data: |
31 3B 2E 00 04 0B 00 00 02 00 00 00 00 00 00 00 B8 93 12 52 0F 68 DB 01 EA 00 00 00 01 00 00 00 A0 00 00 00 3E 00 00 00 63
00 3A 00 5C 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 66 00 69 00 6C 00 65 00 73 00 20 00 28 00 78 00 38 00 36 00
29 00 5C 00 6D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 6F 00 66 00 66 00 69 00 63 00 65 00 5C 00 72 00 6F
00 6F 00 74 00 5C 00 6F 00 66 00 66 00 69 00 63 00 65 00 31 00 36 00 5C 00 61 00 64 00 64 00 69 00 6E 00 73 00 5C 00 75 00
6D 00 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 61 00 64 00 64 00 69 00 6E 00 2E 00 64 00 6C 00 6C 00 00 00 75 00 6D 00 6F
00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 61 00 64 00 64 00 69 00 6E 00 2E 00 66 00 6F 00 72 00 6D 00 72 00 65 00 67 00 69 00
6F 00 6E 00 61 00 64 00 64 00 69 00 6E 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UmOutlookAddin.FormRegionAddin
|
1
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\UmOutlookAddin.FormRegionAddin
|
| Value name: |
1
|
| Value data: |
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
`;.
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
| Value name: |
`;.
|
| Value data: |
60 3B 2E 00 04 0B 00 00 02 00 00 00 00 00 00 00 17 F6 14 52 0F 68 DB 01 BC 00 00 00 01 00 00 00 86 00 00 00 2A 00 00 00 63
00 3A 00 5C 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 66 00 69 00 6C 00 65 00 73 00 20 00 28 00 78 00 38 00 36 00
29 00 5C 00 6D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 6F 00 66 00 66 00 69 00 63 00 65 00 5C 00 72 00 6F
00 6F 00 74 00 5C 00 6F 00 66 00 66 00 69 00 63 00 65 00 31 00 36 00 5C 00 6F 00 6E 00 62 00 74 00 74 00 6E 00 6F 00 6C 00
2E 00 64 00 6C 00 6C 00 00 00 6F 00 6E 00 65 00 6E 00 6F 00 74 00 65 00 2E 00 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 61
00 64 00 64 00 69 00 6E 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
`;.
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
| Value name: |
`;.
|
| Value data: |
60 3B 2E 00 04 0B 00 00 02 00 00 00 00 00 00 00 17 F6 14 52 0F 68 DB 01 C2 00 00 00 01 00 00 00 94 00 00 00 22 00 00 00 63
00 3A 00 5C 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 66 00 69 00 6C 00 65 00 73 00 20 00 28 00 78 00 38 00 36 00
29 00 5C 00 6D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 6F 00 66 00 66 00 69 00 63 00 65 00 5C 00 72 00 6F
00 6F 00 74 00 5C 00 6F 00 66 00 66 00 69 00 63 00 65 00 31 00 36 00 5C 00 73 00 6F 00 63 00 69 00 61 00 6C 00 63 00 6F 00
6E 00 6E 00 65 00 63 00 74 00 6F 00 72 00 2E 00 64 00 6C 00 6C 00 00 00 6F 00 73 00 63 00 61 00 64 00 64 00 69 00 6E 00 2E
00 63 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
`;.
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
| Value name: |
`;.
|
| Value data: |
60 3B 2E 00 04 0B 00 00 02 00 00 00 00 00 00 00 17 F6 14 52 0F 68 DB 01 B8 00 00 00 01 00 00 00 84 00 00 00 28 00 00 00 63
00 3A 00 5C 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 66 00 69 00 6C 00 65 00 73 00 20 00 28 00 78 00 38 00 36 00
29 00 5C 00 6D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 6F 00 66 00 66 00 69 00 63 00 65 00 5C 00 72 00 6F
00 6F 00 74 00 5C 00 6F 00 66 00 66 00 69 00 63 00 65 00 31 00 36 00 5C 00 75 00 63 00 61 00 64 00 64 00 69 00 6E 00 2E 00
64 00 6C 00 6C 00 00 00 75 00 63 00 61 00 64 00 64 00 69 00 6E 00 2E 00 6C 00 79 00 6E 00 63 00 61 00 64 00 64 00 69 00 6E
00 2E 00 31 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
`;.
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Resiliency\StartupItems
|
| Value name: |
`;.
|
| Value data: |
60 3B 2E 00 04 0B 00 00 02 00 00 00 00 00 00 00 17 F6 14 52 0F 68 DB 01 EA 00 00 00 01 00 00 00 A0 00 00 00 3E 00 00 00 63
00 3A 00 5C 00 70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 20 00 66 00 69 00 6C 00 65 00 73 00 20 00 28 00 78 00 38 00 36 00
29 00 5C 00 6D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 6F 00 66 00 66 00 69 00 63 00 65 00 5C 00 72 00 6F
00 6F 00 74 00 5C 00 6F 00 66 00 66 00 69 00 63 00 65 00 31 00 36 00 5C 00 61 00 64 00 64 00 69 00 6E 00 73 00 5C 00 75 00
6D 00 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 61 00 64 00 64 00 69 00 6E 00 2E 00 64 00 6C 00 6C 00 00 00 75 00 6D 00 6F
00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 61 00 64 00 64 00 69 00 6E 00 2E 00 66 00 6F 00 72 00 6D 00 72 00 65 00 67 00 69 00
6F 00 6E 00 61 00 64 00 64 00 69 00 6E 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV5
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
| Value name: |
global_AccountsNeedResyncingWithOwnershipV5
|
| Value data: |
{"name":"AccountsNeedResyncingWithOwnershipV5","itemClass":"","id":"","scope":"global","parentSetting":"","secondaryKey":"","status":"PENDINGSYNC","type":"Bool","timestamp":0,"metadata":"","value":"false","isFirstSync":"true","source":"UserOverride"}
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV4
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
| Value name: |
global_AccountsNeedResyncingWithOwnershipV4
|
| Value data: |
{"name":"AccountsNeedResyncingWithOwnershipV4","itemClass":"","id":"","scope":"global","parentSetting":"","secondaryKey":"","status":"PENDINGSYNC","type":"Bool","timestamp":0,"metadata":"","value":"true","isFirstSync":"true","source":"UserOverride"}
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnershipV3
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
| Value name: |
global_AccountsNeedResyncingWithOwnershipV3
|
| Value data: |
{"name":"AccountsNeedResyncingWithOwnershipV3","itemClass":"","id":"","scope":"global","parentSetting":"","secondaryKey":"","status":"PENDINGSYNC","type":"Bool","timestamp":0,"metadata":"","value":"true","isFirstSync":"true","source":"UserOverride"}
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
global_AccountsNeedResyncingWithOwnership
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings\Data
|
| Value name: |
global_AccountsNeedResyncingWithOwnership
|
| Value data: |
{"name":"AccountsNeedResyncingWithOwnership","itemClass":"","id":"","scope":"global","parentSetting":"","secondaryKey":"","status":"PENDINGSYNC","type":"Bool","timestamp":0,"metadata":"","value":"true","isFirstSync":"true","source":"UserOverride"}
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
NULL
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
| Value name: |
NULL
|
| Value data: |
NU LL
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
| Value name: |
SpellingAndGrammarFiles_1033
|
| Value data: |
1513095169
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
NULL
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
| Value name: |
NULL
|
| Value data: |
NU LL
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
| Value name: |
SpellingAndGrammarFiles_1036
|
| Value data: |
1513095169
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
| Value name: |
SpellingAndGrammarFiles_3082
|
| Value data: |
1513095169
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar
|
WorkDay
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar
|
| Value name: |
WorkDay
|
| Value data: |
124
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
00188011EB91B5A6
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
| Value name: |
00188011EB91B5A6
|
| Value data: |
01 00 00 00 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 E4 89 88 42 B1 A6 9D 40 99 A8 9A 8E A2
16 61 D2 00 00 00 00 02 00 00 00 00 00 10 66 00 00 00 01 00 00 20 00 00 00 80 23 26 5D 52 E9 9B 4E 25 0C ED 28 4C 42 B9 BD
0A 24 52 BA 06 BE 5C 84 A9 AF A2 58 B2 5B A9 51 00 00 00 00 0E 80 00 00 00 02 00 00 20 00 00 00 04 82 BF 4A 85 22 7D 48 DF
48 31 21 D0 24 15 BC 21 EA 0B 89 A0 66 71 AF 51 92 3B FB 50 6C 28 C2 80 00 00 00 5A 8D 0F 0F 9C 15 2A D4 77 BE 56 D1 9A 30
2F CD 95 D6 31 38 B3 F7 15 11 37 B4 A0 18 CE 4E B7 E1 9F 83 53 D1 9C 17 9D 25 BE E1 D0 F2 ED 47 86 99 D2 9E 0B 3E E7 19 13
EC 36 8D E5 14 09 0B ED 75 50 21 C6 DB BA 20 12 0D 7C 5E 29 6C D4 AB 7E 68 BF C7 F1 6B 5C 78 44 82 B4 83 DB 81 FC 4A 4E 3D
F2 B9 59 0E B8 3C 04 DA 99 10 1E 5D 73 1D 1E 6A C7 18 C4 2F E1 03 02 4A 58 0A 6C 23 74 18 A4 F6 40 00 00 00 E4 D7 A5 37 C8
A4 49 E8 C7 21 7A 41 EA 5F 15 B3 17 56 8B D1 9E 7C 55 01 51 03 B8 A4 4A E1 0F E3 1C 4E 26 30 99 08 82 B2 27 D5 EC 9B 1A 3B
CA BE EB D9 45 4D B6 34 F1 86 3B F7 54 78 FB 33 E9 71
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
| Value name: |
MsaDevice
|
| Value data: |
t=GwAWAbuEBAAUbVtUa9wjWgmEIwjX9d7dccnghw8OZgAAECPZWBzegQIN0O2v67gk5kngALS3peuqFlqKeZaqMnnB69tqu17TqIf3PXGuI3nFg/JzQzsegVWmcY53/pjWrwUdff3n0gDyhfnAvcTu95fD54L1TZXKqEIvrPd71xmrCO/37crQy2Y9Y1j9GrNQ9cNOdrV7jRGnCEiZCUuR+ZOH+csq+S/OPc6mXsdcTTEkUegZVmpaQAf7i+1ed0OOvEGNmWOyyqIasf2WnwR3n9dnACf+b6H6GTiK98ze4bcGdWkn+F7m5e1EyH0m4ZThp9SOEDPlR/uz2SMzyZ4jxUqoC5uHNndVEJprrstDoDwoSsDHHQE=&p=
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
|
11023d05
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
|
| Value name: |
11023d05
|
| Value data: |
01 00 00 00 44 00 00 00 0C 00 00 00 00 00 00 00 FE 42 AA 0A 18 C7 1A 10 E8 85 0B 65 1C 24 00 00 03 00 00 00 03 00 00 00 6E
68 8E D1 B5 43 02 47 82 D5 18 FA 8C 26 ED 80 00 00 00 00 19 3F 6A 3C E4 B7 94 43 94 29 4B 99 4A BE A5 C1 42 81 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
| Value name: |
LastPurgeTime
|
| Value data: |
28950489
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
6
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
| Value name: |
6
|
| Value data: |
01 F8 14 00 00 00 00 10 00 A2 4E BB 41 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
|
NULL
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Logging
|
| Value name: |
NULL
|
| Value data: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250116T0708110674-2820.etl
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
OutlookMAPI2
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
| Value name: |
OutlookMAPI2
|
| Value data: |
1513095170
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
| Value name: |
en-CH
|
| Value data: |
2
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
| Value name: |
en-GB
|
| Value data: |
2
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
| Value name: |
en-CH
|
| Value data: |
1
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
| Value name: |
en-GB
|
| Value data: |
1
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
|
EcsRequestPending
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
|
| Value name: |
EcsRequestPending
|
| Value data: |
0
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
| Value name: |
SessionId
|
| Value data: |
DA 44 95 8E EA ED 59 40 8D C5 E5 26 C3 4F 33 D5
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D C2 19 00 00 C5 0E 89 08 C9 10 03 78 36 34 C5 11
84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80 04 C9 18 08 32 33 30
38 2D 41 75 67 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D C2 19 00 00 C5 0E 89 08 C9 10 03 78 36 34 C5 11
84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80 04 C9 18 08 32 33 30
38 2D 41 75 67 CB 19 0E 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
|
OutlookMAPI2Intl_1033
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
|
| Value name: |
OutlookMAPI2Intl_1033
|
| Value data: |
1513095170
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
00030429
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
|
| Value name: |
00030429
|
| Value data: |
03 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
| Value name: |
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
| Value data: |
NU LL
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
| Value name: |
LastChangeVer
|
| Value data: |
0F 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
|
CacheSyncCount
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange\Forms Registry
|
| Value name: |
CacheSyncCount
|
| Value data: |
91
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D C2 19 00 C2 1F 01 00 C5 0E 89 08 C9 10 03 78 36
34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80 04 C9 18 08
32 33 30 38 2D 41 75 67 CB 19 0E 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D C2 19 00 C2 1F 01 00 C5 0E 89 08 C9 10 03 78 36
34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80 04 C9 18 08
32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
| Value name: |
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
| Value data: |
NU LL
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
| Value name: |
LastChangeVer
|
| Value data: |
10 00 00 00 00 00 00 00
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
| Value name: |
Blob
|
| Value data: |
04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 14 00 00 00 01 00 00 00 14 00 00 00 BB
3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A
4F B1 01 A0 3B 95 E8 7B 06 C8 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37
CD 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 5C 00 00 00 01 00 00 00 04 00 00 00
00 10 00 00 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30
0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A
43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55
04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28
06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30
1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55
04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E
20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74
79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75
72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30
82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83
1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69
5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A
1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6
6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40
DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57
26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8
3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98
E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB
6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC
8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F
51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37
39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03
55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB
3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86
F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8
85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A
38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8
FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3
07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90
5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B
EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A
C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC
85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54
41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45
99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A
2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03
8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Stores large binary data to the registry |
Hooking and other Techniques for Hiding and Protection |
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
| Value name: |
Blob
|
| Value data: |
5C 00 00 00 01 00 00 00 04 00 00 00 00 10 00 00 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24
E5 8D 98 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 03 00 00 00 01 00
00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F
AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F
FD 41 5E 22 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30
0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A
43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55
04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28
06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30
1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55
04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E
20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74
79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75
72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30
82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83
1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69
5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A
1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6
6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40
DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57
26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8
3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98
E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB
6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC
8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F
51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37
39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03
55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB
3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86
F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8
85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A
38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8
FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3
07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90
5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B
EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A
C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC
85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54
41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45
99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A
2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03
8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Stores large binary data to the registry |
Hooking and other Techniques for Hiding and Protection |
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
HyphenationFiles_3082
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
| Value name: |
HyphenationFiles_3082
|
| Value data: |
1513095170
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
HyphenationFiles_3082
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
| Value name: |
HyphenationFiles_3082
|
| Value data: |
1513095171
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
HyphenationFiles_3082
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
| Value name: |
HyphenationFiles_3082
|
| Value data: |
1513095172
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
FilePath
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
| Value name: |
FilePath
|
| Value data: |
officeclient.microsoft.com\F638838E-15C6-4154-87C3-5ADB449EB4DB
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
StartDate
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
| Value name: |
StartDate
|
| Value data: |
30 CF 91 51 0F 68 DB 01
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
EndDate
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
| Value name: |
EndDate
|
| Value data: |
30 8F FB 7B D8 68 DB 01
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9 10 03
78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80 04 C9
18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 01 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
|
LoadCount
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\ColleagueImport.ColleagueImportAddin
|
| Value name: |
LoadCount
|
| Value data: |
2
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
|
HWND64ForOrphanedNotIcon
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Display Types\Balloons
|
| Value name: |
HWND64ForOrphanedNotIcon
|
| Value data: |
6E 05 01 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
ColleagueImport.ColleagueImportAddin
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
| Value name: |
ColleagueImport.ColleagueImportAddin
|
| Value data: |
01 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 00 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 01 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
|
LoadCount
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OneNote.OutlookAddin
|
| Value name: |
LoadCount
|
| Value data: |
2
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
| Value name: |
en-CH
|
| Value data: |
2
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
| Value name: |
en-GB
|
| Value data: |
2
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
| Value name: |
en-CH
|
| Value data: |
1
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
| Value name: |
en-GB
|
| Value data: |
1
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OneNote.OutlookAddin
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
| Value name: |
OneNote.OutlookAddin
|
| Value data: |
01 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 00 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 01 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
|
LoadCount
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\OscAddin.Connect
|
| Value name: |
LoadCount
|
| Value data: |
2
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
OscAddin.Connect
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
| Value name: |
OscAddin.Connect
|
| Value data: |
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 00 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 01 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1
|
LoadCount
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UCAddin.LyncAddin.1
|
| Value name: |
LoadCount
|
| Value data: |
2
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UCAddin.LyncAddin.1
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
| Value name: |
UCAddin.LyncAddin.1
|
| Value data: |
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 00 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 01 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin
|
LoadCount
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin
|
| Value name: |
LoadCount
|
| Value data: |
2
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
UmOutlookAddin.FormRegionAddin
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AddInLoadTimes
|
| Value name: |
UmOutlookAddin.FormRegionAddin
|
| Value data: |
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 00 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 01 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 00 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 00 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 01 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 00 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 01 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 67 2B 59 6E 2B 34 4F 63 3D 22 CA 0D 42 01 A2 00 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
Expires
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
| Value name: |
Expires
|
| Value data: |
int64_t|1737043694
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
ETag
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
|
| Value name: |
ETag
|
| Value data: |
std::wstring|"MMIxSAiVEaT9JtygPe1gmzQomV1zqZ/lMjBhB7idQn4="
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
0
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2820
|
| Value name: |
0
|
| Value data: |
0B 0E 10 01 91 F9 7E 8A 3B 94 4B 95 47 D7 C3 85 FA 40 D2 23 00 46 9A F1 C3 81 F5 81 DA ED 01 6A 04 10 24 00 44 BB 83 01 64
A2 9D 01 00 85 00 A9 07 55 6E 6B 6E 6F 77 6E C9 06 2E 22 4D 4D 49 78 53 41 69 56 45 61 54 39 4A 74 79 67 50 65 31 67 6D 7A
51 6F 6D 56 31 7A 71 5A 2F 6C 4D 6A 42 68 42 37 69 64 51 6E 34 3D 22 CA 0D 42 01 A2 00 C2 19 00 C2 1F 01 00 C5 0E 89 08 C9
10 03 78 36 34 C5 11 84 16 D2 12 0B 6F 00 75 00 74 00 6C 00 6F 00 6F 00 6B 00 2E 00 65 00 78 00 65 00 C5 16 20 C5 17 80 80
04 C9 18 08 32 33 30 38 2D 41 75 67 CB 19 0E 10 1E 2F 47 5F 0A EB 70 41 98 E2 FB 9E 7F 6F F5 35 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
| Value name: |
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
|
| Value data: |
NU LL
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
| Value name: |
LastChangeVer
|
| Value data: |
11 00 00 00 00 00 00 00
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
| Value name: |
SpellingAndGrammarFiles_1033
|
| Value data: |
1513095170
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
| Value name: |
SpellingAndGrammarFiles_1033
|
| Value data: |
1513095171
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
| Value name: |
SpellingAndGrammarFiles_1036
|
| Value data: |
1513095170
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
| Value name: |
SpellingAndGrammarFiles_1036
|
| Value data: |
1513095171
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
| Value name: |
SpellingAndGrammarFiles_3082
|
| Value data: |
1513095170
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
| Value name: |
SpellingAndGrammarFiles_3082
|
| Value data: |
1513095171
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
LastChangeVer
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9375CFF0413111d3B88A00104B2A6676
|
| Value name: |
LastChangeVer
|
| Value data: |
12 00 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
| Value name: |
DeviceTicket
|
| Value data: |
01 00 00 00 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 E4 89 88 42 B1 A6 9D 40 99 A8 9A 8E A2
16 61 D2 00 00 00 00 02 00 00 00 00 00 10 66 00 00 00 01 00 00 20 00 00 00 A9 DF A4 73 5D E2 39 72 6C 34 96 0E C9 BF 56 9F
6F 4A D9 54 17 E3 D7 6A AC 9A 2E 59 19 2A 10 6F 00 00 00 00 0E 80 00 00 00 02 00 00 20 00 00 00 9E 72 E4 92 61 74 E5 86 B7
43 3E 36 A5 48 89 9B FF 37 8F 58 87 C5 C0 1F 9D 87 11 F8 29 AC 08 EB F0 03 00 00 69 50 64 E1 C8 DA 43 DB 40 E9 52 A5 B0 EE
00 97 56 1C B1 A3 00 D2 D2 8D 8D F5 E3 45 78 97 70 12 F7 5F 6D A4 70 AE 13 37 27 47 E2 5F 3C 9C 24 3B 28 23 7D C2 98 FC E1
48 34 D0 D7 6C 27 14 C3 51 CD BA 3D 57 B1 2F E7 37 3A FE 88 98 5F 21 1E 7E E5 33 B2 86 78 08 DD 31 E2 B5 93 6D 9D 16 11 AB
CB 88 26 07 E9 12 87 E1 2C 49 C7 5A AA D1 65 93 27 99 53 6B 76 29 1B 21 29 56 84 5A C7 2F F7 42 6C 36 A6 86 DA 8A D8 84 13
6C FF EC 97 45 4E 3C 3E 49 4F 18 0F 68 CA 84 FA 04 B4 0C A0 43 4A A7 A5 53 AD 29 3E ED 37 B9 C9 86 06 2C A6 72 96 48 72 A4
CF 97 43 86 EB CD 49 9B DC 43 24 46 AE 0E F5 6B AC 73 2A F2 AD 21 D2 5C D3 A4 15 DB 4F E1 A4 75 53 0C 3B DF 28 68 A9 22 24
65 55 22 33 0C F3 3E C4 F8 1F 44 8C AB A1 B5 8F 6E 7A 25 F8 62 99 1F E3 2B AA 0F 19 49 88 35 3B 66 01 FB 9A 7B C4 07 54 13
3B 32 B8 7C 02 52 56 B9 33 6A 8F 2D 98 03 0B 01 AC 0E 4A F6 78 D2 06 D4 1D 91 9F 82 F6 4F B6 0D 1D EC 23 5B C7 BD B7 B5 DE
DC 84 D2 72 75 43 0A F6 2A 02 BD 6C 0A E4 04 4A CE 1E 7B 0A 0F 3C 5D 42 48 90 AF D6 69 D3 5A 6B 11 EE 53 B1 B0 4C D4 4C 73
C7 6F 9A 47 6B EB DC 78 BA 79 B7 23 EB CB 86 35 64 20 6A B2 C9 E4 A1 D8 1C 03 C2 4B 5D C0 48 52 E8 18 ED EA 8D 89 58 7B 54
6B DC D1 01 50 2D 1A 16 F3 C6 5A C9 34 F3 F4 C1 91 E1 98 E3 3F 08 8F BC F6 E8 82 19 C0 B8 B8 1B A2 37 8C B5 6E 62 4F 70 3E
18 46 31 16 E8 2D F3 72 24 CE 22 4B 88 35 89 68 52 4B 5A 00 80 9A 5B 14 DE A1 28 B4 B1 F8 CD 7B 61 93 DA 4C EE 87 2D 47 D1
ED 56 D8 2A 5F 69 47 A3 98 20 EC 48 09 92 6F 22 0A 05 A3 68 8C 29 AC EB 99 10 B3 3D 3F 97 02 9F D9 A7 DC 6B 55 A2 1C D4 21
5B 29 F3 D6 B6 7A 6C B4 68 0C D1 17 E9 03 49 A9 D4 B7 52 41 12 3C A9 FD 18 AD 63 EE C6 A6 26 3E 6E 20 34 57 04 57 0C 7B 7B
15 63 B5 77 AF 96 C0 88 3F 5A 85 5D D7 4A 3A 34 4C EB 86 7F F7 1E D2 8A 6B 94 AA 2D 05 98 05 9F A3 B1 09 FE D4 2D 57 CE D5
4C 0F B9 6F EA 9F 4F 51 00 5C 9F 49 67 C7 8B 4B 43 8F F4 96 92 9C 73 80 14 C0 71 3A 1A 82 6B E5 76 E3 3C 13 F4 C0 88 55 89
0E 08 F2 4A 66 C8 94 6C 7E 25 D8 FB BD FE 68 D9 EB 52 85 8B DA B3 B6 C6 E5 A5 ED 10 48 89 35 73 6B 01 4C 9F C4 84 51 81 7F
34 2B C6 83 63 F7 D4 D8 C8 1E D2 2B 13 11 00 09 3A EA B1 65 82 B2 B9 FA 87 E8 86 26 31 0D 5A 31 1B 2C 99 6E 69 D7 AF 48 66
10 29 1B 3C B4 1D 70 71 12 E2 C4 30 31 60 51 91 50 48 79 B5 C6 FE A4 56 28 CB F2 6C FB FD 28 18 EC A3 F3 CE 54 DF 88 25 86
A2 1A D0 D5 24 4D D4 B2 DF 27 B2 BC C8 54 59 57 C6 85 AB B2 61 1F EB 19 94 10 BD AA 40 42 D4 30 85 60 B6 40 CD 50 F9 0E BF
61 A6 94 7D F9 8F BC 89 0B 7B D7 BF 0A 22 AD C8 D5 9B 81 50 88 1A C2 FC B7 AB C9 45 37 68 F1 35 86 D0 47 42 AE 57 92 BC 5D
9B 13 34 FF 54 DE CE 33 90 18 39 61 38 E1 14 5E E2 33 76 BF 71 F6 54 81 BD 9F B9 E1 92 40 94 E4 90 94 79 6D 23 BB 2C 80 DD
00 4F 51 1E 28 FA A1 2D 1F FE BB FC C8 CC E0 AE 61 3C 42 B4 F5 D5 2C 82 7C 8A 43 B0 03 7E 5A EC A7 A9 51 9F 1A 8F A1 73 50
C9 80 C8 0B 71 BD 2D A7 68 A3 8A 42 E9 33 1C BB 9D 50 81 43 0C 1A 2E 04 E3 F2 BE 65 73 52 F6 EC 90 A5 5E 2F F1 23 A9 33 8F
FD 6F 13 76 EE 9D 26 27 A1 81 36 28 5F 3D 04 5F 77 A0 3A 19 F6 A3 F5 14 EC 10 1F EA 55 D3 10 C9 20 81 A3 10 4B 88 A3 9C B5
C6 AC 45 CB B4 0C D2 A8 A7 24 40 00 00 00 1C A7 6E 2D EB B1 30 60 DA B9 A5 0C 01 AD C2 37 B1 3A 2D 11 4F F4 70 C9 41 BF F3
F0 50 29 5A AD 10 F2 27 58 C0 E1 7D 5F B2 63 F5 CA 5E B2 F9 AE 66 81 AC F7 44 C8 C8 37 97 3D AB D6 86 C7 A0 32
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceId
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
| Value name: |
DeviceId
|
| Value data: |
00188011EB91B5A6
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
|
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Search\Catalog
|
| Value name: |
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
|
| Value data: |
B4 06 00 00 00 00 00 00
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
Accounts
|
|
|
| TargetID: |
0
|
| Path: |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Settings
|
| Value name: |
Accounts
|
| Value data: |
[]
|
|
