Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\msoCAB8.tmp
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\INetCache\DRYST5H0\configuration[1].xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb
|
Extensible storage engine DataBase, version 0x620, checksum 0xd98a66a6, page size 8192, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb
|
Extensible storage engine DataBase, version 0x620, checksum 0xaaa0cf96, page size 8192, JustCreated, Windows version 0.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1730549737.txt
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1730549737.txt.~tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1737029738.txt
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1737029738.txt.~tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml (copy)
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml.~tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\backstack.json (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\backstack.json.~tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1727698512033694000_66DD95CB-B5E1-48D5-B55B-305EFDD54DF6.log
|
ASCII text, with very long lines (4629), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Mon Sep 30 11:15:11
2024, mtime=Mon Sep 30 11:15:33 2024, atime=Mon Sep 30 11:15:33 2024, length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm (copy)
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
|
Microsoft Word 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 11:14:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 11:14:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 11:14:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 11:14:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 11:14:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\~$ZFPPWAPT.docx
|
data
|
dropped
|
There are 25 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2008,i,17072862143821464706,10439542806910227767,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://https:/atpscan.global.hornetsecurity.com?d=r7jv6mGLSFUWnAoVoWKJDiF7kKGt3Fw5kKbn5s5sfcpNyTRbK79Zci2IH8Nl2g5X&f=qvzVe-8YAX4Dy6XefosXpr9xe6cUPxuD05v5wTHFNiMjrMs6M0fDbIikzhduev0q&i=&k=3x5s&m=iAkhIt0HvpR1Oh2_h6Q0O4Hzfyk0g3SV3EvnL7Z4VUDMO-lWq1KA94UsI2rIZoVyTUZY62kGnDiHyWJGH-7ewwHTHsNEmZuBPXaeTQvRVKfNDkV8Z7LfIWxRCCZdooZC&n=ZEhYBDFv208HJKEkNw5PqFObkm08aq7YeFB_fsGRbHtm2gx4mSx3JSwYkGZ1WU18bxwJPkfxXGKYv_KHdz1U8g&r=jfqeskceaKp8lH_i6JGe3T3xyBa6G7cbOCXOc4EPK3XMqLBHJqWBZEP0B9-qih8i&s=7226c2d05f1feec1a62ae2af2728e02cdefac54ea37a3a7665785b4a5864d360&u=https*3A*2F*2Fpitstop.powellind.com*2Fxfer*2Fbhub.cgi*3Fact*3Ddirect_download_file*26package_id*3Dpowelldocmanager*2540powellind*252Ecom*255FO8FN5TMSR40O4R6VOBEQREUV86*26file_name*3Dpowelldocmanager*2540powellind*252Ecom*255FO8FN5TMSR40O4R6VOBEQREUV86*252Ezip*26username*3Ddlarue*2540schmidt*252Delectric*252Ecom*26direct_token*3DB175D31C2AE80D9A572ED101DA29F438*26file_type*3Dzip__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!PsRMz_liT-2f!lyFBpyvRN69uTi9lGXPBKy-XSt-kz0C0JEORrqM8dMdi_IxvE9r1JFw4LyvspGoo--E3uM-bmu0c26FxoQqF$%3E"
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Downloads\BJZFPPWAPT.docx" /o ""
|
||
|
C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
|
"C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://https:/atpscan.global.hornetsecurity.com?d=r7jv6mGLSFUWnAoVoWKJDiF7kKGt3Fw5kKbn5s5sfcpNyTRbK79Zci2IH8Nl2g5X&f=qvzVe-8YAX4Dy6XefosXpr9xe6cUPxuD05v5wTHFNiMjrMs6M0fDbIikzhduev0q&i=&k=3x5s&m=iAkhIt0HvpR1Oh2_h6Q0O4Hzfyk0g3SV3EvnL7Z4VUDMO-lWq1KA94UsI2rIZoVyTUZY62kGnDiHyWJGH-7ewwHTHsNEmZuBPXaeTQvRVKfNDkV8Z7LfIWxRCCZdooZC&n=ZEhYBDFv208HJKEkNw5PqFObkm08aq7YeFB_fsGRbHtm2gx4mSx3JSwYkGZ1WU18bxwJPkfxXGKYv_KHdz1U8g&r=jfqeskceaKp8lH_i6JGe3T3xyBa6G7cbOCXOc4EPK3XMqLBHJqWBZEP0B9-qih8i&s=7226c2d05f1feec1a62ae2af2728e02cdefac54ea37a3a7665785b4a5864d360&u=https*3A*2F*2Fpitstop.powellind.com*2Fxfer*2Fbhub.cgi*3Fact*3Ddirect_download_file*26package_id*3Dpowelldocmanager*2540powellind*252Ecom*255FO8FN5TMSR40O4R6VOBEQREUV86*26file_name*3Dpowelldocmanager*2540powellind*252Ecom*255FO8FN5TMSR40O4R6VOBEQREUV86*252Ezip*26username*3Ddlarue*2540schmidt*252Delectric*252Ecom*26direct_token*3DB175D31C2AE80D9A572ED101DA29F438*26file_type*3Dzip__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!PsRMz_liT-2f!lyFBpyvRN69uTi9lGXPBKy-XSt-kz0C0JEORrqM8dMdi_IxvE9r1JFw4LyvspGoo--E3uM-bmu0c26FxoQqF$%3E
|
|||
|
https://login.windows.local
|
unknown
|
||
|
https://login.windows.net
|
unknown
|
||
|
https://settings-ssl.xboxlive.com/XBLWinClient/v10_music/configuration.xml
|
unknown
|
||
|
https://settings-ssl.xboxlive.com
|
unknown
|
||
|
http://www.microsofi/crl/products/MicCerTruLisPCA_2009-04-02.crl
|
unknown
|
||
|
http://crl.microsoft.co
|
unknown
|
||
|
https://xsts.auth.xboxlive.com/OLE6543578F09ED7815F14EC5F7D14B
|
unknown
|
||
|
https://android.notify.windows.com/iOS
|
unknown
|
||
|
https://login.windows.net/tch
|
unknown
|
||
|
https://login.windows.netCDC98
|
unknown
|
||
|
https://xsts.auth.xboxlive.com
|
unknown
|
||
|
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
|
unknown
|
||
|
https://musicart.xboxlive.com/9/e74d4600-0000-0000-0000-000000000002/504/image.jpg
|
unknown
|
||
|
https://settings-ssl.xboxlive.com/
|
unknown
|
||
|
https://musicart.xboxlive.com/9/5c6a4700-0000-0000-0000-000000000002/504/image.jpg
|
unknown
|
||
|
https://wns.windows.com/
|
unknown
|
||
|
https://login.windows.local/
|
unknown
|
||
|
https://xsts.auth.xboxlive.comngpng1003
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
google.com
|
142.250.185.110
|
||
|
www.google.com
|
142.250.185.132
|
||
|
settings-ssl.xboxlive.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.16
|
unknown
|
unknown
|
||
|
142.250.185.132
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
-z!
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AutoRecoverySaveIntervalMetadata
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
EcsRequestPending
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
SubscriptionCustomerLicenseInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
FirstRun
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
ACUpdated
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
DefaultKerningLigatures
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\WEF
|
Word_RequireForceRefreshAtBoot
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
o|!
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\BootTimeSkuOverride
|
{30CAC893-3CA4-494C-A5E9-A99141352216}
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\CachedLicenseData
|
winword.exe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTimeWord
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTimeWord
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\word
|
BuildNumber
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.9
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.10
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.11
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.13
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.14
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.16
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.17
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.18
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.19
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.20
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.21
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.22
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.23
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.24
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.25
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.26
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.27
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.28
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.29
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
1.30
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
VersionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
ETag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
DeferredConfigs
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
ConfigIds
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\FileBlock
|
FileTypeBlockList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Security\FileBlock
|
OoxmlConverterBlockList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word
|
WordName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Data
|
Toolbars
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Toolbars\Settings
|
Microsoft Word
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Calibri
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Times New Roman
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Calibri Light
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared Tools\Panose
|
Wingdings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Data
|
Settings
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
VisiForceField
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
IgnoreFilenamesEmailAliases
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AutoSpell
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
NoContextSpell
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
InsPic
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
SoundFeedback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
ZoomApp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
ATUserAdded
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AccentOnUpper
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AppWindowPos
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Word\Options
|
AppWindowPosKey
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Signals\Stats\Anonymous\Microsoft.Word.Document
|
ClicksData
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\GracefulExit\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\word
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDDFEBB86
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\8004
|
0
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\GeneralSettings
|
LegacyConfigSettingsUserId
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MediaStore
|
LastOpenedDatabaseUserId
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
AppActivationKind
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Shell
|
EnabledFeatures
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Shell
|
NavPaneWasCollapsed
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
AppVolume
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
PlayerIsMuted
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
CurrentEdpUiPolicyState
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
CurrentNowPlayingQueueTrackId
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
CurrentSeekPosition
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Marketplace
|
MarketplaceCulture
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\GeneralSettings
|
HasLaunched
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\GeneralSettings
|
CollectionBuildingTotalLocalItems
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\GeneralSettings
|
CollectionBuildingTotalCloudItems
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Shell
|
RateAndReviewPromptShown
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Shell
|
RateAndReviewLastUsedRuleset
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet
Settings\Cache\Content
|
CachePrefix
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet
Settings\Cache\Content
|
CacheVersion
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet
Settings\Cache\Content
|
CacheLimit
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet
Settings\Cache\Cookies
|
CachePrefix
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet
Settings\Cache\Cookies
|
CacheVersion
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet
Settings\Cache\Cookies
|
CacheLimit
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet
Settings\Cache\History
|
CachePrefix
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet
Settings\Cache\History
|
CacheVersion
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet
Settings\Cache\History
|
CacheLimit
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\GeneralSettings
|
LastVersionOfBackgroundTaskRegistered
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Service
|
LastSignedInUserId
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Service
|
LastSignInAccountRegion
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Service
|
LastSignedInUserExplicitPrivilege
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Service
|
LastSignedInUserCid
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Service
|
LastSignedInUserSignInName
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Service
|
LastSignedInUserFirstName
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Service
|
LastSignedInUserLastName
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Service
|
LastSignedInUserBrowseAge
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Service
|
LastSignedInUserUseAge
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Service
|
ConfigLastDownload
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\GeneralSettings
|
ImageCleanupLastRun
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Music
|
OneDriveCacheSubfolderName
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Sync
|
CloudCollectionOfflineFolderName
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Music
|
PurchaseSubfolderName
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\GeneralSettings
|
DownloadingSubFolderName
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Music
|
HaveMigratedFromXboxMusic
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\Groveler
|
LastMusicLibraryGatherTime
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\Groveler
|
LastGrovelMusicCountWithIndexer
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\Groveler
|
LastAppDataGatherTime
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\Groveler
|
LastGrovelAppDataCountWithIndexer
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\Groveler
|
IsFirstTimeGrovel
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\Groveler
|
FullGrovelCompleted
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\MDLC
|
HasRestoredTemporaryPlaylists
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\MDLC
|
HasResolvedUnactionablePlaylistItems
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchAlbumHeight
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchAlbumWidth
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchArtistHeight
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchArtistWidth
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\MDLC
|
LastArtPrefetchDate
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\MDLC
|
HasBackedupLocalOnlyPlaylistsToDisk
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\MDLC
|
HasCleanedupOfflinePlaylistMusicDownloads
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\MDLC
|
CleanedUpFollowedPlaylists
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\MDLC
|
CleanedUpMixTapes
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\MDLC
|
LastTimeCollectionCharacteristicsCalculated
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\FUE
|
ShowFUE
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Music
|
LastSelectedCollectionPage
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Shell
|
LastUsedAppNavigationMonikerData
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\GeneralSettings
|
AppLastSuspendTime
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
AppActivationKind
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
CurrentEdpUiPolicyState
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
CurrentNowPlayingQueueTrackId
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
AppVolume
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Marketplace
|
MarketplaceCulture
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Shell
|
EnabledFeatures
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
CurrentEdpUiPolicyState
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
CurrentSeekPosition
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchAlbumHeight
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchAlbumWidth
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchArtistHeight
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchArtistWidth
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\GeneralSettings
|
CollectionBuildingTotalLocalItems
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\GeneralSettings
|
CollectionBuildingTotalCloudItems
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchAlbumHeight
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchAlbumWidth
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchArtistHeight
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\MDLC
|
PreviouslyCleanedUpArtPrefetchArtistWidth
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\MDLC
|
LastArtPrefetchDate
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\anonymous\Configuration\MDLC
|
LastTimeCollectionCharacteristicsCalculated
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
CurrentEdpUiPolicyState
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
CurrentEdpUiPolicyState
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
CurrentSeekPosition
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Playback
|
CurrentEdpUiPolicyState
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\Shell
|
NavPaneWasCollapsed
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\GeneralSettings
|
CollectionBuildingTotalLocalItems
|
||
|
\REGISTRY\A\{5f4fdb57-c210-0a5b-7886-ef0040352005}\LocalState\Configuration\GeneralSettings
|
CollectionBuildingTotalCloudItems
|
There are 213 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1DF62DF8000
|
heap
|
page read and write
|
||
|
1DF6B1C4000
|
heap
|
page read and write
|
||
|
1DF69638000
|
heap
|
page read and write
|
||
|
1DF684A0000
|
trusted library allocation
|
page read and write
|
||
|
1DF67F20000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B5AC000
|
heap
|
page read and write
|
||
|
1DF67FF0000
|
trusted library allocation
|
page read and write
|
||
|
1DF695CA000
|
unkown
|
page read and write
|
||
|
1DF696B6000
|
heap
|
page read and write
|
||
|
1DF68570000
|
unkown
|
page read and write
|
||
|
1DF69FAF000
|
heap
|
page read and write
|
||
|
1DF6B5F7000
|
heap
|
page read and write
|
||
|
1DF67D25000
|
trusted library allocation
|
page read and write
|
||
|
1DF6976C000
|
heap
|
page read and write
|
||
|
1DF6B4BB000
|
heap
|
page read and write
|
||
|
1DF68613000
|
heap
|
page read and write
|
||
|
2E96B6B000
|
stack
|
page read and write
|
||
|
2E98AFC000
|
stack
|
page read and write
|
||
|
1DF6978B000
|
heap
|
page read and write
|
||
|
2CA43B60000
|
heap
|
page read and write
|
||
|
1DF68776000
|
heap
|
page read and write
|
||
|
1DF691F4000
|
heap
|
page read and write
|
||
|
1DF6B23C000
|
heap
|
page read and write
|
||
|
1DF68D69000
|
heap
|
page read and write
|
||
|
1DF6B023000
|
heap
|
page read and write
|
||
|
1DF69602000
|
heap
|
page read and write
|
||
|
1DF687E6000
|
heap
|
page read and write
|
||
|
1DF6B130000
|
heap
|
page read and write
|
||
|
1DF5E713000
|
heap
|
page read and write
|
||
|
1DF62D39000
|
heap
|
page read and write
|
||
|
1DF67CB0000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C1C0000
|
heap
|
page read and write
|
||
|
1DF68D99000
|
heap
|
page read and write
|
||
|
1DF67CD0000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C35E000
|
heap
|
page read and write
|
||
|
1DF62D35000
|
heap
|
page read and write
|
||
|
2E991FF000
|
stack
|
page read and write
|
||
|
1DF6878A000
|
heap
|
page read and write
|
||
|
1DF67CE0000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B1A1000
|
heap
|
page read and write
|
||
|
1DF6B1CC000
|
heap
|
page read and write
|
||
|
1DF6B0B0000
|
heap
|
page read and write
|
||
|
2CA438B8000
|
heap
|
page read and write
|
||
|
1DF68370000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C2AC000
|
heap
|
page read and write
|
||
|
1DF68E20000
|
trusted library allocation
|
page read and write
|
||
|
1DF67DE0000
|
heap
|
page read and write
|
||
|
1DF6B583000
|
heap
|
page read and write
|
||
|
1DF69E00000
|
heap
|
page read and write
|
||
|
1DF68500000
|
trusted library allocation
|
page read and write
|
||
|
1DF69602000
|
heap
|
page read and write
|
||
|
1DF6B190000
|
heap
|
page read and write
|
||
|
2E976FE000
|
stack
|
page read and write
|
||
|
1DF6B1C2000
|
heap
|
page read and write
|
||
|
1DF680C3000
|
heap
|
page read and write
|
||
|
1DF69025000
|
heap
|
page read and write
|
||
|
2E971F9000
|
stack
|
page read and write
|
||
|
1DF67F70000
|
trusted library allocation
|
page read and write
|
||
|
1DF67D94000
|
unkown
|
page read and write
|
||
|
1DF69CAA000
|
unkown
|
page read and write
|
||
|
1DF62C33000
|
heap
|
page read and write
|
||
|
1DF69E78000
|
heap
|
page read and write
|
||
|
1DF67F20000
|
trusted library allocation
|
page read and write
|
||
|
2E9B6FF000
|
stack
|
page read and write
|
||
|
2E97AFB000
|
stack
|
page read and write
|
||
|
1DF6872C000
|
heap
|
page read and write
|
||
|
1DF6B1B4000
|
heap
|
page read and write
|
||
|
1DF68C99000
|
heap
|
page read and write
|
||
|
1DF6B1FC000
|
heap
|
page read and write
|
||
|
1DF5C30A000
|
heap
|
page read and write
|
||
|
2CA438B0000
|
heap
|
page read and write
|
||
|
1DF5E7EF000
|
heap
|
page read and write
|
||
|
1DF6B513000
|
heap
|
page read and write
|
||
|
1DF687F6000
|
heap
|
page read and write
|
||
|
7DF4F5BA1000
|
trusted library allocation
|
page execute read
|
||
|
1DF680C0000
|
heap
|
page read and write
|
||
|
1DF68134000
|
heap
|
page read and write
|
||
|
1DF6B440000
|
heap
|
page read and write
|
||
|
1DF5C313000
|
heap
|
page read and write
|
||
|
1DF69638000
|
heap
|
page read and write
|
||
|
1DF697FA000
|
heap
|
page read and write
|
||
|
1DF6B44D000
|
heap
|
page read and write
|
||
|
1DF5C37A000
|
heap
|
page read and write
|
||
|
2E975FF000
|
stack
|
page read and write
|
||
|
1DF680BB000
|
heap
|
page read and write
|
||
|
1DF5E7ED000
|
heap
|
page read and write
|
||
|
1DF67F70000
|
trusted library allocation
|
page read and write
|
||
|
1DF679D7000
|
trusted library allocation
|
page read and write
|
||
|
1DF685E0000
|
heap
|
page read and write
|
||
|
1DF6B160000
|
heap
|
page read and write
|
||
|
1DF69649000
|
heap
|
page read and write
|
||
|
1DF69C36000
|
unkown
|
page read and write
|
||
|
1DF6B4F6000
|
heap
|
page read and write
|
||
|
1DF5E737000
|
heap
|
page read and write
|
||
|
1DF679D2000
|
trusted library allocation
|
page read and write
|
||
|
1DF680E3000
|
heap
|
page read and write
|
||
|
2CA43800000
|
heap
|
page read and write
|
||
|
1DF62CF0000
|
heap
|
page read and write
|
||
|
1DF69013000
|
heap
|
page read and write
|
||
|
1DF5C2E4000
|
heap
|
page read and write
|
||
|
1DF69733000
|
heap
|
page read and write
|
||
|
1DF6B800000
|
heap
|
page read and write
|
||
|
1DF67DC0000
|
heap
|
page read and write
|
||
|
2E97DFD000
|
stack
|
page read and write
|
||
|
1DF69F56000
|
heap
|
page read and write
|
||
|
1DF67DB0000
|
trusted library allocation
|
page read and write
|
||
|
1DF67EC0000
|
trusted library allocation
|
page read and write
|
||
|
1DF62D4A000
|
heap
|
page read and write
|
||
|
1DF68C45000
|
heap
|
page read and write
|
||
|
1DF68160000
|
heap
|
page read and write
|
||
|
1DF67D50000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B65F000
|
trusted library allocation
|
page read and write
|
||
|
1DF5E72C000
|
heap
|
page read and write
|
||
|
1DF680ED000
|
heap
|
page read and write
|
||
|
1DF6B0B2000
|
heap
|
page read and write
|
||
|
1DF69774000
|
heap
|
page read and write
|
||
|
1DF69590000
|
heap
|
page read and write
|
||
|
1DF67F80000
|
trusted library allocation
|
page read and write
|
||
|
2E999FE000
|
stack
|
page read and write
|
||
|
1DF5C2C0000
|
heap
|
page read and write
|
||
|
1DF626F0000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C1B0000
|
heap
|
page read and write
|
||
|
1DF62DA9000
|
heap
|
page read and write
|
||
|
1DF6B07A000
|
heap
|
page read and write
|
||
|
1DF68350000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B573000
|
heap
|
page read and write
|
||
|
1DF6B66F000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B4A7000
|
heap
|
page read and write
|
||
|
1DF67CF0000
|
trusted library allocation
|
page read and write
|
||
|
2E977F5000
|
stack
|
page read and write
|
||
|
1DF67CB0000
|
trusted library allocation
|
page read and write
|
||
|
2E97BFF000
|
stack
|
page read and write
|
||
|
1DF6B120000
|
heap
|
page read and write
|
||
|
1DF6806B000
|
heap
|
page read and write
|
||
|
1DF681A4000
|
heap
|
page read and write
|
||
|
1DF67CF0000
|
trusted library allocation
|
page read and write
|
||
|
1DF69145000
|
heap
|
page read and write
|
||
|
2E9A8FF000
|
stack
|
page read and write
|
||
|
1DF6901F000
|
heap
|
page read and write
|
||
|
1DF5C3EB000
|
heap
|
page read and write
|
||
|
1DF6B1F2000
|
heap
|
page read and write
|
||
|
1DF6B660000
|
trusted library allocation
|
page read and write
|
||
|
1DF67C40000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C2C5000
|
heap
|
page read and write
|
||
|
1DF6870E000
|
heap
|
page read and write
|
||
|
1DF69024000
|
heap
|
page read and write
|
||
|
1DF67BA0000
|
trusted library allocation
|
page read and write
|
||
|
2E993FB000
|
stack
|
page read and write
|
||
|
1DF687C8000
|
heap
|
page read and write
|
||
|
1DF6B44C000
|
heap
|
page read and write
|
||
|
1DF6874C000
|
heap
|
page read and write
|
||
|
1DF6B1CA000
|
heap
|
page read and write
|
||
|
1DF6B46D000
|
heap
|
page read and write
|
||
|
1DF69100000
|
heap
|
page read and write
|
||
|
1DF6B1ED000
|
heap
|
page read and write
|
||
|
1DF5C2EB000
|
heap
|
page read and write
|
||
|
1DF62D4F000
|
heap
|
page read and write
|
||
|
2E97CFE000
|
stack
|
page read and write
|
||
|
1DF67D70000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B017000
|
heap
|
page read and write
|
||
|
1DF67C40000
|
trusted library allocation
|
page read and write
|
||
|
1DF691CF000
|
heap
|
page read and write
|
||
|
1DF68520000
|
trusted library allocation
|
page read and write
|
||
|
1DF67D60000
|
trusted library allocation
|
page read and write
|
||
|
1DF68126000
|
heap
|
page read and write
|
||
|
1DF687D7000
|
heap
|
page read and write
|
||
|
1DF62C12000
|
heap
|
page read and write
|
||
|
1DF68143000
|
heap
|
page read and write
|
||
|
1DF6871F000
|
heap
|
page read and write
|
||
|
1DF69EDD000
|
heap
|
page read and write
|
||
|
1DF5E739000
|
heap
|
page read and write
|
||
|
1DF68D35000
|
heap
|
page read and write
|
||
|
1DF5C323000
|
heap
|
page read and write
|
||
|
1DF69646000
|
heap
|
page read and write
|
||
|
1DF6875F000
|
heap
|
page read and write
|
||
|
1DF5C334000
|
heap
|
page read and write
|
||
|
2CA43B65000
|
heap
|
page read and write
|
||
|
1DF6872C000
|
heap
|
page read and write
|
||
|
1DF68CC3000
|
heap
|
page read and write
|
||
|
1DF685A2000
|
unkown
|
page read and write
|
||
|
1DF687F3000
|
heap
|
page read and write
|
||
|
1DF5C200000
|
heap
|
page read and write
|
||
|
1DF67C62000
|
unkown
|
page write copy
|
||
|
1DF5C347000
|
heap
|
page read and write
|
||
|
1DF6B172000
|
heap
|
page read and write
|
||
|
1DF68D42000
|
heap
|
page read and write
|
||
|
1DF6912C000
|
heap
|
page read and write
|
||
|
1DF6B2A4000
|
heap
|
page read and write
|
||
|
1DF679DE000
|
trusted library allocation
|
page read and write
|
||
|
1DF62A40000
|
trusted library allocation
|
page read and write
|
||
|
1DF68CD4000
|
heap
|
page read and write
|
||
|
1DF6B4D4000
|
heap
|
page read and write
|
||
|
1DF6879E000
|
heap
|
page read and write
|
||
|
1DF6B49A000
|
heap
|
page read and write
|
||
|
1DF62C2F000
|
heap
|
page read and write
|
||
|
1DF687D5000
|
heap
|
page read and write
|
||
|
1DF68051000
|
heap
|
page read and write
|
||
|
1DF66E60000
|
trusted library allocation
|
page read and write
|
||
|
DAE2F7F000
|
stack
|
page read and write
|
||
|
1DF69022000
|
heap
|
page read and write
|
||
|
1DF69EC4000
|
heap
|
page read and write
|
||
|
1DF5E7E9000
|
heap
|
page read and write
|
||
|
1DF6B0BA000
|
heap
|
page read and write
|
||
|
1DF5C3E3000
|
heap
|
page read and write
|
||
|
1DF6B193000
|
heap
|
page read and write
|
||
|
1DF68340000
|
trusted library allocation
|
page read and write
|
||
|
1DF67D10000
|
trusted library allocation
|
page read and write
|
||
|
2E9B1FF000
|
stack
|
page read and write
|
||
|
1DF679AC000
|
trusted library allocation
|
page read and write
|
||
|
1DF696E3000
|
heap
|
page read and write
|
||
|
1DF6963B000
|
heap
|
page read and write
|
||
|
1DF68F00000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C2F0000
|
heap
|
page read and write
|
||
|
1DF5C24E000
|
heap
|
page read and write
|
||
|
1DF68D4F000
|
heap
|
page read and write
|
||
|
1DF62BF0000
|
trusted library allocation
|
page read and write
|
||
|
1DF6813B000
|
heap
|
page read and write
|
||
|
1DF67F40000
|
trusted library allocation
|
page read and write
|
||
|
1DF62811000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B17F000
|
heap
|
page read and write
|
||
|
1DF6B5E8000
|
heap
|
page read and write
|
||
|
1DF696F6000
|
heap
|
page read and write
|
||
|
1DF5E5E0000
|
trusted library allocation
|
page read and write
|
||
|
DAE2EFF000
|
stack
|
page read and write
|
||
|
1DF68000000
|
heap
|
page read and write
|
||
|
1DF68602000
|
heap
|
page read and write
|
||
|
1DF62D5C000
|
heap
|
page read and write
|
||
|
1DF5C2B5000
|
heap
|
page read and write
|
||
|
1DF68E20000
|
trusted library allocation
|
page read and write
|
||
|
1DF684A0000
|
trusted library allocation
|
page read and write
|
||
|
1DF681DA000
|
heap
|
page read and write
|
||
|
1DF6B111000
|
heap
|
page read and write
|
||
|
1DF680DF000
|
heap
|
page read and write
|
||
|
1DF68E20000
|
trusted library allocation
|
page read and write
|
||
|
1DF68F00000
|
trusted library allocation
|
page read and write
|
||
|
1DF62BE0000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B1D7000
|
heap
|
page read and write
|
||
|
1DF5C298000
|
heap
|
page read and write
|
||
|
1DF68724000
|
heap
|
page read and write
|
||
|
1DF6B19A000
|
heap
|
page read and write
|
||
|
1DF696ED000
|
heap
|
page read and write
|
||
|
1DF67CE0000
|
trusted library allocation
|
page read and write
|
||
|
1DF69191000
|
heap
|
page read and write
|
||
|
1DF68724000
|
heap
|
page read and write
|
||
|
1DF684F0000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C3CF000
|
heap
|
page read and write
|
||
|
1DF68D2D000
|
heap
|
page read and write
|
||
|
1DF69FD0000
|
heap
|
page read and write
|
||
|
1DF68728000
|
heap
|
page read and write
|
||
|
1DF5C3AB000
|
heap
|
page read and write
|
||
|
1DF5C36F000
|
heap
|
page read and write
|
||
|
1DF6B1E8000
|
heap
|
page read and write
|
||
|
2E9B2FB000
|
stack
|
page read and write
|
||
|
1DF684A0000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C345000
|
heap
|
page read and write
|
||
|
1DF67CCA000
|
unkown
|
page write copy
|
||
|
1DF6B302000
|
heap
|
page read and write
|
||
|
1DF6979E000
|
heap
|
page read and write
|
||
|
1DF6B294000
|
heap
|
page read and write
|
||
|
1DF5C376000
|
heap
|
page read and write
|
||
|
1DF5C3C2000
|
heap
|
page read and write
|
||
|
1DF697AC000
|
heap
|
page read and write
|
||
|
1DF62E00000
|
trusted library section
|
page readonly
|
||
|
1DF68340000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C2C3000
|
heap
|
page read and write
|
||
|
1DF687F0000
|
heap
|
page read and write
|
||
|
1DF6B5E6000
|
heap
|
page read and write
|
||
|
1DF5C23F000
|
heap
|
page read and write
|
||
|
1DF68822000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C264000
|
heap
|
page read and write
|
||
|
1DF6B061000
|
heap
|
page read and write
|
||
|
1DF5C2D3000
|
heap
|
page read and write
|
||
|
1DF68D42000
|
heap
|
page read and write
|
||
|
1DF6879B000
|
heap
|
page read and write
|
||
|
1DF6B5B0000
|
heap
|
page read and write
|
||
|
1DF68087000
|
heap
|
page read and write
|
||
|
1DF67C50000
|
trusted library allocation
|
page read and write
|
||
|
1DF67F50000
|
trusted library allocation
|
page read and write
|
||
|
1DF68D46000
|
heap
|
page read and write
|
||
|
1DF67D40000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C3F0000
|
heap
|
page read and write
|
||
|
1DF5C3A6000
|
heap
|
page read and write
|
||
|
1DF67F60000
|
trusted library allocation
|
page read and write
|
||
|
1DF67D85000
|
trusted library allocation
|
page read and write
|
||
|
1DF69126000
|
heap
|
page read and write
|
||
|
1DF6B2F1000
|
heap
|
page read and write
|
||
|
1DF69136000
|
heap
|
page read and write
|
||
|
1DF691A6000
|
heap
|
page read and write
|
||
|
1DF697D1000
|
heap
|
page read and write
|
||
|
2E9A7FB000
|
stack
|
page read and write
|
||
|
1DF6B57B000
|
heap
|
page read and write
|
||
|
1DF68735000
|
heap
|
page read and write
|
||
|
1DF69649000
|
heap
|
page read and write
|
||
|
1DF683A0000
|
heap
|
page read and write
|
||
|
1DF6B650000
|
trusted library allocation
|
page read and write
|
||
|
1DF5E72E000
|
heap
|
page read and write
|
||
|
1DF68764000
|
heap
|
page read and write
|
||
|
1DF5C35A000
|
heap
|
page read and write
|
||
|
1DF68E00000
|
trusted library allocation
|
page read and write
|
||
|
1DF68C00000
|
heap
|
page read and write
|
||
|
1DF67D80000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B1AA000
|
heap
|
page read and write
|
||
|
1DF68360000
|
trusted library allocation
|
page read and write
|
||
|
1DF67F10000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B261000
|
heap
|
page read and write
|
||
|
1DF69E89000
|
heap
|
page read and write
|
||
|
1DF6B10D000
|
heap
|
page read and write
|
||
|
1DF67D90000
|
trusted library allocation
|
page read and write
|
||
|
2CA43830000
|
heap
|
page read and write
|
||
|
1DF6815D000
|
heap
|
page read and write
|
||
|
1DF6B4CB000
|
heap
|
page read and write
|
||
|
7DF4F5BB1000
|
trusted library allocation
|
page execute read
|
||
|
1DF6914B000
|
heap
|
page read and write
|
||
|
1DF68724000
|
heap
|
page read and write
|
||
|
1DF6B16E000
|
heap
|
page read and write
|
||
|
1DF67988000
|
trusted library allocation
|
page read and write
|
||
|
1DF69638000
|
heap
|
page read and write
|
||
|
1DF69700000
|
heap
|
page read and write
|
||
|
1DF67980000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B1BA000
|
heap
|
page read and write
|
||
|
1DF68D5B000
|
heap
|
page read and write
|
||
|
1DF69F2B000
|
heap
|
page read and write
|
||
|
1DF68380000
|
trusted library allocation
|
page read and write
|
||
|
1DF68713000
|
heap
|
page read and write
|
||
|
1DF5E5F0000
|
heap
|
page readonly
|
||
|
1DF6B802000
|
heap
|
page read and write
|
||
|
1DF62781000
|
trusted library allocation
|
page read and write
|
||
|
1DF67D21000
|
trusted library allocation
|
page read and write
|
||
|
1DF67CE0000
|
trusted library allocation
|
page read and write
|
||
|
1DF684A0000
|
trusted library allocation
|
page read and write
|
||
|
1DF67F00000
|
trusted library allocation
|
page read and write
|
||
|
1DF6816A000
|
heap
|
page read and write
|
||
|
1DF6B2DD000
|
heap
|
page read and write
|
||
|
1DF6976F000
|
heap
|
page read and write
|
||
|
1DF6B1A4000
|
heap
|
page read and write
|
||
|
1DF5E700000
|
heap
|
page read and write
|
||
|
1DF69F96000
|
heap
|
page read and write
|
||
|
1DF68F00000
|
trusted library allocation
|
page read and write
|
||
|
1DF67D87000
|
trusted library allocation
|
page read and write
|
||
|
1DF68520000
|
trusted library allocation
|
page read and write
|
||
|
1DF68E20000
|
trusted library allocation
|
page read and write
|
||
|
1DF68751000
|
heap
|
page read and write
|
||
|
1DF67C40000
|
trusted library allocation
|
page read and write
|
||
|
1DF67FA0000
|
trusted library allocation
|
page read and write
|
||
|
1DF687EB000
|
heap
|
page read and write
|
||
|
1DF687DD000
|
heap
|
page read and write
|
||
|
1DF6B640000
|
trusted library allocation
|
page read and write
|
||
|
1DF5E602000
|
heap
|
page read and write
|
||
|
1DF6B015000
|
heap
|
page read and write
|
||
|
1DF68055000
|
heap
|
page read and write
|
||
|
1DF5C3CA000
|
heap
|
page read and write
|
||
|
1DF5E70F000
|
heap
|
page read and write
|
||
|
1DF687BB000
|
heap
|
page read and write
|
||
|
1DF6B115000
|
heap
|
page read and write
|
||
|
1DF68C68000
|
heap
|
page read and write
|
||
|
1DF62BB1000
|
trusted library allocation
|
page read and write
|
||
|
1DF69727000
|
heap
|
page read and write
|
||
|
1DF5C1E0000
|
heap
|
page read and write
|
||
|
1DF67EE0000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C2A8000
|
heap
|
page read and write
|
||
|
2E986FF000
|
stack
|
page read and write
|
||
|
1DF67F40000
|
trusted library allocation
|
page read and write
|
||
|
1DF696F5000
|
heap
|
page read and write
|
||
|
1DF684A0000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C388000
|
heap
|
page read and write
|
||
|
1DF67DA0000
|
trusted library allocation
|
page read and write
|
||
|
1DF6832C000
|
unkown
|
page read and write
|
||
|
1DF69C9E000
|
unkown
|
page read and write
|
||
|
1DF6B459000
|
heap
|
page read and write
|
||
|
1DF68121000
|
heap
|
page read and write
|
||
|
1DF6B48E000
|
heap
|
page read and write
|
||
|
2E974E7000
|
stack
|
page read and write
|
||
|
1DF69760000
|
heap
|
page read and write
|
||
|
1DF6B534000
|
heap
|
page read and write
|
||
|
1DF5C361000
|
heap
|
page read and write
|
||
|
1DF5E7B0000
|
heap
|
page read and write
|
||
|
1DF69722000
|
heap
|
page read and write
|
||
|
1DF5E7BD000
|
heap
|
page read and write
|
||
|
2E9B0FF000
|
stack
|
page read and write
|
||
|
1DF67CF0000
|
trusted library allocation
|
page read and write
|
||
|
1DF69F65000
|
heap
|
page read and write
|
||
|
1DF6B1D1000
|
heap
|
page read and write
|
||
|
1DF68600000
|
heap
|
page read and write
|
||
|
1DF5C2D8000
|
heap
|
page read and write
|
||
|
1DF68FF0000
|
heap
|
page read and write
|
||
|
1DF68DA6000
|
heap
|
page read and write
|
||
|
1DF6817B000
|
heap
|
page read and write
|
||
|
1DF6901F000
|
heap
|
page read and write
|
||
|
1DF5E613000
|
heap
|
page read and write
|
||
|
1DF6B438000
|
heap
|
page read and write
|
||
|
1DF67C68000
|
unkown
|
page readonly
|
||
|
1DF62D46000
|
heap
|
page read and write
|
||
|
1DF67CF6000
|
unkown
|
page readonly
|
||
|
1DF695C0000
|
trusted library allocation
|
page read and write
|
||
|
1DF68F00000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B54C000
|
heap
|
page read and write
|
||
|
1DF68350000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B1B1000
|
heap
|
page read and write
|
||
|
1DF68162000
|
heap
|
page read and write
|
||
|
1DF6B1D2000
|
heap
|
page read and write
|
||
|
1DF69E5B000
|
heap
|
page read and write
|
||
|
1DF6971F000
|
heap
|
page read and write
|
||
|
1DF68D4D000
|
heap
|
page read and write
|
||
|
2CA438A0000
|
heap
|
page read and write
|
||
|
2E983FC000
|
stack
|
page read and write
|
||
|
1DF683D0000
|
trusted library allocation
|
page read and write
|
||
|
1DF5C30F000
|
heap
|
page read and write
|
||
|
2E979FC000
|
stack
|
page read and write
|
||
|
1DF62C17000
|
heap
|
page read and write
|
||
|
1DF6B40A000
|
heap
|
page read and write
|
||
|
1DF67CB0000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B000000
|
heap
|
page read and write
|
||
|
1DF628A1000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B438000
|
heap
|
page read and write
|
||
|
1DF6876D000
|
heap
|
page read and write
|
||
|
1DF687F9000
|
heap
|
page read and write
|
||
|
1DF5E705000
|
heap
|
page read and write
|
||
|
1DF6B1F9000
|
heap
|
page read and write
|
||
|
1DF67C70000
|
trusted library allocation
|
page read and write
|
||
|
1DF68C9C000
|
heap
|
page read and write
|
||
|
1DF69F48000
|
heap
|
page read and write
|
||
|
1DF6963B000
|
heap
|
page read and write
|
||
|
1DF67EEC000
|
unkown
|
page read and write
|
||
|
1DF67CF0000
|
unkown
|
page write copy
|
||
|
1DF6B4E5000
|
heap
|
page read and write
|
||
|
1DF5E4F0000
|
heap
|
page read and write
|
||
|
1DF6B0A9000
|
heap
|
page read and write
|
||
|
1DF69614000
|
heap
|
page read and write
|
||
|
1DF68320000
|
trusted library allocation
|
page read and write
|
||
|
1DF68700000
|
heap
|
page read and write
|
||
|
1DF69F00000
|
heap
|
page read and write
|
||
|
1DF5C213000
|
heap
|
page read and write
|
||
|
1DF5C2CB000
|
heap
|
page read and write
|
||
|
2E972FF000
|
stack
|
page read and write
|
||
|
1DF6B21B000
|
heap
|
page read and write
|
||
|
2E9A2FC000
|
stack
|
page read and write
|
||
|
2CA43810000
|
heap
|
page read and write
|
||
|
1DF67B90000
|
trusted library allocation
|
page read and write
|
||
|
1DF68769000
|
heap
|
page read and write
|
||
|
1DF69030000
|
heap
|
page read and write
|
||
|
1DF5E79A000
|
heap
|
page read and write
|
||
|
1DF5E7E5000
|
heap
|
page read and write
|
||
|
1DF69EEE000
|
heap
|
page read and write
|
||
|
1DF67FDE000
|
unkown
|
page read and write
|
||
|
1DF62DF5000
|
heap
|
page read and write
|
||
|
1DF68DD7000
|
heap
|
page read and write
|
||
|
1DF6B593000
|
heap
|
page read and write
|
||
|
1DF687B1000
|
heap
|
page read and write
|
||
|
1DF62D9E000
|
heap
|
page read and write
|
||
|
1DF6B200000
|
heap
|
page read and write
|
||
|
1DF6914D000
|
heap
|
page read and write
|
||
|
1DF67BA0000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B190000
|
heap
|
page read and write
|
||
|
1DF6969A000
|
heap
|
page read and write
|
||
|
DAE2FFE000
|
stack
|
page read and write
|
||
|
1DF67F30000
|
trusted library allocation
|
page read and write
|
||
|
1DF62C83000
|
heap
|
page read and write
|
||
|
1DF6B0CB000
|
heap
|
page read and write
|
||
|
1DF69033000
|
heap
|
page read and write
|
||
|
1DF68733000
|
heap
|
page read and write
|
||
|
1DF6B138000
|
heap
|
page read and write
|
||
|
1DF67FF0000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B133000
|
heap
|
page read and write
|
||
|
1DF6B400000
|
heap
|
page read and write
|
||
|
1DF685B8000
|
unkown
|
page read and write
|
||
|
1DF6B183000
|
heap
|
page read and write
|
||
|
1DF6901F000
|
heap
|
page read and write
|
||
|
1DF68FB0000
|
heap
|
page read and write
|
||
|
1DF6B0F4000
|
heap
|
page read and write
|
||
|
1DF68702000
|
heap
|
page read and write
|
||
|
1DF6B402000
|
heap
|
page read and write
|
||
|
1DF696E3000
|
heap
|
page read and write
|
||
|
1DF6919D000
|
heap
|
page read and write
|
||
|
1DF695A0000
|
heap
|
page read and write
|
||
|
1DF6B5A4000
|
heap
|
page read and write
|
||
|
1DF6B4CC000
|
heap
|
page read and write
|
||
|
1DF69134000
|
heap
|
page read and write
|
||
|
1DF69002000
|
heap
|
page read and write
|
||
|
1DF69128000
|
heap
|
page read and write
|
||
|
1DF6B162000
|
heap
|
page read and write
|
||
|
2E973FA000
|
stack
|
page read and write
|
||
|
1DF5C3E7000
|
heap
|
page read and write
|
||
|
1DF62C00000
|
heap
|
page read and write
|
||
|
1DF6A010000
|
heap
|
page read and write
|
||
|
1DF68D42000
|
heap
|
page read and write
|
||
|
1DF5C22B000
|
heap
|
page read and write
|
||
|
1DF68420000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B4B7000
|
heap
|
page read and write
|
||
|
1DF684A0000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B198000
|
heap
|
page read and write
|
||
|
1DF69021000
|
heap
|
page read and write
|
||
|
1DF6978D000
|
heap
|
page read and write
|
||
|
1DF69000000
|
heap
|
page read and write
|
||
|
1DF5E7BA000
|
heap
|
page read and write
|
||
|
1DF68184000
|
heap
|
page read and write
|
||
|
1DF6B16A000
|
heap
|
page read and write
|
||
|
1DF5C2B2000
|
heap
|
page read and write
|
||
|
1DF68D58000
|
heap
|
page read and write
|
||
|
1DF69600000
|
heap
|
page read and write
|
||
|
1DF69011000
|
heap
|
page read and write
|
||
|
1DF6B11D000
|
heap
|
page read and write
|
||
|
1DF68490000
|
trusted library allocation
|
page read and write
|
||
|
1DF679CE000
|
trusted library allocation
|
page read and write
|
||
|
1DF5DCE0000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B126000
|
heap
|
page read and write
|
||
|
1DF6B044000
|
heap
|
page read and write
|
||
|
1DF69FF1000
|
heap
|
page read and write
|
||
|
1DF62E60000
|
trusted library allocation
|
page read and write
|
||
|
1DF6B679000
|
unkown
|
page execute read
|
||
|
DAE2E7C000
|
stack
|
page read and write
|
||
|
1DF68E10000
|
heap
|
page read and write
|
||
|
1DF6B1E4000
|
heap
|
page read and write
|
||
|
1DF5DCF0000
|
trusted library allocation
|
page read and write
|
||
|
2E97FFC000
|
stack
|
page read and write
|
||
|
1DF68617000
|
heap
|
page read and write
|
||
|
1DF687CC000
|
heap
|
page read and write
|
||
|
1DF69613000
|
heap
|
page read and write
|
There are 507 hidden memdumps, click here to show them.