popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

No static analysis available.
Timestamp
Process
Category
EventID
Message
Correlation
05/01/2023 12:00:09.270
OFFICEC2 (0x2df0)
0x3d8c
Medium
Successfully got the registry values
05/01/2023 12:00:09.270
OFFICEC2 (0x2df0)
0x3d8c
OfficeTelemetry_RuleProcessing
Medium
OTele_ETW_TDC_LoadingRulesStarted {"ETW_EventId": 119, "ETW_Keywords": 4}
05/01/2023 12:00:09.270
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
ActivityStarted {"Name": "Office.Telemetry.LoadXmlRules", "CV": "XCK77VeGV0ig9trBxgL0+g.5.1", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:09.280
OFFICEC2 (0x2df0)
0x36e4
Click-To-Run General Telemetry
Medium
InitLogging {"MachineId": "fad0e10304de1948b2e2daef656fab30", "SessionID": "3f20a30c-e393-4007-852f-f4a068885922", "GeoID": 94, "Ver": "0.0.0.0", "C2RClientVer": "16.0.13127.20614", "ContextData": "{\"AppVVersion\":\"5.2.162\",\"Bitness\":\"64\",\"CommandLine\":\"/frequentupdate SCHEDULEDTASK displaylevel=False\",\"ExeVer\":\"16.0.13127.20614\",\"IntegrityLevel\":\"0x4000\",\"Locale\":\"1031\",\"ModulePath\":\"C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\ClickToRun\\\\OfficeC2RClient.exe\",\"OSVersion\":\"10.0\",\"ProcessType\":\"OfficeC2RClient\",\"ProcessorArch\":\"9\",\"ProductType\":\"1\",\"SecuritySessionId\":\"0\"}"}
05/01/2023 12:00:09.280
OFFICEC2 (0x2df0)
0x36e4
Activity
Medium
ActivityStarted {"Name": "Office.ClickToRun.C2RClient", "CV": "XCK77VeGV0ig9trBxgL0+g.7", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:09.280
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
ActivityEnded {"Name": "Office.Telemetry.LoadXmlRules", "CV": "XCK77VeGV0ig9trBxgL0+g.5.1", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:09.280
OFFICEC2 (0x2df0)
0x3d8c
Telemetry Event
Medium
SendEvent {"EventName": "Office.Telemetry.LoadXmlRules", "Flags": 33777014401990913, "InternalSequenceNumber": 9, "Time": "2023-05-01T10:00:09Z", "AriaTenantToken": "f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405", "Contract": "Office.System.Activity", "Activity.CV": "XCK77VeGV0ig9trBxgL0+g.5.1", "Activity.Duration": 5773, "Activity.Count": 1, "Activity.AggMode": 0, "Activity.Success": true, "Activity.Result.Code": 0, "Activity.Result.Type": "HRESULT"}
05/01/2023 12:00:09.280
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
ActivityEnded {"Name": "Office.Telemetry.ProcessIdleQueueJob", "CV": "XCK77VeGV0ig9trBxgL0+g.5", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:09.280
OFFICEC2 (0x2df0)
0x3d8c
Telemetry Event
Medium
SendEvent {"EventName": "Office.Telemetry.ProcessIdleQueueJob", "Flags": 33777014401990913, "InternalSequenceNumber": 10, "Time": "2023-05-01T10:00:09Z", "AriaTenantToken": "f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405", "Contract": "Office.System.Activity", "Activity.CV": "XCK77VeGV0ig9trBxgL0+g.5", "Activity.Duration": 10291, "Activity.Count": 1, "Activity.AggMode": 0, "Activity.Success": true}
05/01/2023 12:00:14.328
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
ActivityStarted {"Name": "Office.Telemetry.DynamicConfig.FetchConfigs", "CV": "XCK77VeGV0ig9trBxgL0+g.8", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.1", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.2", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.3", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.4", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.5", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.6", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.7", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.8", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.9", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.10", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.11", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.12", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.13", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.14", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.15", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.16", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.17", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.18", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.19", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.20", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.21", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.330
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.22", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.23", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.24", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.25", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.26", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.27", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.28", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.29", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.30", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
DroppedAggregatedActivity {"Name": "Office.Telemetry.DynamicConfig.ParseJsonConfig", "CV": "XCK77VeGV0ig9trBxgL0+g.8.31", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Activity
Medium
ActivityEnded {"Name": "Office.Telemetry.DynamicConfig.FetchConfigs", "CV": "XCK77VeGV0ig9trBxgL0+g.8", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Telemetry Event
Medium
SendEvent {"EventName": "Office.Telemetry.DynamicConfig.FetchConfigs", "Flags": 33777014401990913, "InternalSequenceNumber": 11, "Time": "2023-05-01T10:00:14Z", "AriaTenantToken": "f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405", "Contract": "Office.System.Activity", "Activity.CV": "XCK77VeGV0ig9trBxgL0+g.8", "Activity.Duration": 6534, "Activity.Count": 1, "Activity.AggMode": 0, "Activity.Success": true, "Data.RejectedConfigsList": "", "Data.ParsedConfigCount": 31, "Data.RejectedConfigCount": 0}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Telemetry Event
Monitorable
Deactivated event detected. {"EventName": "Office.Experimentation.LoadingFirstSessionCache", "IsFromRule": false}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Telemetry Event
Monitorable
Deactivated event detected. {"EventName": "Office.Licensing.Tenant.InitTenantId", "IsFromRule": false}
05/01/2023 12:00:14.335
OFFICEC2 (0x2df0)
0x3d8c
Telemetry Event
Medium
SendEvent {"EventName": "Office.Telemetry.FlushEventBuffer", "Flags": 33777014401991169, "InternalSequenceNumber": 12, "Time": "2023-05-01T10:00:14Z", "AriaTenantToken": "f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405", "Data.FirstPassCount": 11, "Data.SecondPassCount": 0}
05/01/2023 12:00:19.430
OFFICEC2 (0x2df0)
0x4f00
Activity
Medium
ActivityStarted {"Name": "Office.Telemetry.AriaEventSink.RequestMsaDeviceToken", "CV": "XCK77VeGV0ig9trBxgL0+g.9", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:19.430
OFFICEC2 (0x2df0)
0x4f00
Activity
Medium
ActivityStarted {"Name": "Office.Telemetry.AriaEventSink.HandleMsaDeviceTokenResponse", "CV": "XCK77VeGV0ig9trBxgL0+g.9.1", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:19.430
OFFICEC2 (0x2df0)
0x4f00
Activity
Medium
ActivityEnded {"Name": "Office.Telemetry.AriaEventSink.HandleMsaDeviceTokenResponse", "CV": "XCK77VeGV0ig9trBxgL0+g.9.1", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:19.430
OFFICEC2 (0x2df0)
0x4f00
Telemetry Event
Medium
SendEvent {"EventName": "Office.Telemetry.AriaEventSink.HandleMsaDeviceTokenResponse", "Flags": 33777014401990913, "InternalSequenceNumber": 13, "Time": "2023-05-01T10:00:19Z", "AriaTenantToken": "f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405", "Contract": "Office.System.Activity", "Activity.CV": "XCK77VeGV0ig9trBxgL0+g.9.1", "Activity.Duration": 141, "Activity.Count": 1, "Activity.AggMode": 0, "Activity.Success": true, "Activity.Result.Code": 0, "Activity.Result.Type": "HRESULT", "Data.RetryCount": 0}
05/01/2023 12:00:19.430
OFFICEC2 (0x2df0)
0x4f00
Activity
Medium
ActivityEnded {"Name": "Office.Telemetry.AriaEventSink.RequestMsaDeviceToken", "CV": "XCK77VeGV0ig9trBxgL0+g.9", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:19.430
OFFICEC2 (0x2df0)
0x4f00
Telemetry Event
Medium
SendEvent {"EventName": "Office.Telemetry.AriaEventSink.RequestMsaDeviceToken", "Flags": 33777014401990913, "InternalSequenceNumber": 14, "Time": "2023-05-01T10:00:19Z", "AriaTenantToken": "f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405", "Contract": "Office.System.Activity", "Activity.CV": "XCK77VeGV0ig9trBxgL0+g.9", "Activity.Duration": 3667, "Activity.Count": 1, "Activity.AggMode": 0, "Activity.Success": true, "Activity.Result.Code": 0, "Activity.Result.Type": "HRESULT", "Data.RetryCount": 0}
05/01/2023 12:00:19.430
OFFICEC2 (0x2df0)
0x4f00
Telemetry Event
Medium
SLGetWindowsInformationDWORD result {"IsWCOS": false}
05/01/2023 12:00:24.290
OFFICEC2 (0x2df0)
0x36e4
Click-To-Run
Medium
Core::GetFlightData {"MachineId": "fad0e10304de1948b2e2daef656fab30", "SessionID": "3f20a30c-e393-4007-852f-f4a068885922", "GeoID": 94, "Ver": "0.0.0.0", "C2RClientVer": "16.0.13127.20614", "ContextData": "{'flightIdentifier':'Microsoft.Office.Click2Run.UseExperimentalTransportForInPlacePipe','overrideValue':'','flightData':'','returnValue':'unknown'}"}
05/01/2023 12:00:24.290
OFFICEC2 (0x2df0)
0x36e4
Click-To-Run
Medium
Core::GetFlightData {"MachineId": "fad0e10304de1948b2e2daef656fab30", "SessionID": "3f20a30c-e393-4007-852f-f4a068885922", "GeoID": 94, "Ver": "0.0.0.0", "C2RClientVer": "16.0.13127.20614", "ContextData": "{'flightIdentifier':'Microsoft.Office.Click2Run.UseOfficeHelperAddon','overrideValue':'','flightData':'','returnValue':'unknown'}"}
05/01/2023 12:00:24.290
OFFICEC2 (0x2df0)
0x36e4
Click-To-Run
Medium
Core::GetFlightData {"MachineId": "fad0e10304de1948b2e2daef656fab30", "SessionID": "3f20a30c-e393-4007-852f-f4a068885922", "GeoID": 94, "Ver": "0.0.0.0", "C2RClientVer": "16.0.13127.20614", "ContextData": "{'flightIdentifier':'Microsoft.Office.Click2Run.UseOutlookShareAddon','overrideValue':'','flightData':'','returnValue':'unknown'}"}
05/01/2023 12:00:24.290
OFFICEC2 (0x2df0)
0x36e4
Click-To-Run
Medium
Core::GetFlightData {"MachineId": "fad0e10304de1948b2e2daef656fab30", "SessionID": "3f20a30c-e393-4007-852f-f4a068885922", "GeoID": 94, "Ver": "0.0.0.0", "C2RClientVer": "16.0.13127.20614", "ContextData": "{'flightIdentifier':'Microsoft.Office.Click2Run.UseUniversalOrchestrator','overrideValue':'','flightData':'','returnValue':'unknown'}"}
05/01/2023 12:00:24.290
OFFICEC2 (0x2df0)
0x36e4
Click-To-Run
Medium
DoFrequentUpdates {"MachineId": "fad0e10304de1948b2e2daef656fab30", "SessionID": "3f20a30c-e393-4007-852f-f4a068885922", "GeoID": 94, "Ver": "16.0.13127.20616", "C2RClientVer": "16.0.13127.20614", "ContextData": "{\"message\":\"Running frequent updates\",\"hours\":\"24\"}"}
05/01/2023 12:00:24.290
OFFICEC2 (0x2df0)
0x36e4
Click-To-Run
Medium
DoFrequentUpdates {"MachineId": "fad0e10304de1948b2e2daef656fab30", "SessionID": "3f20a30c-e393-4007-852f-f4a068885922", "GeoID": 94, "Ver": "16.0.13127.20616", "C2RClientVer": "16.0.13127.20614", "ContextData": "{\"message\":\"Less than a day since last update run, just trying to apply!\",\"time\":\"61633623\"}"}
05/01/2023 12:00:24.290
OFFICEC2 (0x2df0)
0x36e4
Click-To-Run
Medium
::wWinMain {"MachineId": "fad0e10304de1948b2e2daef656fab30", "SessionID": "3f20a30c-e393-4007-852f-f4a068885922", "GeoID": 94, "Ver": "16.0.13127.20616", "C2RClientVer": "16.0.13127.20614", "ContextData": "ClientExe complete. {'Action':'19','Result':'0'}"}
05/01/2023 12:00:24.290
OFFICEC2 (0x2df0)
0x36e4
Activity
Medium
ActivityEnded {"Name": "Office.ClickToRun.C2RClient", "CV": "XCK77VeGV0ig9trBxgL0+g.7", "ProcessIdentifier": "OfficeC2RClient.exe_16.0.13127.20614_X86_{EDBB225C-8657-4857-A0F6-DAC1C602F4FA}"}
05/01/2023 12:00:24.290
OFFICEC2 (0x2df0)
0x36e4
Telemetry Event
Medium
SendEvent {"EventName": "Office.ClickToRun.C2RClient", "Flags": 28147514867777793, "InternalSequenceNumber": 15, "Time": "2023-05-01T10:00:24Z", "AriaTenantToken": "0da1917aa56040d3a011c3813ca36107-76f080d8-b37f-4635-8054-5c133fcd04c4-6587", "Contract": "Office.System.Activity", "Activity.CV": "XCK77VeGV0ig9trBxgL0+g.7", "Activity.Duration": 15013862, "Activity.Count": 1, "Activity.AggMode": 0, "Activity.Success": true, "Activity.Result.Code": 0, "Activity.Result.Type": "result", "Data.Action": "frequentupdate"}
05/01/2023 12:00:24.290
OFFICEC2 (0x2df0)
0x36e4
Telemetry Event
Medium
SendEvent {"EventName": "Office.Experimentation.FeatureQueryBatched", "Flags": 33777005812056321, "InternalSequenceNumber": 16, "Time": "2023-05-01T10:00:24Z", "AriaTenantToken": "e6e58d16cfb94942b795b4918258153a-765be17b-66ea-435e-8b55-5a128f3decd3-6873", "Data.Sequence": 0, "Data.Count": 63, "Data.Features": "[ { \"ID\" : 37, \"N\" : \"Microsoft.Office.Graphics.EnableDirectXDebugLayer\", \"V\" : false, \"S\" : 1, \"P\" : 0, \"T\" : \"2023-05-01T10:00:09.2603693Z\", \"C\" : \"32\", \"Q\" : 5.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 37, \"N\" : \"Microsoft.Office.Click2Run.ChangeGate.UseLoadDllForStreamServer\", \"V\" : true, \"S\" : 1, \"P\" : 0, \"T\" : \"2023-05-01T10:00:09.2603693Z\", \"C\" : \"32\", \"Q\" : 0.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 37, \"N\" : \"Microsoft.Office.AirSpace.UseWincompInAutomation\", \"V\" : false, \"S\" : 1, \"P\" : 0, \"T\" : \"2023-05-01T10:00:09.2603693Z\", \"C\" : \"32\", \"Q\" : 2.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 37, \"N\" : \"Microsoft.Office.AirSpace.UseWincompInWin3
No antivirus signatures available.
No IRMA results available.