Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RadProCalculator3.26_64BSetup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\lang.loc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia.tmp
|
ASCII text, with very long lines (343), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\RadProCalculator3.26_64BSetup.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Revision Number: {FBE2F65D-00D5-4F6D-9B60-35D3C6EDD74F},
Number of Words: 0, Number of Pages: 200, Template: Intel;1033, Title: Rad Pro Calculator, Subject: Rad Pro Calculator Installation,
Keywords: Installer, MSI, Database, Author: Rad Pro Calculator Software Development, Comments: All rights reserved, Name of
Creating Application: InstallAware, Security: 0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\RadProSplash.jpg
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 1440x1440, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS3 Windows, datetime=2007:08:18 19:15:58], baseline, precision 8, 465x281, components 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\componentslist.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\componentstree.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\destination.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\destination.dfm.miaf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\finish.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\finish.dfm.miaf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\gray.avi
|
RIFF (little-endian) data, AVI, 107 x 31, 10.00 fps, video:
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\icon.ico
|
MS Windows icon resource - 2 icons, 16x16, 32x32
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\index.htm
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\license.rtf
|
Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\licensecheck.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\licensecheck.dfm.miaf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\licenseradio.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\licenseradio.dfm.miaf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\licensetext.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\licensetext.dfm.miaf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\mMSIExec.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\maintenance.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\prereq.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\prereq.dfm.miaf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\progress.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\progress.dfm.miaf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\progressprereq.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\readme.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\registration.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\registration.dfm.miaf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\registrationwithserial.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\registrationwithserial.dfm.miaf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\setuptype.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\startinstallation.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\startmenu.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\startmenu.dfm.miaf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\transparent.ico
|
MS Windows icon resource - 2 icons, 16x16, 32x32
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\welcome.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\welcome.dfm.miaf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia1\wizard.dfm
|
JPEG XL codestream
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\RadProCalculator3.26_64BSetup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\RadProCalculator3.26_64BSetup.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Revision Number: {FBE2F65D-00D5-4F6D-9B60-35D3C6EDD74F},
Number of Words: 0, Number of Pages: 200, Template: Intel;1033, Title: Rad Pro Calculator, Subject: Rad Pro Calculator Installation,
Keywords: Installer, MSI, Database, Author: Rad Pro Calculator Software Development, Comments: All rights reserved, Name of
Creating Application: InstallAware, Security: 0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\RadProCalculator3.26_64BSetup.res
|
7-zip archive data, version 0.2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\1C1753FF\242A76C8\Rad Pro Calculator References.pdf
|
PDF document, version 1.4, 2 pages
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\1E27FC18\242A76C8\ShieldingandBuildup.pdf
|
PDF document, version 1.4, 7 pages
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\1E89F593\242A76C8\file.doc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\2635807C\242A76C8\Rad Pro Settings-DONT DELETE.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\28D15CAF\242A76C8\AxInterop.ComCtl2.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\353EFE74\242A76C8\Uranium.rtf
|
Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\489D2344\242A76C8\Interop.VBIDE.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\4D693B19\242A76C8\Settings.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\5779DC17\242A76C8\RadProCalculator.exe.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (451), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\6E19DDB9\242A76C8\Notice of Disclaimer Rad Pro Calculator.rtf
|
Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\764C6FA8\242A76C8\RadProCalculator.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\884935FF\242A76C8\Rad Pro Calculator References.rtf
|
Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\9B25A4E7\242A76C8\Interop.Microsoft.Office.Interop.Excel.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\9DCC724B\242A76C8\RadProCalculator.xml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\A6542D7A\242A76C8\RadProCalculator.application
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (497), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\ABF56A8A\C6DB425E\Rad Pro Settings-DONT DELETE.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\B00CA824\242A76C8\RadProCalculator.pdb
|
MSVC program database ver 7.00, 512*1287 bytes
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\B2FB7337\242A76C8\ShieldingandBuildup.doc
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Title: Basic Shielding Formula:,
Author: Ray, Template: Normal.dot, Last Saved By: Ray, Revision Number: 24, Name of Creating Application: Microsoft Office
Word, Total Editing Time: 10:33:00, Last Printed: Thu May 3 03:21:00 2007, Create Time/Date: Sat Jan 27 04:07:00 2007, Last
Saved Time/Date: Sun Aug 5 23:41:00 2007, Number of Pages: 1, Number of Words: 1337, Number of Characters: 6958, Security:
0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\D1E532D5\242A76C8\RadPro License.rtf
|
Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\DA2F022C\242A76C8\Contact Rad Pro Calculator.rtf
|
Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\DEFF21C9\242A76C8\Interop.ComctlLib.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\EF8B86D1\242A76C8\Help for Rad Pro Calculator.pdf
|
PDF document, version 1.4, 21 pages
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\F10E7C53\242A76C8\Interop.ComCtl2.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\F3319620\242A76C8\Interop.Microsoft.Office.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\OFFLINE\F699690B\242A76C8\AxInterop.ComctlLib.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\RadProCalculator3.26_64BSetup.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Revision Number: {FBE2F65D-00D5-4F6D-9B60-35D3C6EDD74F},
Number of Words: 0, Number of Pages: 200, Template: Intel;1033, Title: Rad Pro Calculator, Subject: Rad Pro Calculator Installation,
Keywords: Installer, MSI, Database, Author: Rad Pro Calculator Software Development, Comments: All rights reserved, Name of
Creating Application: InstallAware, Security: 0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\gdiplus.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\data\mMSI.dll\mMSIExec.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\mia.lib
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\setup.bmp
|
PC bitmap, Windows 3.x format, 465 x 281 x 24, image size 392276, resolution 3780 x 3780 px/m, cbSize 392330, bits offset
54
|
dropped
|
There are 64 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\RadProCalculator3.26_64BSetup.exe
|
"C:\Users\user\Desktop\RadProCalculator3.26_64BSetup.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\mia400B.tmp\RadProCalculator3.26_64BSetup.exe
|
.\RadProCalculator3.26_64BSetup.exe /m="C:\Users\user\Desktop\RADPRO~1.EXE" /k=""
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ie.lbl.gov/toi.html)/S/URI
|
unknown
|
||
|
http://physics.nist.gov/PhysRefData/XrayMassCoef/tab3.html
|
unknown
|
||
|
http://www.epa.gov/radiation/marssim/obtain.html)/S/URI
|
unknown
|
||
|
http://www.pacificrad.com/pages/publications.html)/S/URI
|
unknown
|
||
|
http://www.installaware.comz
|
unknown
|
||
|
http://www.radprocalculator.com/Request.aspxGmailto:support
|
unknown
|
||
|
http://www.InstallAware.com/open
|
unknown
|
||
|
http://www.radprocalculator.com/
|
unknown
|
||
|
http://www.epa.gov/radiation/marssim/docs/revision1_August_2002corrections/chapter6.pdf)/S/URI
|
unknown
|
||
|
http://www.ans.org/store/vi-240180
|
unknown
|
||
|
http://www.installaware.com/
|
unknown
|
||
|
http://physics.nist.gov/xaamdi
|
unknown
|
||
|
http://www.radprocalculator.com/request.aspx
|
unknown
|
||
|
http://physics.nist.gov/PhysRefData/XrayMassCoef/tab4.html
|
unknown
|
||
|
http://www.wmginc.com/Software/MegaShield/megashield.htm)/S/URI
|
unknown
|
||
|
http://www.ans.org/store/vi-240180)/S/URI
|
unknown
|
||
|
http://www.pacificrad.com/pages/publications.html
|
unknown
|
||
|
http://www.installaware.com/InstallAware
|
unknown
|
||
|
http://ie.lbl.gov/toi.html
|
unknown
|
||
|
http://www.InstallAware.com/
|
unknown
|
||
|
http://physics.nist.gov/PhysRefData/XrayMassCoef/tab3.htmla
|
unknown
|
||
|
http://physics.nist.gov/PhysRefData/XrayMassCoef/tab4.html)/S/URI
|
unknown
|
||
|
http://www.radprocalculator.com/Request.aspx)/S/URI
|
unknown
|
||
|
http://physics.nist.gov/PhysRefData/XrayMassCoef/tab3.html)/S/URI
|
unknown
|
||
|
http://www.radiationsoftware.com/mshield.html)/S/URI
|
unknown
|
There are 15 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\RadProCalculator3.26_64BSetup.exe
|
IsHostApp
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
443E000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
41EA000
|
heap
|
page read and write
|
||
|
4240000
|
heap
|
page read and write
|
||
|
246E000
|
direct allocation
|
page read and write
|
||
|
3E6C000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7FDF0000
|
direct allocation
|
page read and write
|
||
|
2D72000
|
heap
|
page read and write
|
||
|
9D1000
|
heap
|
page read and write
|
||
|
2D8E000
|
heap
|
page read and write
|
||
|
5E7000
|
unkown
|
page write copy
|
||
|
4464000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
3507000
|
heap
|
page read and write
|
||
|
4317000
|
heap
|
page read and write
|
||
|
298E000
|
stack
|
page read and write
|
||
|
2FAB000
|
direct allocation
|
page read and write
|
||
|
AD5000
|
heap
|
page read and write
|
||
|
4376000
|
heap
|
page read and write
|
||
|
4306000
|
heap
|
page read and write
|
||
|
4254000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
41DB000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
4174000
|
heap
|
page read and write
|
||
|
23A9000
|
heap
|
page read and write
|
||
|
42BA000
|
heap
|
page read and write
|
||
|
7FE3E000
|
direct allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
4450000
|
heap
|
page read and write
|
||
|
2417000
|
direct allocation
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
2D6F000
|
heap
|
page read and write
|
||
|
2D83000
|
heap
|
page read and write
|
||
|
4590000
|
trusted library allocation
|
page read and write
|
||
|
2D95000
|
heap
|
page read and write
|
||
|
432D000
|
heap
|
page read and write
|
||
|
2F99000
|
direct allocation
|
page read and write
|
||
|
43EF000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
427000
|
unkown
|
page readonly
|
||
|
97000
|
stack
|
page read and write
|
||
|
307B000
|
direct allocation
|
page read and write
|
||
|
9DE000
|
heap
|
page read and write
|
||
|
248B000
|
direct allocation
|
page read and write
|
||
|
43DC000
|
heap
|
page read and write
|
||
|
2D61000
|
heap
|
page read and write
|
||
|
3098000
|
direct allocation
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
2404000
|
direct allocation
|
page read and write
|
||
|
7FE42000
|
direct allocation
|
page read and write
|
||
|
7FE43000
|
direct allocation
|
page read and write
|
||
|
41AE000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
2467000
|
direct allocation
|
page read and write
|
||
|
4170000
|
heap
|
page read and write
|
||
|
372F000
|
heap
|
page read and write
|
||
|
9B1000
|
heap
|
page read and write
|
||
|
4202000
|
heap
|
page read and write
|
||
|
9A3000
|
heap
|
page read and write
|
||
|
3E38000
|
heap
|
page read and write
|
||
|
30E3000
|
direct allocation
|
page read and write
|
||
|
2FB5000
|
direct allocation
|
page read and write
|
||
|
7FDF0000
|
direct allocation
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
3063000
|
direct allocation
|
page read and write
|
||
|
7FE46000
|
direct allocation
|
page read and write
|
||
|
23C8000
|
direct allocation
|
page read and write
|
||
|
420000
|
unkown
|
page write copy
|
||
|
4246000
|
heap
|
page read and write
|
||
|
24CC000
|
direct allocation
|
page read and write
|
||
|
2BDF000
|
stack
|
page read and write
|
||
|
3EA1000
|
heap
|
page read and write
|
||
|
41FC000
|
heap
|
page read and write
|
||
|
24A8000
|
direct allocation
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
302E000
|
direct allocation
|
page read and write
|
||
|
242D000
|
direct allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
19C000
|
stack
|
page read and write
|
||
|
40A3000
|
heap
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
427B000
|
heap
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
93A000
|
heap
|
page read and write
|
||
|
10069000
|
unkown
|
page readonly
|
||
|
714000
|
heap
|
page read and write
|
||
|
431B000
|
heap
|
page read and write
|
||
|
5D6000
|
unkown
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
243B000
|
direct allocation
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
4477000
|
heap
|
page read and write
|
||
|
4402000
|
heap
|
page read and write
|
||
|
422D000
|
heap
|
page read and write
|
||
|
10057000
|
unkown
|
page readonly
|
||
|
309E000
|
direct allocation
|
page read and write
|
||
|
2F95000
|
direct allocation
|
page read and write
|
||
|
4277000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
4408000
|
heap
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
7FDF0000
|
direct allocation
|
page read and write
|
||
|
7FBB0000
|
direct allocation
|
page read and write
|
||
|
4362000
|
heap
|
page read and write
|
||
|
23D7000
|
direct allocation
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
7FD90000
|
direct allocation
|
page read and write
|
||
|
7FDFF000
|
direct allocation
|
page read and write
|
||
|
7FE00000
|
direct allocation
|
page read and write
|
||
|
3004000
|
direct allocation
|
page read and write
|
||
|
2370000
|
direct allocation
|
page execute and read and write
|
||
|
1005E000
|
unkown
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
240B000
|
direct allocation
|
page read and write
|
||
|
434F000
|
heap
|
page read and write
|
||
|
427000
|
unkown
|
page readonly
|
||
|
4388000
|
heap
|
page read and write
|
||
|
30FD000
|
direct allocation
|
page read and write
|
||
|
2499000
|
direct allocation
|
page read and write
|
||
|
4412000
|
heap
|
page read and write
|
||
|
197000
|
stack
|
page read and write
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
2FB9000
|
direct allocation
|
page read and write
|
||
|
93E000
|
heap
|
page read and write
|
||
|
3CA7000
|
heap
|
page read and write
|
||
|
23A5000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
2400000
|
direct allocation
|
page read and write
|
||
|
4428000
|
heap
|
page read and write
|
||
|
5E0000
|
unkown
|
page read and write
|
||
|
9D3000
|
heap
|
page read and write
|
||
|
3140000
|
direct allocation
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
9A2000
|
heap
|
page read and write
|
||
|
7FE00000
|
direct allocation
|
page read and write
|
||
|
23DF000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7FDC0000
|
direct allocation
|
page read and write
|
||
|
9DE000
|
heap
|
page read and write
|
||
|
4250000
|
heap
|
page read and write
|
||
|
2515000
|
heap
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
244A000
|
direct allocation
|
page read and write
|
||
|
42A2000
|
heap
|
page read and write
|
||
|
26C7000
|
heap
|
page read and write
|
||
|
42F0000
|
heap
|
page read and write
|
||
|
41D5000
|
heap
|
page read and write
|
||
|
2492000
|
direct allocation
|
page read and write
|
||
|
9AC000
|
heap
|
page read and write
|
||
|
7FD90000
|
direct allocation
|
page read and write
|
||
|
28EF000
|
stack
|
page read and write
|
||
|
23B0000
|
direct allocation
|
page read and write
|
||
|
23E6000
|
direct allocation
|
page read and write
|
||
|
23FA000
|
direct allocation
|
page read and write
|
||
|
4610000
|
trusted library allocation
|
page read and write
|
||
|
60C000
|
unkown
|
page readonly
|
||
|
4372000
|
heap
|
page read and write
|
||
|
23D5000
|
direct allocation
|
page read and write
|
||
|
24B6000
|
direct allocation
|
page read and write
|
||
|
9B2000
|
heap
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
9C2000
|
heap
|
page read and write
|
||
|
4333000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
2475000
|
direct allocation
|
page read and write
|
||
|
7CB000
|
heap
|
page read and write
|
||
|
28FA000
|
heap
|
page read and write
|
||
|
41BF000
|
heap
|
page read and write
|
||
|
4186000
|
heap
|
page read and write
|
||
|
2383000
|
heap
|
page read and write
|
||
|
3617000
|
heap
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5E4000
|
unkown
|
page read and write
|
||
|
9AF000
|
heap
|
page read and write
|
||
|
4229000
|
heap
|
page read and write
|
||
|
420000
|
unkown
|
page read and write
|
||
|
7FDF0000
|
direct allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
19F000
|
stack
|
page read and write
|
||
|
3008000
|
direct allocation
|
page read and write
|
||
|
2D63000
|
heap
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
43C0000
|
heap
|
page read and write
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
438E000
|
heap
|
page read and write
|
||
|
7FDE4000
|
direct allocation
|
page read and write
|
||
|
4F0F000
|
stack
|
page read and write
|
||
|
24C4000
|
direct allocation
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
24AF000
|
direct allocation
|
page read and write
|
||
|
7EA000
|
heap
|
page read and write
|
||
|
41B4000
|
heap
|
page read and write
|
||
|
4461000
|
heap
|
page read and write
|
||
|
4580000
|
trusted library allocation
|
page read and write
|
||
|
2451000
|
direct allocation
|
page read and write
|
||
|
442E000
|
heap
|
page read and write
|
||
|
2B41000
|
heap
|
page read and write
|
||
|
430C000
|
heap
|
page read and write
|
||
|
2D69000
|
heap
|
page read and write
|
||
|
30EA000
|
direct allocation
|
page read and write
|
||
|
41C2000
|
heap
|
page read and write
|
||
|
4456000
|
heap
|
page read and write
|
||
|
2D8A000
|
heap
|
page read and write
|
||
|
447D000
|
heap
|
page read and write
|
||
|
418C000
|
heap
|
page read and write
|
||
|
42E5000
|
heap
|
page read and write
|
||
|
2D84000
|
heap
|
page read and write
|
||
|
7FE31000
|
direct allocation
|
page read and write
|
||
|
2D6A000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
3A24000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
3029000
|
direct allocation
|
page read and write
|
||
|
4368000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
2D67000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
7FDF0000
|
direct allocation
|
page read and write
|
||
|
2434000
|
direct allocation
|
page read and write
|
||
|
9D8000
|
heap
|
page read and write
|
||
|
3065000
|
heap
|
page read and write
|
||
|
429E000
|
heap
|
page read and write
|
||
|
443A000
|
heap
|
page read and write
|
||
|
4293000
|
heap
|
page read and write
|
||
|
44CE000
|
stack
|
page read and write
|
||
|
2458000
|
direct allocation
|
page read and write
|
||
|
4416000
|
heap
|
page read and write
|
||
|
32B9000
|
heap
|
page read and write
|
||
|
9AD000
|
heap
|
page read and write
|
||
|
806000
|
heap
|
page read and write
|
||
|
2FDE000
|
direct allocation
|
page read and write
|
||
|
9A7000
|
heap
|
page read and write
|
||
|
2FFB000
|
direct allocation
|
page read and write
|
||
|
7E4000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
2510000
|
heap
|
page read and write
|
||
|
43D6000
|
heap
|
page read and write
|
||
|
9A6000
|
heap
|
page read and write
|
||
|
305F000
|
direct allocation
|
page read and write
|
||
|
419B000
|
heap
|
page read and write
|
||
|
3075000
|
direct allocation
|
page read and write
|
||
|
42C9000
|
heap
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
434B000
|
heap
|
page read and write
|
||
|
43C4000
|
heap
|
page read and write
|
||
|
3120000
|
unkown
|
page readonly
|
||
|
2D7D000
|
heap
|
page read and write
|
||
|
3088000
|
direct allocation
|
page read and write
|
||
|
42F4000
|
heap
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
3CC1000
|
heap
|
page read and write
|
||
|
4266000
|
heap
|
page read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
4399000
|
heap
|
page read and write
|
||
|
43EB000
|
heap
|
page read and write
|
||
|
426C000
|
heap
|
page read and write
|
||
|
2426000
|
direct allocation
|
page read and write
|
||
|
43AF000
|
heap
|
page read and write
|
||
|
9DE000
|
heap
|
page read and write
|
||
|
439D000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
42B4000
|
heap
|
page read and write
|
||
|
971000
|
heap
|
page read and write
|
||
|
30E0000
|
direct allocation
|
page read and write
|
||
|
428D000
|
heap
|
page read and write
|
||
|
42CD000
|
heap
|
page read and write
|
||
|
43B5000
|
heap
|
page read and write
|
||
|
7FE46000
|
direct allocation
|
page read and write
|
||
|
2D99000
|
heap
|
page read and write
|
||
|
998000
|
heap
|
page read and write
|
||
|
41E6000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
910000
|
heap
|
page read and write
|
||
|
3011000
|
direct allocation
|
page read and write
|
||
|
7FDE6000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2443000
|
direct allocation
|
page read and write
|
||
|
5D6000
|
unkown
|
page write copy
|
||
|
2FAD000
|
direct allocation
|
page read and write
|
||
|
24BD000
|
direct allocation
|
page read and write
|
||
|
7FE46000
|
direct allocation
|
page read and write
|
||
|
2D6A000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
42DF000
|
heap
|
page read and write
|
||
|
7ED000
|
heap
|
page read and write
|
||
|
4197000
|
heap
|
page read and write
|
||
|
304E000
|
direct allocation
|
page read and write
|
||
|
2D67000
|
heap
|
page read and write
|
||
|
5DD000
|
unkown
|
page read and write
|
There are 293 hidden memdumps, click here to show them.