IOC Report
Document.one

loading gif

Files

File Path
Type
Category
Malicious
Document.one
data
initial sample
C:\Users\user\AppData\Local\Microsoft\Office\16.0\onenote.exe_Rules.xml
XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db
SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header
Matlab v4 mat-file (little endian) \260\016, numeric, rows 1020487318, columns 0
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin
ASCII text, with very long lines (368), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin
GIF image data, version 89a, 1012 x 327
dropped
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{0D50DF9D-C835-4FEC-8856-2AF165CAA92D}.bin
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{0E6DBBBF-A3C0-48DA-BED3-C8930739DF0B}
data
dropped
C:\Users\user\AppData\Local\Temp\{187023B7-C9CC-4BD0-87B3-E472F3855AA3}
data
dropped
C:\Users\user\AppData\Local\Temp\{1BA8BC9F-BAF0-4471-A68C-831394576820}
data
dropped
C:\Users\user\AppData\Local\Temp\{205FB1FA-EB16-43F2-86C5-B07E9A12980B}
data
dropped
C:\Users\user\AppData\Local\Temp\{2265CAC3-1A5D-4C48-AF94-A71BBEC89222}
data
dropped
C:\Users\user\AppData\Local\Temp\{4DA24EBA-9C29-4348-81D5-F33931C2288D}
GIF image data, version 89a, 1012 x 327
dropped
C:\Users\user\AppData\Local\Temp\{4E5BA980-837E-4313-A9E6-0E99A903959D}
data
dropped
C:\Users\user\AppData\Local\Temp\{513AB815-F377-4589-AAE3-880D93915B90}.bin
GIF image data, version 89a, 1012 x 327
dropped
C:\Users\user\AppData\Local\Temp\{5201C174-E8AB-444C-BF8B-A9E7BC2A638A}.bin
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{5F8474AE-5559-4496-8704-47ADE4570097}
data
dropped
C:\Users\user\AppData\Local\Temp\{5FCF2F4B-1582-4C30-9102-96D683F264EC}
data
dropped
C:\Users\user\AppData\Local\Temp\{635EAFCC-6A0E-4E2D-B0DE-2088BE0F8754}
data
dropped
C:\Users\user\AppData\Local\Temp\{68535A9E-EB0C-4B6A-BC04-E37534063832}
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{7DFF42B6-807C-4DE3-AA08-4D6D60B3BB7A}
data
dropped
C:\Users\user\AppData\Local\Temp\{833BBCE8-1CE5-4A33-BE2D-894EF53FEE46}
data
dropped
C:\Users\user\AppData\Local\Temp\{83BA6D36-2196-4487-BAAD-FE15AF122565}
data
dropped
C:\Users\user\AppData\Local\Temp\{84E57D09-8B97-4380-A709-DC32BEADCF99}
PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{A4601116-8B1A-4987-B1F8-2B503864EECB}
data
dropped
C:\Users\user\AppData\Local\Temp\{B24949E5-A304-4FCD-B0D4-30209C2F9A45}
data
dropped
C:\Users\user\AppData\Local\Temp\{B59A9D2C-ED1E-47F4-90E0-3645E63DAE20}
data
dropped
C:\Users\user\AppData\Local\Temp\{B9F8FA1C-06B0-4354-A382-C78BC6DC2478}
data
dropped
C:\Users\user\AppData\Local\Temp\{BA1C306D-67E6-4B43-AD43-E1D2155CD557}.bin
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\{C24A363B-3F25-4D78-8D62-A8644C199A19}
data
dropped
C:\Users\user\AppData\Local\Temp\{CD7C088E-DA9E-48D5-AC09-A932818D0DA3}
data
dropped
C:\Users\user\AppData\Local\Temp\{E11D2A68-BD51-4949-973B-CAEBFA28AD85}
data
dropped
C:\Users\user\AppData\Local\Temp\{E7C5C746-021A-4F24-ADB3-169DFED88711}
ASCII text, with very long lines (368), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\{F8DE737E-2360-4149-A1ED-C6862E3AF421}
data
dropped
C:\Users\user\AppData\Local\Temp\{F9CD84DB-A8AC-453A-8744-5110815F8CDD}
data
dropped
C:\Users\user\AppData\Local\Temp\{FD695529-50F6-4272-BBEC-9EF941B30B5C}
PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Bibliography Styles\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Building Blocks\1033\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Word Document Building Blocks\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\Open Notebook.onetoc2
data
modified
C:\Users\user\AppData\Roaming\Microsoft\Templates\Open Notebook.onetoc2
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1bc9bbbe61f14501.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1bc9bbbe61f14501.customDestinations-ms~RF3dc76.TMP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GSW8AE0M5519PXI4POU4.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\O01AHY6Q5IAUOAOC7SBE.temp
Matlab v4 mat-file (little endian) \253\373\277\272, sparse, rows 1, columns 0, imaginary
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, Sparse, ctime=Thu May 27 16:03:55 2021, mtime=Tue Feb 7 17:57:17 2023, atime=Thu May 27 16:03:55 2021, length=179528, window=hide
dropped
C:\Users\user\Desktop\Document.one
data
dropped
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2
data
dropped
C:\Users\user\Documents\OneNote Notebooks\My Notebook\Quick Notes.one
data
dropped
There are 59 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Document.one
 malicious
C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
/tsr
 malicious

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
12
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\ONENOTE\1188
0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems
#81
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\onenote
Language
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\onenote
EcsRequestPending
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\RulesLastAudienceReported
onenote.exe
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\onenote
SubscriptionCustomerLicenseInfo
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
CommandLineSafe
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
Description
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
FriendlyName
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
LoadBehavior
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
CommandLineSafe
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
Description
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
FriendlyName
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
LoadBehavior
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
LastMyDocumentsPathUsed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win64
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win64
NULL
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
ProgressWindowPosLeft
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
ProgressWindowPosTop
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
ConsecutiveBootCrashes
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
ConsecutiveEarlyCrashes
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
EDPLastRevokeCheckTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
BackupFilenamePostfixStartSP1
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
BackupFilenamePostfixEndSP1
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
BackupFilenamePostfixEndRerepairSP1
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
FirstBootStatus
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
onenote.exe_queried
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\onenote
BuildNumber
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
onenote.exe
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
Expires
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe
RulesEndpoint
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.1
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.2
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.3
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.4
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.5
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.6
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.7
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.8
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.9
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.10
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.11
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.12
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.13
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.14
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.15
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.16
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.17
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.18
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.19
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.20
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.21
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.22
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.23
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.24
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.25
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.26
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.27
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.28
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.29
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.30
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.31
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.32
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.33
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.34
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.35
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.36
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.37
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.38
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.39
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.40
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.41
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.42
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.43
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.44
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.45
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.46
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.47
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.48
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.49
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.50
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
1.51
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
VersionId
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
ETag
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
DeferredConfigs
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
ConfigIds
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Volatile
MsaDevice
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\OpenNotebooks
1
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency
RepairQuickNotesOnBoot
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\FavoritePens
Data
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTimeOneNote
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTimeOneNote
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
LastCacheFclRepairSuccessTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\TeachingCallouts
NotesFeedMainCallout
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
FlightedVersion
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\RecentNotebooks
FOLDERID_Desktop
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\RecentNotebooks
FOLDERID_Documents
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Place MRU
FOLDERID_Desktop
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Place MRU
FOLDERID_Documents
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Paths
UnfiledNotesSection
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
LastAppliedNotebookColor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage
OneNoteNonBootFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\onenote.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\ONENOTE\1188
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win64
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win64
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
NULL
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
FirstBootStatus
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote\ConfigContextData
ChunkCount
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\onenote
Expires
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\ONENOTE\1188
0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
FirstBootStatus
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\ONENOTE\1188
0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
FirstBootStatus
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
LastAppliedNotebookColor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000061091A0090400100000000F01FEC\Usage
OneNoteFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000100000000F01FEC\Usage
OneNoteFiles
There are 177 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1E87B2F9000
heap
page read and write
1E87B300000
heap
page read and write
F93D77F000
stack
page read and write
1E87B2A6000
heap
page read and write
1E87B318000
heap
page read and write
1E87B2EE000
heap
page read and write
1F0BC28E000
heap
page read and write
1E87B2D9000
heap
page read and write
1E87B338000
heap
page read and write
1E87BD34000
heap
page read and write
18287E000
stack
page read and write
2C96D502000
heap
page read and write
1E87B357000
heap
page read and write
1E87B2BC000
heap
page read and write
1E87BB87000
heap
page read and write
D1766FB000
stack
page read and write
21C83BF0000
remote allocation
page read and write
1E87B306000
heap
page read and write
1E87BE96000
heap
page read and write
2C3E5BE000
stack
page read and write
23376076000
heap
page read and write
1E87BE80000
heap
page read and write
1E87B334000
heap
page read and write
1E87B2E6000
heap
page read and write
1E87B2E2000
heap
page read and write
BCC1FAB000
stack
page read and write
1E87B2EC000
heap
page read and write
1E87B348000
heap
page read and write
1F0BC23F000
heap
page read and write
1E87B300000
heap
page read and write
1E87B2FA000
heap
page read and write
1F0BC269000
heap
page read and write
1E87B2DF000
heap
page read and write
1E87B358000
heap
page read and write
2C96D470000
heap
page read and write
1E87B322000
heap
page read and write
21C83D28000
heap
page read and write
21C83C13000
heap
page read and write
2C3E8FE000
stack
page read and write
F93D476000
stack
page read and write
D1765FF000
stack
page read and write
D1763FE000
stack
page read and write
24EAE42B000
heap
page read and write
D175EFF000
stack
page read and write
1E87B2E5000
heap
page read and write
1E87B289000
heap
page read and write
1E87B2DC000
heap
page read and write
1E87B2FC000
heap
page read and write
1E87B33D000
heap
page read and write
1E87B2EC000
heap
page read and write
1E87B31B000
heap
page read and write
182A7E000
stack
page read and write
1E87BD37000
heap
page read and write
BCC2A7D000
stack
page read and write
1E87B2F9000
heap
page read and write
1E87B327000
heap
page read and write
D1760FF000
stack
page read and write
23376102000
heap
page read and write
1E87B2D1000
heap
page read and write
1E87B2DB000
heap
page read and write
1E87B4F0000
heap
page read and write
1E87B318000
heap
page read and write
1E87B315000
heap
page read and write
2C96D43A000
heap
page read and write
1E87B310000
heap
page read and write
1E87B2BB000
heap
page read and write
D1761FE000
stack
page read and write
1E87B2FD000
heap
page read and write
1E87B309000
heap
page read and write
24EAE413000
heap
page read and write
1E87B2F2000
heap
page read and write
1E87B34B000
heap
page read and write
BCC267E000
stack
page read and write
1E87B348000
heap
page read and write
1E87B353000
heap
page read and write
1E87BB7F000
heap
page read and write
1E87B200000
heap
page read and write
1E87B2DF000
heap
page read and write
1E87B292000
heap
page read and write
21C83D00000
heap
page read and write
1E87B317000
heap
page read and write
2C96DC15000
heap
page read and write
1E87B2E7000
heap
page read and write
1E87B340000
heap
page read and write
21C83BC0000
trusted library allocation
page read and write
21C83B70000
heap
page read and write
21C83BA0000
trusted library allocation
page read and write
1E87B32D000
heap
page read and write
1F0BC287000
heap
page read and write
1E87B33D000
heap
page read and write
1E87BE8C000
heap
page read and write
1E87B327000
heap
page read and write
1F0BC271000
heap
page read and write
1E87B33A000
heap
page read and write
2C96D270000
heap
page read and write
1E87B28C000
heap
page read and write
24EAE2D0000
heap
page read and write
1E87B310000
heap
page read and write
1E87B32C000
heap
page read and write
D1762FC000
stack
page read and write
1E87B322000
heap
page read and write
1E87B327000
heap
page read and write
1F0BC24D000
heap
page read and write
24EAE440000
heap
page read and write
F80F2BC000
stack
page read and write
1E87B348000
heap
page read and write
1E87B31F000
heap
page read and write
1E87B2A3000
heap
page read and write
1E87B31B000
heap
page read and write
1E87B31B000
heap
page read and write
2C96DC00000
heap
page read and write
1E87B340000
heap
page read and write
1E87BB78000
heap
page read and write
1E87B35C000
heap
page read and write
1F0BC262000
heap
page read and write
1E87B310000
heap
page read and write
1E87BC90000
heap
page read and write
1E87B35E000
heap
page read and write
1E87BB8F000
heap
page read and write
23376073000
heap
page read and write
1F0BC263000
heap
page read and write
1E87B2F2000
heap
page read and write
1E87B334000
heap
page read and write
1E87B322000
heap
page read and write
1E87B2F9000
heap
page read and write
21C83B00000
heap
page read and write
1E87B310000
heap
page read and write
1E87B300000
heap
page read and write
1E87BB70000
heap
page read and write
1F0BC0A0000
heap
page read and write
1E87B2AF000
heap
page read and write
1E87B33B000
heap
page read and write
24EAE471000
heap
page read and write
1E87B334000
heap
page read and write
24EAE502000
heap
page read and write
1E87B2E4000
heap
page read and write
1E87B2EE000
heap
page read and write
1E87B2AE000
heap
page read and write
1E87B33E000
heap
page read and write
1E87BB80000
heap
page read and write
2337605A000
heap
page read and write
1E87B2EC000
heap
page read and write
24EAE270000
heap
page read and write
21C83BF0000
remote allocation
page read and write
1F0BC255000
heap
page read and write
1F0BC259000
heap
page read and write
2C3E97F000
stack
page read and write
1E87B2DF000
heap
page read and write
1E87BE89000
heap
page read and write
1E87B27A000
heap
page read and write
1E87B2EC000
heap
page read and write
1F0BC25C000
heap
page read and write
1E87B34B000
heap
page read and write
1E87B33D000
heap
page read and write
18267E000
stack
page read and write
2C96D47F000
heap
page read and write
21C83C00000
heap
page read and write
1F0BC302000
heap
page read and write
1E87B31B000
heap
page read and write
1E87B32F000
heap
page read and write
1E87B327000
heap
page read and write
BCC26FA000
stack
page read and write
1E87B331000
heap
page read and write
1E87B2F2000
heap
page read and write
1E87B2E7000
heap
page read and write
1E87BD35000
heap
page read and write
1E87B300000
heap
page read and write
1F0BC25F000
heap
page read and write
2C96D400000
heap
page read and write
1E87B2E5000
heap
page read and write
1E87B2B5000
heap
page read and write
1F0BC261000
heap
page read and write
1F0BC22B000
heap
page read and write
1E87B32C000
heap
page read and write
1E87B281000
heap
page read and write
1E87B31F000
heap
page read and write
1F0BC273000
heap
page read and write
1E87B2FA000
heap
page read and write
F93D37B000
stack
page read and write
1E87BD3A000
heap
page read and write
1F0BC24D000
heap
page read and write
1F0BC241000
heap
page read and write
1E87BE87000
heap
page read and write
1E87B2FC000
heap
page read and write
F93D278000
stack
page read and write
1E87B2BF000
heap
page read and write
D17607B000
stack
page read and write
1E87B334000
heap
page read and write
1F0BC244000
heap
page read and write
1E87B310000
heap
page read and write
1E87B31C000
heap
page read and write
1E87B353000
heap
page read and write
1E87BB8F000
heap
page read and write
2337608B000
heap
page read and write
23375DF0000
heap
page read and write
23376085000
heap
page read and write
1E87B339000
heap
page read and write
1E87B338000
heap
page read and write
1E87B4F5000
heap
page read and write
1E87B2E7000
heap
page read and write
2C3EAFF000
stack
page read and write
1E87BB7E000
heap
page read and write
1F0BCA02000
trusted library allocation
page read and write
24EAE280000
heap
page read and write
1E87B338000
heap
page read and write
1826FE000
stack
page read and write
1F0BC26D000
heap
page read and write
1E87B2D7000
heap
page read and write
1E87B2F2000
heap
page read and write
1E87B322000
heap
page read and write
1E87B322000
heap
page read and write
21C85802000
trusted library allocation
page read and write
1E87B345000
heap
page read and write
1F0BC297000
heap
page read and write
F80FA7C000
stack
page read and write
1E87B2E2000
heap
page read and write
21C83D02000
heap
page read and write
1E87B327000
heap
page read and write
1E87B317000
heap
page read and write
BCC297F000
stack
page read and write
1E87B2E8000
heap
page read and write
1E87B2CF000
heap
page read and write
1E87BD3A000
heap
page read and write
1E87B338000
heap
page read and write
BCC237E000
stack
page read and write
1E87BB87000
heap
page read and write
F93D0FE000
stack
page read and write
23376029000
heap
page read and write
1F0BC255000
heap
page read and write
2C3E9FB000
stack
page read and write
1823EB000
stack
page read and write
1E87B31B000
heap
page read and write
24EAE3D0000
trusted library allocation
page read and write
23376013000
heap
page read and write
F80F87E000
stack
page read and write
1E87B2DE000
heap
page read and write
1E87B260000
heap
page read and write
2C96D489000
heap
page read and write
1E87B2EC000
heap
page read and write
1E87B2DF000
heap
page read and write
1E87B340000
heap
page read and write
21C83C40000
heap
page read and write
1E87BD33000
heap
page read and write
2C96D500000
heap
page read and write
21C83C2B000
heap
page read and write
1F0BC25E000
heap
page read and write
1E87B345000
heap
page read and write
1E87BD30000
heap
page read and write
23376040000
heap
page read and write
1E87B345000
heap
page read and write
23376100000
heap
page read and write
F93D57E000
stack
page read and write
1E87B34C000
heap
page read and write
1E87BD37000
heap
page read and write
1E87B2E7000
heap
page read and write
BCC27FF000
stack
page read and write
1E87B34B000
heap
page read and write
1E87B35E000
heap
page read and write
2C3EA7E000
stack
page read and write
1E87B310000
heap
page read and write
1E87B327000
heap
page read and write
2C96D3E0000
trusted library allocation
page read and write
1E87B32F000
heap
page read and write
1E87B353000
heap
page read and write
21C83C62000
heap
page read and write
1E87B2F2000
heap
page read and write
1E87B31D000
heap
page read and write
F80F6FC000
stack
page read and write
21C83C02000
heap
page read and write
1E87B2CE000
heap
page read and write
1E87B33A000
heap
page read and write
21C83B10000
heap
page read and write
1E87B33D000
heap
page read and write
1E87B353000
heap
page read and write
23376113000
heap
page read and write
1E87B34B000
heap
page read and write
23376079000
heap
page read and write
1E87B268000
heap
page read and write
1E87B2E7000
heap
page read and write
1F0BC26B000
heap
page read and write
2C96D513000
heap
page read and write
2C96D448000
heap
page read and write
24EAE455000
heap
page read and write
D175E7B000
stack
page read and write
1E87B334000
heap
page read and write
BCC25FF000
stack
page read and write
1E87BD3B000
heap
page read and write
BCC2AFC000
stack
page read and write
1E87B338000
heap
page read and write
2C3E87C000
stack
page read and write
1E87B29A000
heap
page read and write
1E87B321000
heap
page read and write
1E87BD3A000
heap
page read and write
24EAE449000
heap
page read and write
1E87B2EC000
heap
page read and write
1E87B2F9000
heap
page read and write
1F0BC242000
heap
page read and write
1E87B2EF000
heap
page read and write
1E87B2DD000
heap
page read and write
1E87BE91000
heap
page read and write
1E87B2EE000
heap
page read and write
1E87B321000
heap
page read and write
24EAE402000
heap
page read and write
1E87B359000
heap
page read and write
D1764FF000
stack
page read and write
2C96D42A000
heap
page read and write
1E87B34B000
heap
page read and write
1E87B2CB000
heap
page read and write
1F0BC030000
heap
page read and write
1E87B27F000
heap
page read and write
1E87B309000
heap
page read and write
18297E000
stack
page read and write
1E87B2E5000
heap
page read and write
1E87B2FC000
heap
page read and write
1E87B2C3000
heap
page read and write
23376069000
heap
page read and write
23375E50000
heap
page read and write
1E87B2D9000
heap
page read and write
1E87B309000
heap
page read and write
1E87B2AD000
heap
page read and write
1F0BC293000
heap
page read and write
D175F7F000
stack
page read and write
1F0BC27B000
heap
page read and write
1E87B345000
heap
page read and write
1E87B327000
heap
page read and write
2C96D2E0000
heap
page read and write
2C3E53E000
stack
page read and write
2337606F000
heap
page read and write
2C96D413000
heap
page read and write
1E87B309000
heap
page read and write
1E87B32A000
heap
page read and write
1E87B309000
heap
page read and write
23376802000
trusted library allocation
page read and write
1F0BC245000
heap
page read and write
182B7E000
stack
page read and write
1E87B35B000
heap
page read and write
1E87B2E5000
heap
page read and write
F93D67E000
stack
page read and write
1E87B300000
heap
page read and write
1E87B353000
heap
page read and write
2C96D451000
heap
page read and write
D1767FF000
stack
page read and write
1E87B2DC000
heap
page read and write
1E87B2FA000
heap
page read and write
1E87B315000
heap
page read and write
1E87B30E000
heap
page read and write
1F0BC285000
heap
page read and write
1E87B2E3000
heap
page read and write
2C96DC02000
heap
page read and write
2C3E4B6000
stack
page read and write
1E87B33B000
heap
page read and write
23375E00000
heap
page read and write
1F0BC264000
heap
page read and write
F80F97C000
stack
page read and write
23375F50000
trusted library allocation
page read and write
1E87BD3E000
heap
page read and write
1E87B2DC000
heap
page read and write
1E87B318000
heap
page read and write
1F0BC247000
heap
page read and write
1E87B2F5000
heap
page read and write
1E87BD32000
heap
page read and write
1F0BC200000
heap
page read and write
1E87B2EC000
heap
page read and write
1F0BC24C000
heap
page read and write
1E87BE8E000
heap
page read and write
21C83D13000
heap
page read and write
21C83BF0000
remote allocation
page read and write
1E87B2EF000
heap
page read and write
23376000000
heap
page read and write
1E87B341000
heap
page read and write
1E87B303000
heap
page read and write
1E87B30D000
heap
page read and write
F93D07B000
stack
page read and write
1E87B32F000
heap
page read and write
1F0BC246000
heap
page read and write
1E87B334000
heap
page read and write
1E87B32C000
heap
page read and write
1E87B1E0000
heap
page read and write
1E87B359000
heap
page read and write
1F0BC28D000
heap
page read and write
1F0BC28B000
heap
page read and write
2C96D499000
heap
page read and write
21C83C72000
heap
page read and write
1F0BC26F000
heap
page read and write
1E87B32B000
heap
page read and write
1E87B357000
heap
page read and write
1E87B0C0000
heap
page read and write
1F0BC29B000
heap
page read and write
1E87B2CB000
heap
page read and write
1E87B354000
heap
page read and write
1F0BC213000
heap
page read and write
1E87B300000
heap
page read and write
1E87B318000
heap
page read and write
1E87B341000
heap
page read and write
1E87B331000
heap
page read and write
1E87B2F9000
heap
page read and write
1E87BB78000
heap
page read and write
1F0BC040000
heap
page read and write
1E87BE94000
heap
page read and write
1E87B32B000
heap
page read and write
2337602B000
heap
page read and write
1F0BC248000
heap
page read and write
1827FE000
stack
page read and write
1E87B310000
heap
page read and write
1F0BC255000
heap
page read and write
1F0BC291000
heap
page read and write
1E87B31B000
heap
page read and write
1E87BE8B000
heap
page read and write
1E87B300000
heap
page read and write
24EAE466000
heap
page read and write
2C96D280000
heap
page read and write
24EAE46F000
heap
page read and write
1E87B2EF000
heap
page read and write
BCC28FD000
stack
page read and write
1E87B30B000
heap
page read and write
24EAE400000
heap
page read and write
1F0BC1A0000
trusted library allocation
page read and write
F93D17E000
stack
page read and write
24EAEC02000
trusted library allocation
page read and write
1E87B303000
heap
page read and write
BCC24FD000
stack
page read and write
1E87B2F2000
heap
page read and write
There are 412 hidden memdumps, click here to show them.