Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Send for Peter Bayliss.msg
|
CDFV2 Microsoft Outlook Message
|
initial sample
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0
|
data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\64766d63a539c3ca_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\e58e492b0f04240a_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index~RF4da3ea.TMP (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-221129154453Z-191.bmp
|
PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt21.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.7052
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt21.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.7052
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20221129T1644340163-6624.etl
|
data
|
dropped
|
There are 47 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
|
C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Send for Peter Bayliss.msg
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\R172JYD4\Peter
Bayliss 273238652.pdf
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6624
|
0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
CantBootResolution
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
ProfileBeingOpened
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
SessionId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
|
BootDiagnosticsLogFile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics
|
OutlookBootFlag
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
CantBootResolution
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
|
BootDiagnosticsLogFile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Logging\SavedData
|
SavedProfile_OUTLOOK_v1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\GracefulExit\OUTLOOK\6624
|
0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
|
6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Logging
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000100000000F01FEC\Usage
|
OutlookMAPI2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6624
|
0
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2978C7F000
|
stack
|
page read and write
|
||
|
2361D697000
|
heap
|
page read and write
|
||
|
2361D649000
|
heap
|
page read and write
|
||
|
2100BF78000
|
heap
|
page read and write
|
||
|
2978DFE000
|
stack
|
page read and write
|
||
|
2100C02A000
|
heap
|
page read and write
|
||
|
20825790000
|
heap
|
page read and write
|
||
|
2361D63F000
|
heap
|
page read and write
|
||
|
1E174650000
|
heap
|
page read and write
|
||
|
2BB44C00000
|
heap
|
page read and write
|
||
|
2BB44B60000
|
heap
|
page read and write
|
||
|
2978D7D000
|
stack
|
page read and write
|
||
|
DDD5E7E000
|
stack
|
page read and write
|
||
|
1BC88A4F000
|
heap
|
page read and write
|
||
|
2361D68D000
|
heap
|
page read and write
|
||
|
2100C86A000
|
heap
|
page read and write
|
||
|
297897D000
|
stack
|
page read and write
|
||
|
208250CF000
|
heap
|
page read and write
|
||
|
297907A000
|
stack
|
page read and write
|
||
|
5C747FF000
|
stack
|
page read and write
|
||
|
2100BFFA000
|
heap
|
page read and write
|
||
|
2100BF30000
|
heap
|
page read and write
|
||
|
2361D66D000
|
heap
|
page read and write
|
||
|
2100C04D000
|
heap
|
page read and write
|
||
|
2361D664000
|
heap
|
page read and write
|
||
|
20825040000
|
heap
|
page read and write
|
||
|
F329AFE000
|
stack
|
page read and write
|
||
|
2361D647000
|
heap
|
page read and write
|
||
|
DDD5B7C000
|
stack
|
page read and write
|
||
|
2361D658000
|
heap
|
page read and write
|
||
|
2361D666000
|
heap
|
page read and write
|
||
|
2361D65D000
|
heap
|
page read and write
|
||
|
2100C00E000
|
heap
|
page read and write
|
||
|
2100C861000
|
heap
|
page read and write
|
||
|
1BC88A02000
|
heap
|
page read and write
|
||
|
20825874000
|
heap
|
page read and write
|
||
|
2BB45330000
|
trusted library allocation
|
page read and write
|
||
|
2100C034000
|
heap
|
page read and write
|
||
|
2100C027000
|
heap
|
page read and write
|
||
|
2100C004000
|
heap
|
page read and write
|
||
|
5B5887E000
|
stack
|
page read and write
|
||
|
208250F6000
|
heap
|
page read and write
|
||
|
2100BFB3000
|
heap
|
page read and write
|
||
|
20825882000
|
heap
|
page read and write
|
||
|
1BC88940000
|
heap
|
page read and write
|
||
|
2100CB57000
|
heap
|
page read and write
|
||
|
CE8B2F7000
|
stack
|
page read and write
|
||
|
2100BFE7000
|
heap
|
page read and write
|
||
|
2361D663000
|
heap
|
page read and write
|
||
|
2100C039000
|
heap
|
page read and write
|
||
|
2361D673000
|
heap
|
page read and write
|
||
|
5C74CFF000
|
stack
|
page read and write
|
||
|
20825074000
|
heap
|
page read and write
|
||
|
1BC88950000
|
heap
|
page read and write
|
||
|
CE8B478000
|
stack
|
page read and write
|
||
|
20824FB0000
|
heap
|
page read and write
|
||
|
2361D654000
|
heap
|
page read and write
|
||
|
2100CA0A000
|
heap
|
page read and write
|
||
|
2361D62B000
|
heap
|
page read and write
|
||
|
2100BFF3000
|
heap
|
page read and write
|
||
|
2BB44D02000
|
heap
|
page read and write
|
||
|
2100BFA3000
|
heap
|
page read and write
|
||
|
20825049000
|
heap
|
page read and write
|
||
|
2100BFF0000
|
heap
|
page read and write
|
||
|
2361D5A0000
|
trusted library allocation
|
page read and write
|
||
|
2100CA05000
|
heap
|
page read and write
|
||
|
DDD5D7E000
|
stack
|
page read and write
|
||
|
20825730000
|
heap
|
page read and write
|
||
|
2361D702000
|
heap
|
page read and write
|
||
|
F329A7E000
|
stack
|
page read and write
|
||
|
2100C87A000
|
heap
|
page read and write
|
||
|
2BB44BD0000
|
heap
|
page read and write
|
||
|
2100BFC0000
|
heap
|
page read and write
|
||
|
2100BFD6000
|
heap
|
page read and write
|
||
|
2100BFFA000
|
heap
|
page read and write
|
||
|
2100BF83000
|
heap
|
page read and write
|
||
|
1E17487E000
|
heap
|
page read and write
|
||
|
2361D66F000
|
heap
|
page read and write
|
||
|
F3297FC000
|
stack
|
page read and write
|
||
|
2100C039000
|
heap
|
page read and write
|
||
|
2100BFE2000
|
heap
|
page read and write
|
||
|
CE8B37F000
|
stack
|
page read and write
|
||
|
2100C015000
|
heap
|
page read and write
|
||
|
2361D687000
|
heap
|
page read and write
|
||
|
F329F7F000
|
stack
|
page read and write
|
||
|
2100C004000
|
heap
|
page read and write
|
||
|
2100C040000
|
heap
|
page read and write
|
||
|
F329E7E000
|
stack
|
page read and write
|
||
|
1E17485B000
|
heap
|
page read and write
|
||
|
2361D68E000
|
heap
|
page read and write
|
||
|
2082576F000
|
heap
|
page read and write
|
||
|
CE8B77D000
|
stack
|
page read and write
|
||
|
2100BF9C000
|
heap
|
page read and write
|
||
|
CE8ACDB000
|
stack
|
page read and write
|
||
|
2361D691000
|
heap
|
page read and write
|
||
|
DDD5EF9000
|
stack
|
page read and write
|
||
|
20825830000
|
heap
|
page read and write
|
||
|
1E174800000
|
heap
|
page read and write
|
||
|
DDD5DFD000
|
stack
|
page read and write
|
||
|
2100CA07000
|
heap
|
page read and write
|
||
|
2361D68B000
|
heap
|
page read and write
|
||
|
2100C86E000
|
heap
|
page read and write
|
||
|
2100C043000
|
heap
|
page read and write
|
||
|
2100C012000
|
heap
|
page read and write
|
||
|
5B58A7E000
|
stack
|
page read and write
|
||
|
2100BFDC000
|
heap
|
page read and write
|
||
|
1E174813000
|
heap
|
page read and write
|
||
|
2361D64B000
|
heap
|
page read and write
|
||
|
2361D641000
|
heap
|
page read and write
|
||
|
20825864000
|
heap
|
page read and write
|
||
|
2100C046000
|
heap
|
page read and write
|
||
|
2082510A000
|
heap
|
page read and write
|
||
|
20825128000
|
heap
|
page read and write
|
||
|
2361D642000
|
heap
|
page read and write
|
||
|
2361D67B000
|
heap
|
page read and write
|
||
|
2100C002000
|
heap
|
page read and write
|
||
|
5B58AFE000
|
stack
|
page read and write
|
||
|
2361D613000
|
heap
|
page read and write
|
||
|
2100C860000
|
heap
|
page read and write
|
||
|
2100BFFC000
|
heap
|
page read and write
|
||
|
1BC88B02000
|
heap
|
page read and write
|
||
|
2100BF95000
|
heap
|
page read and write
|
||
|
2100CA03000
|
heap
|
page read and write
|
||
|
2100BFDF000
|
heap
|
page read and write
|
||
|
2BB44B70000
|
heap
|
page read and write
|
||
|
2100BFC6000
|
heap
|
page read and write
|
||
|
2100C03A000
|
heap
|
page read and write
|
||
|
1E174640000
|
heap
|
page read and write
|
||
|
2361D510000
|
heap
|
page read and write
|
||
|
20825831000
|
heap
|
page read and write
|
||
|
2100C883000
|
heap
|
page read and write
|
||
|
2BB44C9A000
|
heap
|
page read and write
|
||
|
2100BFCE000
|
heap
|
page read and write
|
||
|
CE8B1FE000
|
stack
|
page read and write
|
||
|
2100BF91000
|
heap
|
page read and write
|
||
|
2100BFFD000
|
heap
|
page read and write
|
||
|
2100BF6F000
|
heap
|
page read and write
|
||
|
2978AFE000
|
stack
|
page read and write
|
||
|
CE8B57C000
|
stack
|
page read and write
|
||
|
2100C03C000
|
heap
|
page read and write
|
||
|
2100C04D000
|
heap
|
page read and write
|
||
|
2100BDB0000
|
heap
|
page read and write
|
||
|
5C74BFD000
|
stack
|
page read and write
|
||
|
5C749FC000
|
stack
|
page read and write
|
||
|
2100C039000
|
heap
|
page read and write
|
||
|
2BB44C8E000
|
heap
|
page read and write
|
||
|
CE8B67E000
|
stack
|
page read and write
|
||
|
2100BFB3000
|
heap
|
page read and write
|
||
|
2100C02C000
|
heap
|
page read and write
|
||
|
DDD5BF9000
|
stack
|
page read and write
|
||
|
2100C03C000
|
heap
|
page read and write
|
||
|
2BB45360000
|
trusted library allocation
|
page read and write
|
||
|
2100C016000
|
heap
|
page read and write
|
||
|
5C74AFE000
|
stack
|
page read and write
|
||
|
2100BFF7000
|
heap
|
page read and write
|
||
|
2100CB5B000
|
heap
|
page read and write
|
||
|
2100BFF0000
|
heap
|
page read and write
|
||
|
2100C00B000
|
heap
|
page read and write
|
||
|
2100BFF0000
|
heap
|
page read and write
|
||
|
2361D662000
|
heap
|
page read and write
|
||
|
2100BF6A000
|
heap
|
page read and write
|
||
|
1E174802000
|
heap
|
page read and write
|
||
|
5C746FB000
|
stack
|
page read and write
|
||
|
1BC88A00000
|
heap
|
page read and write
|
||
|
2100CA04000
|
heap
|
page read and write
|
||
|
F329C7E000
|
stack
|
page read and write
|
||
|
2100BFEC000
|
heap
|
page read and write
|
||
|
20825128000
|
heap
|
page read and write
|
||
|
20825855000
|
heap
|
page read and write
|
||
|
2082513E000
|
heap
|
page read and write
|
||
|
2100BFF7000
|
heap
|
page read and write
|
||
|
2100C014000
|
heap
|
page read and write
|
||
|
2100BFC8000
|
heap
|
page read and write
|
||
|
2100C027000
|
heap
|
page read and write
|
||
|
2100BFE9000
|
heap
|
page read and write
|
||
|
2100BFFD000
|
heap
|
page read and write
|
||
|
DDD587D000
|
stack
|
page read and write
|
||
|
2100BFF7000
|
heap
|
page read and write
|
||
|
2100BFBA000
|
heap
|
page read and write
|
||
|
2100C861000
|
heap
|
page read and write
|
||
|
2361D65E000
|
heap
|
page read and write
|
||
|
2100BFBE000
|
heap
|
page read and write
|
||
|
2BB44C44000
|
heap
|
page read and write
|
||
|
1E174846000
|
heap
|
page read and write
|
||
|
2100C980000
|
heap
|
page read and write
|
||
|
20825230000
|
trusted library allocation
|
page read and write
|
||
|
2BB45402000
|
trusted library allocation
|
page read and write
|
||
|
2100BFD3000
|
heap
|
page read and write
|
||
|
2361DE02000
|
trusted library allocation
|
page read and write
|
||
|
2100C04D000
|
heap
|
page read and write
|
||
|
1BC88A2B000
|
heap
|
page read and write
|
||
|
2100C883000
|
heap
|
page read and write
|
||
|
2100CB5E000
|
heap
|
page read and write
|
||
|
297867B000
|
stack
|
page read and write
|
||
|
1BC88A6D000
|
heap
|
page read and write
|
||
|
2100C024000
|
heap
|
page read and write
|
||
|
2100CA07000
|
heap
|
page read and write
|
||
|
1BC889D0000
|
trusted library allocation
|
page read and write
|
||
|
2100BFEC000
|
heap
|
page read and write
|
||
|
2978A7E000
|
stack
|
page read and write
|
||
|
F329D7E000
|
stack
|
page read and write
|
||
|
2100C01E000
|
heap
|
page read and write
|
||
|
2100BF35000
|
heap
|
page read and write
|
||
|
2100CB61000
|
heap
|
page read and write
|
||
|
2100C029000
|
heap
|
page read and write
|
||
|
2100BFFA000
|
heap
|
page read and write
|
||
|
2100C01C000
|
heap
|
page read and write
|
||
|
2100BFD8000
|
heap
|
page read and write
|
||
|
20825010000
|
heap
|
page read and write
|
||
|
2100C01F000
|
heap
|
page read and write
|
||
|
DDD5C7E000
|
stack
|
page read and write
|
||
|
2100BFAB000
|
heap
|
page read and write
|
||
|
5B585BE000
|
stack
|
page read and write
|
||
|
2100BFAB000
|
heap
|
page read and write
|
||
|
1E1746A0000
|
heap
|
page read and write
|
||
|
2100CB50000
|
heap
|
page read and write
|
||
|
1BC88A66000
|
heap
|
page read and write
|
||
|
2100CA0B000
|
heap
|
page read and write
|
||
|
20825872000
|
heap
|
page read and write
|
||
|
2082506A000
|
heap
|
page read and write
|
||
|
2100BFC0000
|
heap
|
page read and write
|
||
|
2100CA0E000
|
heap
|
page read and write
|
||
|
2100BFD2000
|
heap
|
page read and write
|
||
|
20825854000
|
heap
|
page read and write
|
||
|
2100BFEC000
|
heap
|
page read and write
|
||
|
2100BF9E000
|
heap
|
page read and write
|
||
|
20825879000
|
heap
|
page read and write
|
||
|
2100CA02000
|
heap
|
page read and write
|
||
|
2100C012000
|
heap
|
page read and write
|
||
|
1E175002000
|
trusted library allocation
|
page read and write
|
||
|
2361D600000
|
heap
|
page read and write
|
||
|
2BB44C75000
|
heap
|
page read and write
|
||
|
DDD5CFE000
|
stack
|
page read and write
|
||
|
2100BF96000
|
heap
|
page read and write
|
||
|
2100C015000
|
heap
|
page read and write
|
||
|
2BB44D00000
|
heap
|
page read and write
|
||
|
2100BFFA000
|
heap
|
page read and write
|
||
|
1E174879000
|
heap
|
page read and write
|
||
|
2100BFBB000
|
heap
|
page read and write
|
||
|
2100BFE2000
|
heap
|
page read and write
|
||
|
2100BEF0000
|
heap
|
page read and write
|
||
|
DDD5AFE000
|
stack
|
page read and write
|
||
|
2100BFEA000
|
heap
|
page read and write
|
||
|
2100C043000
|
heap
|
page read and write
|
||
|
2BB44C13000
|
heap
|
page read and write
|
||
|
2082576D000
|
heap
|
page read and write
|
||
|
2361D675000
|
heap
|
page read and write
|
||
|
1BC88A5C000
|
heap
|
page read and write
|
||
|
2100C002000
|
heap
|
page read and write
|
||
|
2100BFDC000
|
heap
|
page read and write
|
||
|
20825210000
|
heap
|
page read and write
|
||
|
2361D671000
|
heap
|
page read and write
|
||
|
1E174902000
|
heap
|
page read and write
|
||
|
2100C017000
|
heap
|
page read and write
|
||
|
2978B7E000
|
stack
|
page read and write
|
||
|
1E17486C000
|
heap
|
page read and write
|
||
|
1BC88A69000
|
heap
|
page read and write
|
||
|
2100C04D000
|
heap
|
page read and write
|
||
|
2100C02C000
|
heap
|
page read and write
|
||
|
2100CA0A000
|
heap
|
page read and write
|
||
|
2100C043000
|
heap
|
page read and write
|
||
|
2100C02C000
|
heap
|
page read and write
|
||
|
208250EE000
|
heap
|
page read and write
|
||
|
208252C0000
|
heap
|
page read and write
|
||
|
2100BED0000
|
heap
|
page read and write
|
||
|
1E174871000
|
heap
|
page read and write
|
||
|
208250E3000
|
heap
|
page read and write
|
||
|
20825844000
|
heap
|
page read and write
|
||
|
2100CA00000
|
heap
|
page read and write
|
||
|
20825888000
|
heap
|
page read and write
|
||
|
20825831000
|
heap
|
page read and write
|
||
|
2100BFCB000
|
heap
|
page read and write
|
||
|
2361D570000
|
heap
|
page read and write
|
||
|
2100BF9E000
|
heap
|
page read and write
|
||
|
2100BF50000
|
heap
|
page read and write
|
||
|
2100C043000
|
heap
|
page read and write
|
||
|
208257F8000
|
heap
|
page read and write
|
||
|
2100C046000
|
heap
|
page read and write
|
||
|
2100C86F000
|
heap
|
page read and write
|
||
|
2100C012000
|
heap
|
page read and write
|
||
|
2100C02C000
|
heap
|
page read and write
|
||
|
208250D1000
|
heap
|
page read and write
|
||
|
CE8B3FE000
|
stack
|
page read and write
|
||
|
2100C002000
|
heap
|
page read and write
|
||
|
2361D682000
|
heap
|
page read and write
|
||
|
1E174877000
|
heap
|
page read and write
|
||
|
DDD5F7F000
|
stack
|
page read and write
|
||
|
2100C00A000
|
heap
|
page read and write
|
||
|
2361D500000
|
heap
|
page read and write
|
||
|
5B589FC000
|
stack
|
page read and write
|
||
|
5B588FB000
|
stack
|
page read and write
|
||
|
2978EFE000
|
stack
|
page read and write
|
||
|
2361D628000
|
heap
|
page read and write
|
||
|
2361D685000
|
heap
|
page read and write
|
||
|
2100BFA3000
|
heap
|
page read and write
|
||
|
1E1747A0000
|
trusted library allocation
|
page read and write
|
||
|
2100CB59000
|
heap
|
page read and write
|
||
|
2100BFDC000
|
heap
|
page read and write
|
||
|
5B5897E000
|
stack
|
page read and write
|
||
|
5C742CB000
|
stack
|
page read and write
|
||
|
5C748FE000
|
stack
|
page read and write
|
||
|
2100C01C000
|
heap
|
page read and write
|
||
|
2100C01D000
|
heap
|
page read and write
|
||
|
2100C024000
|
heap
|
page read and write
|
||
|
2BB44C2B000
|
heap
|
page read and write
|
||
|
2100C873000
|
heap
|
page read and write
|
||
|
2100BF9E000
|
heap
|
page read and write
|
||
|
2100C00E000
|
heap
|
page read and write
|
||
|
2361D693000
|
heap
|
page read and write
|
||
|
2100CB64000
|
heap
|
page read and write
|
||
|
2100BFF5000
|
heap
|
page read and write
|
||
|
2100BFCA000
|
heap
|
page read and write
|
||
|
2100CB66000
|
heap
|
page read and write
|
||
|
20825774000
|
heap
|
page read and write
|
||
|
1BC89202000
|
trusted library allocation
|
page read and write
|
||
|
2361D626000
|
heap
|
page read and write
|
||
|
1E17485D000
|
heap
|
page read and write
|
||
|
2082508F000
|
heap
|
page read and write
|
||
|
2361D68B000
|
heap
|
page read and write
|
||
|
2978FFD000
|
stack
|
page read and write
|
||
|
1BC88A13000
|
heap
|
page read and write
|
||
|
2100C00D000
|
heap
|
page read and write
|
||
|
2100C034000
|
heap
|
page read and write
|
||
|
CE8B0FE000
|
stack
|
page read and write
|
||
|
1BC88A43000
|
heap
|
page read and write
|
||
|
2100BF58000
|
heap
|
page read and write
|
||
|
1BC889A0000
|
heap
|
page read and write
|
||
|
2100C031000
|
heap
|
page read and write
|
||
|
1E17482B000
|
heap
|
page read and write
|
||
|
2361D69B000
|
heap
|
page read and write
|
||
|
2100BF89000
|
heap
|
page read and write
|
||
|
2100C007000
|
heap
|
page read and write
|
||
|
DDD5A7E000
|
stack
|
page read and write
|
||
|
2361D66C000
|
heap
|
page read and write
|
||
|
2100BFCC000
|
heap
|
page read and write
|
||
|
2100CA0A000
|
heap
|
page read and write
|
||
|
2100C046000
|
heap
|
page read and write
|
||
|
2100C002000
|
heap
|
page read and write
|
||
|
1E174913000
|
heap
|
page read and write
|
||
|
2100BFF3000
|
heap
|
page read and write
|
||
|
2BB44D13000
|
heap
|
page read and write
|
||
|
2361D680000
|
heap
|
page read and write
|
||
|
2100C006000
|
heap
|
page read and write
|
||
|
2100BFAE000
|
heap
|
page read and write
|
||
|
208252C5000
|
heap
|
page read and write
|
||
|
5B58537000
|
stack
|
page read and write
|
||
|
2361D66B000
|
heap
|
page read and write
|
||
|
2100CB5C000
|
heap
|
page read and write
|
There are 338 hidden memdumps, click here to show them.