Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
WinX.SUNBURST.zip
|
Zip archive data, at least v6.3 to extract, compression method=AES Encrypted
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\WinX.SUNBURST\WinX.SUNBURST\019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134.exe
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\WinX.SUNBURST\WinX.SUNBURST\32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77.exe
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\WinX.SUNBURST\WinX.SUNBURST\ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\WinX.SUNBURST\WinX.SUNBURST.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Program Files\7-Zip\7zG.exe
|
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\WinX.SUNBURST\" -ad -an -ai#7zMap1138:82:7zEvent30935
|
||
|
C:\Program Files\7-Zip\7zG.exe
|
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\WinX.SUNBURST\WinX.SUNBURST\" -spe -an -ai#7zMap5700:110:7zEvent13992
|
||
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
||
|
C:\Windows\System32\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\WinX.SUNBURST\WinX.SUNBURST\ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.solarwinds.com/embedded_in_products/productLink.aspx?id=online_quote
|
unknown
|
||
|
http://www.solarwinds.com/contracts/IMaintUpdateNotifySvc/2009/09/IMaintUpdateNotifySvc/GetDataRespo
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://www.solarwinds.com/embedded_in_products/productLink.aspx?id=online_quote
|
unknown
|
||
|
http://www.solarwinds.com/documentation/kbloader.aspx?lang=
|
unknown
|
||
|
https://www.solarwinds.com/documentation/kbloader.aspx?lang=
|
unknown
|
||
|
http://www.solarwinds.com/contracts/IMaintUpdateNotifySvc/2009/09L
|
unknown
|
||
|
http://www.solarwinds.com/contracts/IMaintUpdateNotifySvc/2009/09/IMaintUpdateNotifySvc/GetLouserzed
|
unknown
|
||
|
http://www.solarwinds.com/contracts/IMaintUpdateNotifySvc/2009/09/IMaintUpdateNotifySvc/GetDataT
|
unknown
|
||
|
http://www.solarwinds.com/contracts/IMaintUpdateNotifySvc/2009/09T
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://thwackfeeds.solarwinds.com/blogs/orion-product-team-blog/rss.aspxT
|
unknown
|
||
|
http://solarwinds.s3.amazonaws.com/solarwinds/Release/MIB-Database/MIBs.zip
|
unknown
|
There are 3 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\7-Zip\Extraction
|
PathHistory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\abgrcnq.rkr
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWindowsOnlyEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fPasteOriginalEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fReverse
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWrapAround
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fMatchCase
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
iWindowPosX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
iWindowPosY
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
iWindowPosDX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
iWindowPosDY
|
There are 20 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22644CBB000
|
heap
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
22646BD8000
|
heap
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
22646B9E000
|
heap
|
page read and write
|
||
|
22646BC6000
|
heap
|
page read and write
|
||
|
18306BB0000
|
heap
|
page read and write
|
||
|
1EB84E7C000
|
heap
|
page read and write
|
||
|
1A31F5FF000
|
heap
|
page read and write
|
||
|
18305354000
|
heap
|
page read and write
|
||
|
226492A6000
|
heap
|
page read and write
|
||
|
22646B9A000
|
heap
|
page read and write
|
||
|
22648CA0000
|
trusted library allocation
|
page read and write
|
||
|
2264670E000
|
heap
|
page read and write
|
||
|
22646B8D000
|
heap
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
22646B84000
|
heap
|
page read and write
|
||
|
22646B7F000
|
heap
|
page read and write
|
||
|
22649640000
|
heap
|
page read and write
|
||
|
226467AC000
|
heap
|
page read and write
|
||
|
226467E9000
|
heap
|
page read and write
|
||
|
1EB86790000
|
heap
|
page read and write
|
||
|
2264679A000
|
heap
|
page read and write
|
||
|
226492ED000
|
heap
|
page read and write
|
||
|
226492EB000
|
heap
|
page read and write
|
||
|
22644C8F000
|
heap
|
page read and write
|
||
|
230780BE000
|
heap
|
page read and write
|
||
|
22644C7C000
|
heap
|
page read and write
|
||
|
22646BB0000
|
heap
|
page read and write
|
||
|
7ED4FFE000
|
stack
|
page read and write
|
||
|
22646BBA000
|
heap
|
page read and write
|
||
|
2264929F000
|
heap
|
page read and write
|
||
|
FD8FF7B000
|
stack
|
page read and write
|
||
|
22646B9A000
|
heap
|
page read and write
|
||
|
1EB84FE0000
|
heap
|
page read and write
|
||
|
226467A2000
|
heap
|
page read and write
|
||
|
22646B76000
|
heap
|
page read and write
|
||
|
22644C1B000
|
heap
|
page read and write
|
||
|
1A31F617000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
183053C7000
|
heap
|
page read and write
|
||
|
18305365000
|
heap
|
page read and write
|
||
|
22646BB1000
|
heap
|
page read and write
|
||
|
2264671C000
|
heap
|
page read and write
|
||
|
183053EF000
|
heap
|
page read and write
|
||
|
1EB84E88000
|
heap
|
page read and write
|
||
|
22646B7F000
|
heap
|
page read and write
|
||
|
22646BC6000
|
heap
|
page read and write
|
||
|
226492BD000
|
heap
|
page read and write
|
||
|
226492C9000
|
heap
|
page read and write
|
||
|
22646B9E000
|
heap
|
page read and write
|
||
|
226467C8000
|
heap
|
page read and write
|
||
|
1EB84E40000
|
heap
|
page read and write
|
||
|
226492AA000
|
heap
|
page read and write
|
||
|
22646B7A000
|
heap
|
page read and write
|
||
|
22644C38000
|
heap
|
page read and write
|
||
|
22644CB1000
|
heap
|
page read and write
|
||
|
1A31F603000
|
heap
|
page read and write
|
||
|
226467FB000
|
heap
|
page read and write
|
||
|
226492EC000
|
heap
|
page read and write
|
||
|
22644C9E000
|
heap
|
page read and write
|
||
|
22644C7C000
|
heap
|
page read and write
|
||
|
22646780000
|
heap
|
page read and write
|
||
|
FD8FCFD000
|
stack
|
page read and write
|
||
|
22646B94000
|
heap
|
page read and write
|
||
|
1A31F612000
|
heap
|
page read and write
|
||
|
22646B6F000
|
heap
|
page read and write
|
||
|
230782D0000
|
heap
|
page read and write
|
||
|
226467B4000
|
heap
|
page read and write
|
||
|
183053EF000
|
heap
|
page read and write
|
||
|
22646BC1000
|
heap
|
page read and write
|
||
|
22646B99000
|
heap
|
page read and write
|
||
|
22646B96000
|
heap
|
page read and write
|
||
|
22646BA6000
|
heap
|
page read and write
|
||
|
22646B9A000
|
heap
|
page read and write
|
||
|
22644C69000
|
heap
|
page read and write
|
||
|
1EB84FE5000
|
heap
|
page read and write
|
||
|
22644C62000
|
heap
|
page read and write
|
||
|
22646BB5000
|
heap
|
page read and write
|
||
|
FD8FD7B000
|
stack
|
page read and write
|
||
|
18305349000
|
heap
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
22646BC1000
|
heap
|
page read and write
|
||
|
1EB84E90000
|
heap
|
page read and write
|
||
|
22644C8C000
|
heap
|
page read and write
|
||
|
22646BC1000
|
heap
|
page read and write
|
||
|
22646BCB000
|
heap
|
page read and write
|
||
|
22646B7F000
|
heap
|
page read and write
|
||
|
22646B96000
|
heap
|
page read and write
|
||
|
22646B88000
|
heap
|
page read and write
|
||
|
2264929F000
|
heap
|
page read and write
|
||
|
22646B67000
|
heap
|
page read and write
|
||
|
22644CBD000
|
heap
|
page read and write
|
||
|
226467CA000
|
heap
|
page read and write
|
||
|
22646730000
|
heap
|
page read and write
|
||
|
1EB84E8C000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
22646BA7000
|
heap
|
page read and write
|
||
|
22646786000
|
heap
|
page read and write
|
||
|
226492C3000
|
heap
|
page read and write
|
||
|
2264670D000
|
heap
|
page read and write
|
||
|
1A31F639000
|
heap
|
page read and write
|
||
|
22644C84000
|
heap
|
page read and write
|
||
|
1A31F633000
|
heap
|
page read and write
|
||
|
226492A3000
|
heap
|
page read and write
|
||
|
22646748000
|
heap
|
page read and write
|
||
|
226492D2000
|
heap
|
page read and write
|
||
|
1A31F614000
|
heap
|
page read and write
|
||
|
22646BAE000
|
heap
|
page read and write
|
||
|
22646B7F000
|
heap
|
page read and write
|
||
|
1A322C30000
|
trusted library allocation
|
page read and write
|
||
|
22646B74000
|
heap
|
page read and write
|
||
|
22644C4F000
|
heap
|
page read and write
|
||
|
7106FE000
|
stack
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
7105FD000
|
stack
|
page read and write
|
||
|
22649281000
|
heap
|
page read and write
|
||
|
22646BD7000
|
heap
|
page read and write
|
||
|
1EB84E9B000
|
heap
|
page read and write
|
||
|
226467E7000
|
heap
|
page read and write
|
||
|
226492BB000
|
heap
|
page read and write
|
||
|
22646B76000
|
heap
|
page read and write
|
||
|
22644CD2000
|
heap
|
page read and write
|
||
|
2264BB10000
|
heap
|
page readonly
|
||
|
7DF465501000
|
trusted library allocation
|
page execute read
|
||
|
22646B95000
|
heap
|
page read and write
|
||
|
1830536E000
|
heap
|
page read and write
|
||
|
1A31F625000
|
heap
|
page read and write
|
||
|
1EB84E7E000
|
heap
|
page read and write
|
||
|
22646734000
|
heap
|
page read and write
|
||
|
22644C5B000
|
heap
|
page read and write
|
||
|
22644C35000
|
heap
|
page read and write
|
||
|
1EB86FD0000
|
trusted library allocation
|
page read and write
|
||
|
22646BB1000
|
heap
|
page read and write
|
||
|
22646748000
|
heap
|
page read and write
|
||
|
1A31F645000
|
heap
|
page read and write
|
||
|
22646B6B000
|
heap
|
page read and write
|
||
|
1A31F410000
|
heap
|
page read and write
|
||
|
22646BB0000
|
heap
|
page read and write
|
||
|
2264661D000
|
heap
|
page read and write
|
||
|
22646BC5000
|
heap
|
page read and write
|
||
|
226467B4000
|
heap
|
page read and write
|
||
|
22646792000
|
heap
|
page read and write
|
||
|
22646BCC000
|
heap
|
page read and write
|
||
|
18305368000
|
heap
|
page read and write
|
||
|
226467C1000
|
heap
|
page read and write
|
||
|
226467DD000
|
heap
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
22646BA8000
|
heap
|
page read and write
|
||
|
22646700000
|
heap
|
page read and write
|
||
|
18305380000
|
heap
|
page read and write
|
||
|
226492EC000
|
heap
|
page read and write
|
||
|
FD8FBFE000
|
stack
|
page read and write
|
||
|
226492AD000
|
heap
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
22646BB2000
|
heap
|
page read and write
|
||
|
22646746000
|
heap
|
page read and write
|
||
|
22644CAC000
|
heap
|
page read and write
|
||
|
22646B84000
|
heap
|
page read and write
|
||
|
22644B20000
|
heap
|
page read and write
|
||
|
22644C08000
|
heap
|
page read and write
|
||
|
18305350000
|
heap
|
page read and write
|
||
|
18305392000
|
heap
|
page read and write
|
||
|
22646BA3000
|
heap
|
page read and write
|
||
|
226492BF000
|
heap
|
page read and write
|
||
|
22644CA5000
|
heap
|
page read and write
|
||
|
FD8F798000
|
stack
|
page read and write
|
||
|
22646BB5000
|
heap
|
page read and write
|
||
|
226492BF000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
22644C9B000
|
heap
|
page read and write
|
||
|
22644C8D000
|
heap
|
page read and write
|
||
|
7107FE000
|
stack
|
page read and write
|
||
|
226492EC000
|
heap
|
page read and write
|
||
|
18305366000
|
heap
|
page read and write
|
||
|
22646B9E000
|
heap
|
page read and write
|
||
|
2264670A000
|
heap
|
page read and write
|
||
|
22646BB9000
|
heap
|
page read and write
|
||
|
22646BA6000
|
heap
|
page read and write
|
||
|
22646752000
|
heap
|
page read and write
|
||
|
22646B7F000
|
heap
|
page read and write
|
||
|
1A31F615000
|
heap
|
page read and write
|
||
|
183051F0000
|
heap
|
page read and write
|
||
|
22644C28000
|
heap
|
page read and write
|
||
|
22646B72000
|
heap
|
page read and write
|
||
|
2264678B000
|
heap
|
page read and write
|
||
|
22646BD2000
|
heap
|
page read and write
|
||
|
226467BC000
|
heap
|
page read and write
|
||
|
22646BB9000
|
heap
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
22646BB5000
|
heap
|
page read and write
|
||
|
23078070000
|
heap
|
page read and write
|
||
|
22646BC1000
|
heap
|
page read and write
|
||
|
18306CA0000
|
trusted library allocation
|
page read and write
|
||
|
1A31F63B000
|
heap
|
page read and write
|
||
|
22644CB6000
|
heap
|
page read and write
|
||
|
22646BB9000
|
heap
|
page read and write
|
||
|
2264929F000
|
heap
|
page read and write
|
||
|
22646711000
|
heap
|
page read and write
|
||
|
22646BD2000
|
heap
|
page read and write
|
||
|
22646BA3000
|
heap
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
1830534C000
|
heap
|
page read and write
|
||
|
22646BD0000
|
heap
|
page read and write
|
||
|
22644AE0000
|
heap
|
page read and write
|
||
|
23077F70000
|
heap
|
page read and write
|
||
|
23078220000
|
heap
|
page read and write
|
||
|
22646803000
|
heap
|
page read and write
|
||
|
18305362000
|
heap
|
page read and write
|
||
|
FD8FAFE000
|
stack
|
page read and write
|
||
|
1EB84CF0000
|
heap
|
page read and write
|
||
|
7ED4EFD000
|
stack
|
page read and write
|
||
|
22646B9E000
|
heap
|
page read and write
|
||
|
1EB84E71000
|
heap
|
page read and write
|
||
|
1341D9E000
|
stack
|
page read and write
|
||
|
22646B77000
|
heap
|
page read and write
|
||
|
22646BC1000
|
heap
|
page read and write
|
||
|
22644C96000
|
heap
|
page read and write
|
||
|
1EB84E8C000
|
heap
|
page read and write
|
||
|
226492CF000
|
heap
|
page read and write
|
||
|
22646BB0000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
22646BDA000
|
heap
|
page read and write
|
||
|
22646B9E000
|
heap
|
page read and write
|
||
|
22646B7B000
|
heap
|
page read and write
|
||
|
22646BA8000
|
heap
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
1EB84E47000
|
heap
|
page read and write
|
||
|
22649290000
|
heap
|
page read and write
|
||
|
22646730000
|
heap
|
page read and write
|
||
|
18305349000
|
heap
|
page read and write
|
||
|
22644C4B000
|
heap
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
1EB84E9D000
|
heap
|
page read and write
|
||
|
226467B1000
|
heap
|
page read and write
|
||
|
22644C38000
|
heap
|
page read and write
|
||
|
22646BC6000
|
heap
|
page read and write
|
||
|
22646711000
|
heap
|
page read and write
|
||
|
230780B7000
|
heap
|
page read and write
|
||
|
22646736000
|
heap
|
page read and write
|
||
|
1EB84FB0000
|
heap
|
page read and write
|
||
|
9A0E57F000
|
stack
|
page read and write
|
||
|
22646BC1000
|
heap
|
page read and write
|
||
|
2264BC10000
|
heap
|
page read and write
|
||
|
22644CDE000
|
heap
|
page read and write
|
||
|
22644C8A000
|
heap
|
page read and write
|
||
|
22646BC6000
|
heap
|
page read and write
|
||
|
FD8FC7E000
|
stack
|
page read and write
|
||
|
1A31F62F000
|
heap
|
page read and write
|
||
|
22646B6F000
|
heap
|
page read and write
|
||
|
22646B84000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
22646615000
|
heap
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
18305345000
|
heap
|
page read and write
|
||
|
1EB84E82000
|
heap
|
page read and write
|
||
|
226492C9000
|
heap
|
page read and write
|
||
|
22646B8A000
|
heap
|
page read and write
|
||
|
22646B50000
|
heap
|
page read and write
|
||
|
22646BA7000
|
heap
|
page read and write
|
||
|
18306CC0000
|
heap
|
page read and write
|
||
|
22646738000
|
heap
|
page read and write
|
||
|
22646712000
|
heap
|
page read and write
|
||
|
1EB84E74000
|
heap
|
page read and write
|
||
|
1EB84DF0000
|
heap
|
page read and write
|
||
|
22646713000
|
heap
|
page read and write
|
||
|
18305384000
|
heap
|
page read and write
|
||
|
22644CC2000
|
heap
|
page read and write
|
||
|
1EB84E81000
|
heap
|
page read and write
|
||
|
22646B88000
|
heap
|
page read and write
|
||
|
1A31F62B000
|
heap
|
page read and write
|
||
|
22646772000
|
heap
|
page read and write
|
||
|
226492CB000
|
heap
|
page read and write
|
||
|
18307189000
|
heap
|
page read and write
|
||
|
18305392000
|
heap
|
page read and write
|
||
|
2264674E000
|
heap
|
page read and write
|
||
|
22646770000
|
heap
|
page read and write
|
||
|
22646BC6000
|
heap
|
page read and write
|
||
|
22644C31000
|
heap
|
page read and write
|
||
|
22644CB7000
|
heap
|
page read and write
|
||
|
22646B9A000
|
heap
|
page read and write
|
||
|
1EB84EA6000
|
heap
|
page read and write
|
||
|
2264BB00000
|
trusted library allocation
|
page read and write
|
||
|
183052D0000
|
heap
|
page read and write
|
||
|
7ED4DFD000
|
stack
|
page read and write
|
||
|
18306C00000
|
heap
|
page read and write
|
||
|
22646B61000
|
heap
|
page read and write
|
||
|
230780B0000
|
heap
|
page read and write
|
||
|
1A31F7D4000
|
heap
|
page read and write
|
||
|
22644CBF000
|
heap
|
page read and write
|
||
|
22646BBA000
|
heap
|
page read and write
|
||
|
22646BBD000
|
heap
|
page read and write
|
||
|
2264929F000
|
heap
|
page read and write
|
||
|
226467F2000
|
heap
|
page read and write
|
||
|
22646BB5000
|
heap
|
page read and write
|
||
|
9A0E4FE000
|
stack
|
page read and write
|
||
|
2264B392000
|
trusted library allocation
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
22644C79000
|
heap
|
page read and write
|
||
|
230782D5000
|
heap
|
page read and write
|
||
|
22644BE0000
|
heap
|
page read and write
|
||
|
22646BA8000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
22646BC0000
|
heap
|
page read and write
|
||
|
1EB84E92000
|
heap
|
page read and write
|
||
|
1A31F7F0000
|
heap
|
page read and write
|
||
|
22646BB1000
|
heap
|
page read and write
|
||
|
22646BAD000
|
heap
|
page read and write
|
||
|
22644CAF000
|
heap
|
page read and write
|
||
|
22649297000
|
heap
|
page read and write
|
||
|
22646B9E000
|
heap
|
page read and write
|
||
|
22646BC1000
|
heap
|
page read and write
|
||
|
22646BBD000
|
heap
|
page read and write
|
||
|
226492A4000
|
heap
|
page read and write
|
||
|
1EB86FE0000
|
trusted library allocation
|
page read and write
|
||
|
22644A00000
|
heap
|
page read and write
|
||
|
1A31F7F5000
|
heap
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
22646BBD000
|
heap
|
page read and write
|
||
|
226467DD000
|
heap
|
page read and write
|
||
|
1A31F63F000
|
heap
|
page read and write
|
||
|
22646B7F000
|
heap
|
page read and write
|
||
|
226492A4000
|
heap
|
page read and write
|
||
|
1A31F4F0000
|
heap
|
page read and write
|
||
|
2264673E000
|
heap
|
page read and write
|
||
|
18305387000
|
heap
|
page read and write
|
||
|
9A0E47C000
|
stack
|
page read and write
|
||
|
226467A4000
|
heap
|
page read and write
|
||
|
7ED4CFA000
|
stack
|
page read and write
|
||
|
22644C0E000
|
heap
|
page read and write
|
||
|
22646B96000
|
heap
|
page read and write
|
||
|
226492A9000
|
heap
|
page read and write
|
||
|
22646BC6000
|
heap
|
page read and write
|
||
|
22644C5B000
|
heap
|
page read and write
|
||
|
22646BB1000
|
heap
|
page read and write
|
||
|
18308C70000
|
trusted library allocation
|
page read and write
|
||
|
226467E4000
|
heap
|
page read and write
|
||
|
18305366000
|
heap
|
page read and write
|
||
|
22646BB1000
|
heap
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
22646B84000
|
heap
|
page read and write
|
||
|
18305390000
|
heap
|
page read and write
|
||
|
22644CDA000
|
heap
|
page read and write
|
||
|
1830536B000
|
heap
|
page read and write
|
||
|
2264679C000
|
heap
|
page read and write
|
||
|
22646BC2000
|
heap
|
page read and write
|
||
|
22646BA6000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
22646BBA000
|
heap
|
page read and write
|
||
|
22646752000
|
heap
|
page read and write
|
||
|
22646B79000
|
heap
|
page read and write
|
||
|
1EB84E9E000
|
heap
|
page read and write
|
||
|
22644CBE000
|
heap
|
page read and write
|
||
|
22644C31000
|
heap
|
page read and write
|
||
|
22646752000
|
heap
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
18306D23000
|
heap
|
page read and write
|
||
|
226492A7000
|
heap
|
page read and write
|
||
|
22646B7F000
|
heap
|
page read and write
|
||
|
22644CBE000
|
heap
|
page read and write
|
||
|
22646B88000
|
heap
|
page read and write
|
||
|
22649290000
|
heap
|
page read and write
|
||
|
22644C8F000
|
heap
|
page read and write
|
||
|
22646BCA000
|
heap
|
page read and write
|
||
|
226467E0000
|
heap
|
page read and write
|
||
|
22644C7C000
|
heap
|
page read and write
|
||
|
226467EC000
|
heap
|
page read and write
|
||
|
226492E5000
|
heap
|
page read and write
|
||
|
22646BA8000
|
heap
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
22646B9E000
|
heap
|
page read and write
|
||
|
22646BB8000
|
heap
|
page read and write
|
||
|
22644CA4000
|
heap
|
page read and write
|
||
|
22646B89000
|
heap
|
page read and write
|
||
|
7109FF000
|
stack
|
page read and write
|
||
|
1A31F590000
|
heap
|
page read and write
|
||
|
1830534A000
|
heap
|
page read and write
|
||
|
1EB84F80000
|
trusted library allocation
|
page read and write
|
||
|
22649644000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
18305351000
|
heap
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
22644C8D000
|
heap
|
page read and write
|
||
|
22646BC5000
|
heap
|
page read and write
|
||
|
1341C99000
|
stack
|
page read and write
|
||
|
22644CA9000
|
heap
|
page read and write
|
||
|
2264675F000
|
heap
|
page read and write
|
||
|
22644C7C000
|
heap
|
page read and write
|
||
|
2264674E000
|
heap
|
page read and write
|
||
|
22644CA7000
|
heap
|
page read and write
|
||
|
22646BB9000
|
heap
|
page read and write
|
||
|
226492D1000
|
heap
|
page read and write
|
||
|
22646B88000
|
heap
|
page read and write
|
||
|
22646BBE000
|
heap
|
page read and write
|
||
|
1EB84F70000
|
heap
|
page read and write
|
||
|
18305341000
|
heap
|
page read and write
|
||
|
1EB88530000
|
trusted library allocation
|
page read and write
|
||
|
1A31F7D0000
|
heap
|
page read and write
|
||
|
22646BCA000
|
heap
|
page read and write
|
||
|
22646BBE000
|
heap
|
page read and write
|
||
|
1830538F000
|
heap
|
page read and write
|
||
|
22646BC5000
|
heap
|
page read and write
|
||
|
22644CCE000
|
heap
|
page read and write
|
||
|
18306C0C000
|
heap
|
page read and write
|
||
|
9A0E5FE000
|
stack
|
page read and write
|
||
|
22646B7B000
|
heap
|
page read and write
|
||
|
1A323431000
|
heap
|
page read and write
|
||
|
22646786000
|
heap
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
1EB84E81000
|
heap
|
page read and write
|
||
|
22646BB2000
|
heap
|
page read and write
|
||
|
18306D20000
|
heap
|
page read and write
|
||
|
1830533E000
|
heap
|
page read and write
|
||
|
7ED52FE000
|
stack
|
page read and write
|
||
|
22646B69000
|
heap
|
page read and write
|
||
|
2264673C000
|
heap
|
page read and write
|
||
|
22646B9E000
|
heap
|
page read and write
|
||
|
22646BA7000
|
heap
|
page read and write
|
||
|
2264929B000
|
heap
|
page read and write
|
||
|
22644C84000
|
heap
|
page read and write
|
||
|
1EB84EA6000
|
heap
|
page read and write
|
||
|
22646BBD000
|
heap
|
page read and write
|
||
|
22646B79000
|
heap
|
page read and write
|
||
|
226492B7000
|
heap
|
page read and write
|
||
|
1A31F61D000
|
heap
|
page read and write
|
||
|
1341D1D000
|
stack
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
1A3214D0000
|
trusted library allocation
|
page read and write
|
||
|
226467E7000
|
heap
|
page read and write
|
||
|
22646762000
|
heap
|
page read and write
|
||
|
2264675D000
|
heap
|
page read and write
|
||
|
22646BB1000
|
heap
|
page read and write
|
||
|
18307188000
|
heap
|
page read and write
|
||
|
22646BCA000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
1A31F60F000
|
heap
|
page read and write
|
||
|
22646BBD000
|
heap
|
page read and write
|
||
|
22646BA8000
|
heap
|
page read and write
|
||
|
226492BB000
|
heap
|
page read and write
|
||
|
1EB8679A000
|
heap
|
page read and write
|
||
|
22646BCB000
|
heap
|
page read and write
|
||
|
1EB84F73000
|
heap
|
page read and write
|
||
|
1A31F6D0000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
7104FA000
|
stack
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
22646BBD000
|
heap
|
page read and write
|
||
|
18305341000
|
heap
|
page read and write
|
||
|
22646767000
|
heap
|
page read and write
|
||
|
1EB84E8B000
|
heap
|
page read and write
|
||
|
22646BB5000
|
heap
|
page read and write
|
||
|
22646706000
|
heap
|
page read and write
|
||
|
22646B72000
|
heap
|
page read and write
|
||
|
226492A3000
|
heap
|
page read and write
|
||
|
22646BA3000
|
heap
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
226492C9000
|
heap
|
page read and write
|
||
|
1A31F5E3000
|
heap
|
page read and write
|
||
|
1EB84E7A000
|
heap
|
page read and write
|
||
|
1A31F6E1000
|
heap
|
page read and write
|
||
|
226467DE000
|
heap
|
page read and write
|
||
|
22646BB5000
|
heap
|
page read and write
|
||
|
22644C6F000
|
heap
|
page read and write
|
||
|
22646BBD000
|
heap
|
page read and write
|
||
|
22646B70000
|
heap
|
page read and write
|
||
|
226492D3000
|
heap
|
page read and write
|
||
|
226492E9000
|
heap
|
page read and write
|
||
|
1A31F6D8000
|
heap
|
page read and write
|
||
|
7ED51FE000
|
stack
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
22646B96000
|
heap
|
page read and write
|
||
|
22646B96000
|
heap
|
page read and write
|
||
|
22646B9E000
|
heap
|
page read and write
|
||
|
18305347000
|
heap
|
page read and write
|
||
|
18305318000
|
heap
|
page read and write
|
||
|
22646BB1000
|
heap
|
page read and write
|
||
|
22644C84000
|
heap
|
page read and write
|
||
|
22646BB9000
|
heap
|
page read and write
|
||
|
22646B9A000
|
heap
|
page read and write
|
||
|
18305393000
|
heap
|
page read and write
|
||
|
22646B9A000
|
heap
|
page read and write
|
||
|
226467EC000
|
heap
|
page read and write
|
||
|
13420FE000
|
stack
|
page read and write
|
||
|
22646725000
|
heap
|
page read and write
|
||
|
22646BC1000
|
heap
|
page read and write
|
||
|
22646B96000
|
heap
|
page read and write
|
||
|
134207E000
|
stack
|
page read and write
|
||
|
226467FE000
|
heap
|
page read and write
|
||
|
22646B88000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
18305310000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
1EB84E8F000
|
heap
|
page read and write
|
||
|
22644C77000
|
heap
|
page read and write
|
||
|
2264673A000
|
heap
|
page read and write
|
||
|
22649280000
|
heap
|
page read and write
|
||
|
22646800000
|
heap
|
page read and write
|
||
|
22646B60000
|
heap
|
page read and write
|
||
|
226492D4000
|
heap
|
page read and write
|
||
|
1A31F5FF000
|
heap
|
page read and write
|
||
|
226492B7000
|
heap
|
page read and write
|
||
|
22646B84000
|
heap
|
page read and write
|
||
|
1A31F510000
|
heap
|
page read and write
|
||
|
22646BC5000
|
heap
|
page read and write
|
||
|
18305346000
|
heap
|
page read and write
|
||
|
22646BBE000
|
heap
|
page read and write
|
||
|
226492BF000
|
heap
|
page read and write
|
||
|
22646BDA000
|
heap
|
page read and write
|
||
|
18305349000
|
heap
|
page read and write
|
||
|
18309470000
|
heap
|
page read and write
|
||
|
13421FE000
|
stack
|
page read and write
|
||
|
1EB84E78000
|
heap
|
page read and write
|
||
|
226467C5000
|
heap
|
page read and write
|
||
|
22646B95000
|
heap
|
page read and write
|
||
|
22644C77000
|
heap
|
page read and write
|
||
|
226492BB000
|
heap
|
page read and write
|
||
|
226492BD000
|
heap
|
page read and write
|
||
|
22646789000
|
heap
|
page read and write
|
||
|
2264679B000
|
heap
|
page read and write
|
||
|
18305345000
|
heap
|
page read and write
|
||
|
22646B7F000
|
heap
|
page read and write
|
||
|
22646BA6000
|
heap
|
page read and write
|
||
|
22646B94000
|
heap
|
page read and write
|
||
|
226467FE000
|
heap
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
22646759000
|
heap
|
page read and write
|
||
|
226467F2000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
22644C28000
|
heap
|
page read and write
|
||
|
2264679E000
|
heap
|
page read and write
|
||
|
2264676B000
|
heap
|
page read and write
|
||
|
226467EC000
|
heap
|
page read and write
|
||
|
22644C89000
|
heap
|
page read and write
|
||
|
1A32180B000
|
heap
|
page read and write
|
||
|
23078050000
|
heap
|
page read and write
|
||
|
22646B96000
|
heap
|
page read and write
|
||
|
18305384000
|
heap
|
page read and write
|
||
|
226492C1000
|
heap
|
page read and write
|
||
|
1EB84E81000
|
heap
|
page read and write
|
||
|
2264661E000
|
heap
|
page read and write
|
||
|
226467BC000
|
heap
|
page read and write
|
||
|
22646BA8000
|
heap
|
page read and write
|
||
|
22646BCA000
|
heap
|
page read and write
|
||
|
1A31F5D7000
|
heap
|
page read and write
|
||
|
1A31F60F000
|
heap
|
page read and write
|
||
|
22646BC1000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
22646610000
|
heap
|
page read and write
|
||
|
22646BC1000
|
heap
|
page read and write
|
||
|
18307160000
|
heap
|
page read and write
|
||
|
22649290000
|
heap
|
page read and write
|
||
|
22644C71000
|
heap
|
page read and write
|
||
|
22646730000
|
heap
|
page read and write
|
||
|
22646BA2000
|
heap
|
page read and write
|
||
|
1EB84E82000
|
heap
|
page read and write
|
||
|
226467E7000
|
heap
|
page read and write
|
||
|
22646BB5000
|
heap
|
page read and write
|
||
|
226467BC000
|
heap
|
page read and write
|
||
|
1EB84E74000
|
heap
|
page read and write
|
||
|
18306C05000
|
heap
|
page read and write
|
||
|
1A31F5D0000
|
heap
|
page read and write
|
||
|
22646BC6000
|
heap
|
page read and write
|
||
|
22646BBC000
|
heap
|
page read and write
|
||
|
1830538E000
|
heap
|
page read and write
|
||
|
2264B8A0000
|
heap
|
page read and write
|
||
|
22646728000
|
heap
|
page read and write
|
||
|
1830535D000
|
heap
|
page read and write
|
||
|
22646BB5000
|
heap
|
page read and write
|
||
|
22649290000
|
heap
|
page read and write
|
||
|
2264677A000
|
heap
|
page read and write
|
||
|
22646763000
|
heap
|
page read and write
|
||
|
2264675B000
|
heap
|
page read and write
|
||
|
22644CCA000
|
heap
|
page read and write
|
||
|
1A321600000
|
trusted library allocation
|
page read and write
|
||
|
1A31F60E000
|
heap
|
page read and write
|
||
|
22646BB2000
|
heap
|
page read and write
|
||
|
22644C07000
|
heap
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
22646746000
|
heap
|
page read and write
|
||
|
22646730000
|
heap
|
page read and write
|
||
|
22644CB4000
|
heap
|
page read and write
|
||
|
18305371000
|
heap
|
page read and write
|
||
|
22644C8A000
|
heap
|
page read and write
|
||
|
22644CBB000
|
heap
|
page read and write
|
||
|
22646BB5000
|
heap
|
page read and write
|
||
|
18307161000
|
heap
|
page read and write
|
||
|
22646BAC000
|
heap
|
page read and write
|
||
|
22646BA4000
|
heap
|
page read and write
|
||
|
22646B9F000
|
heap
|
page read and write
|
||
|
FD8FA7E000
|
stack
|
page read and write
|
||
|
7108FE000
|
stack
|
page read and write
|
||
|
22644C7C000
|
heap
|
page read and write
|
||
|
22646B91000
|
heap
|
page read and write
|
||
|
18309672000
|
heap
|
page read and write
|
||
|
134217F000
|
stack
|
page read and write
|
||
|
1EB88530000
|
trusted library allocation
|
page read and write
|
||
|
FD8FB7D000
|
stack
|
page read and write
|
||
|
1A31F615000
|
heap
|
page read and write
|
||
|
1EB84DD0000
|
heap
|
page read and write
|
||
|
22646BD9000
|
heap
|
page read and write
|
There are 591 hidden memdumps, click here to show them.