Using Process Monitor from SysInternals

Sometimes, you need to be able to figure out what an application is doing. What its retrieving information from or saving data to.

In my scenario, I was trying to figure out where a game was saving its high scores and configuration. I found a location in my AppData folder, but deleting it would not wipe it from the game. I considered the Registry as well, with no luck.

I decided on using Process Monitor from Microsoft SysInternals for the job.

First, I tried filtering to only include the .exe as the process name, and ran the program. This yielded several thousand results, which was too much. I then tried using .swf in the path, since this game was built on Adobe Air, which only yielded the content in the path I already knew about. Finally, I considered using the steam ID number contained in the path, which got me to find the secret folder and in the AppData directory, and a secret file formatted in JSON, with all the high scores, configuration, and even the ability to unlock certain parts of the game. Deleting this file properly wiped the game of the data.

Personal note for reference: The game involved was The Jackbox Party Game Pack, and the secret directory was %LOCALAPPDATA%\STEAMNAME while the other leftover directory which didn’t affect the game when deleting was at %APPDATA%\TheJackboxPartyPack


Everything I Know About Starbucks

This post is NOT everything I know about Starbucks, I will update it occasionally with new findings, and discoveries. As I initially created this post, I’ve never been a Starbucks employee, and I’m not listing everything all at once because there is so much. These findings or research are discoveries that I’ve encountered over the years.

  • The Starbucks Headquarters address is 2401 Utah Avenue South, Suite 800 Seattle, WA 98134 USA
  • The number 2401 has a significance in the company because of this. For example, the password/pins for employee devices to corporate-issued iPads and computers.
  • There is an updated manual on the different common drinks, known as the Beverage Resource Manual. It is updated annually and is considered confidential to Starbucks Corporate.

Windows Sandbox tips

Recent versions of Windows 10 give users the ability to install a sandboxed version of the OS for running programs you may only need once, or don’t want to be installed on your main disk. When you are done, as soon as you close the Sandbox, everything you have done will be lost. I’m just going to list off some tips and flaws I’ve encountered with this feature.

  • To install this, you would need to install the Feature from the old Windows 7-era Windows Features. You can search “Turn Windows Features On or Off” in your start menu or access it from the classic Control Panel – Programs and Features – Turn Windows Features On or Off. It is listed as Windows Sandbox.
  • While this system logs directly into the interface, there are some rare scenarios you may need the password to the default user of the system, “WDAGUtilityAccount“. The password might be “pw123” however I’ve not had time to test it. What I did when I needed the password, was reset it with the command line, by running the command “net user WDAGUtilityAccount * ” without quotes, and this would allow you to set a new password. Remember that any password changes will, of course, be wiped when you open the Sandbox again next time.
  • There will be issues if you want to run Hyper-V alongside other VM programs like VirtualBox and VMWare. Unfortunately, Windows Sandbox uses a limited version of Microsoft’s Hyper-V, so conflicts tend to occur. I’m still trying to get Sandbox and VirtualBox running concurrently without issue. The new VirtualBox 6 supports Hyper-V but I’ve yet to be able to experience that.
  • At least in my experience, the Windows Sandbox IP address is so if you run any server programs that you want to access on the host device that is running the Windows Sandbox through a web browser. I am unsure if this can be accessed from other devices on the network, by default at least.