Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
z47Danfe-Pedido17042024.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {6C45439E-A88E-41DC-9A93-D7C1C5C47F8E}, Number of Words: 10, Subject: DaemonToolsPro, Author: Daemon Tools
Pro, Name of Creating Application: DaemonToolsPro, Template: ;1033, Comments: This installer database contains the logic and
data required to install DaemonToolsPro., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date:
Sat Apr 13 20:13:19 2024, Last Saved Time/Date: Sat Apr 13 20:13:19 2024, Last Printed: Sat Apr 13 20:13:19 2024, Number of
Pages: 450
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\DTCommonRes.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\FomsTudio .exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI561C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI56F8.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI5747.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI5777.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI5824.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\3f542a.rbs
|
data
|
modified
|
||
|
C:\Windows\Installer\3f5428.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {6C45439E-A88E-41DC-9A93-D7C1C5C47F8E}, Number of Words: 10, Subject: DaemonToolsPro, Author: Daemon Tools
Pro, Name of Creating Application: DaemonToolsPro, Template: ;1033, Comments: This installer database contains the logic and
data required to install DaemonToolsPro., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date:
Sat Apr 13 20:13:19 2024, Last Saved Time/Date: Sat Apr 13 20:13:19 2024, Last Printed: Sat Apr 13 20:13:19 2024, Number of
Pages: 450
|
dropped
|
||
|
C:\Windows\Installer\MSI58C1.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{7CF68476-6C14-470A-B502-0AF87529D6C4}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF049D1CB75B4C8FC6.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF04E4F1D2160641A2.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF080F55823228C99E.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF2B384862FFCEFE89.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF34F3BFD4E3831EA1.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF5FA0B2C605574BDC.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF708ABDB521F05911.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF72D6BAD677A94080.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF7C964A6170C5937F.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF84318B7AFB9942B1.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFBB2789BE4D1204AC.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFD8E446B1CE944B47.TMP
|
data
|
dropped
|
There are 16 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Roaming\FomsTudio .exe
|
"C:\Users\user\AppData\Roaming\FomsTudio .exe"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\z47Danfe-Pedido17042024.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 650481658D2794CCE8DB9795DE98FB76
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.daemon-tools.cc/contacts/producttechnicalsupporthttps://www.daemon-tools.cc/account/seri
|
unknown
|
||
|
https://pix.servebbs.com/sendonline.php?
|
unknown
|
||
|
https://pix.servebbs.com/sendonline.phpA
|
unknown
|
||
|
https://pix.servebbs.com/senddata.php03
|
unknown
|
||
|
https://pix.servebbs.com/sendlog.php
|
unknown
|
||
|
https://pix.servebbs.com:443/a1IM
|
unknown
|
||
|
https://ix.servebbs.com/er.store/gui/index.php2
|
unknown
|
||
|
https://pix.servebbs.com/kYCAA
|
unknown
|
||
|
https://www.daemon-tools.cc/account/serials?email=%shttps://www.daemon-tools.cc/cart/set_upgrade?con
|
unknown
|
||
|
https://pix.servebbs.com:443/sendonline.php
|
unknown
|
||
|
https://pix.servebbs.com/o
|
unknown
|
||
|
https://pix.servebbs.com/1
|
unknown
|
||
|
https://pix.servebbs.com/q
|
unknown
|
||
|
https://pix.servebbs.com/m
|
unknown
|
||
|
https://pix.servebbs.com:443/ws
|
unknown
|
||
|
https://www.reportscustomer.store/gui/index.php
|
177.12.171.254
|
||
|
https://pix.servebbs.com/3
|
unknown
|
||
|
https://pix.servebbs.com/sendonline.phpY
|
unknown
|
||
|
https://pix.servebbs.com/senddataB.php03
|
unknown
|
||
|
https://www.daemon-tools.cc/contacts/producttechnicalsupport?&product=%s&os=%s&hwkey=%sonFindSpecial
|
unknown
|
||
|
https://pix.servebbs.com/sendonline.php
|
178.128.15.164
|
||
|
https://www.daemon-tools.cc/cart/buy_check?abbr=%s&coupon_code=20off%s&system_key=%s&utm_source=%s&u
|
unknown
|
||
|
https://pix.servebbscom/
|
unknown
|
||
|
https://pix.servebbs.com:443/sendonline.php0;
|
unknown
|
||
|
https://www.reportscustomer.store/gui/index.phpAAb
|
unknown
|
||
|
https://pix.servebbs.com/I
|
unknown
|
||
|
https://pix.servebbs.com/C
|
unknown
|
||
|
https://pix.servebbs.com/com
|
unknown
|
||
|
https://pix.servebbs.com:443/endonline.phpr
|
unknown
|
||
|
https://www.reportscustomer.store:443/gui/index.php6
|
unknown
|
||
|
https://pix.servebbs.com/2Q
|
unknown
|
||
|
https://pix.servebbs.com/K
|
unknown
|
||
|
https://pix.servebbs.com/Ps
|
unknown
|
||
|
https://pix.servebbs.com:443/
|
unknown
|
||
|
https://pix.servebbs.com/Y
|
unknown
|
||
|
https://pix.servebbs.com/sendonline.phpPZz
|
unknown
|
||
|
https://www.daemon-tools.cc/account/serialsAdd
|
unknown
|
||
|
https://pix.servebbs.com/
|
178.128.15.164
|
There are 28 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
pix.servebbs.com
|
178.128.15.164
|
||
|
www.reportscustomer.store
|
177.12.171.254
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
178.128.15.164
|
pix.servebbs.com
|
Netherlands
|
||
|
177.12.171.254
|
www.reportscustomer.store
|
Brazil
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\3f542a.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\3f542a.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\3CB28F16924C1634DB4E15C25BA5C054
|
67486FC741C6A0745B20A08F57926D4C
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\81D5FA2980CB71E4DA56BA9BAC29F70C
|
67486FC741C6A0745B20A08F57926D4C
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\3D9F9F883D04F91488E349689A01DAD5
|
67486FC741C6A0745B20A08F57926D4C
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\4387993669AF29D4AA93C889D57DA013
|
67486FC741C6A0745B20A08F57926D4C
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\5DFB1026E44FA28489E6330EA50CFA1B
|
67486FC741C6A0745B20A08F57926D4C
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Daemon Tools Pro\DaemonToolsPro
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Daemon Tools Pro\DaemonToolsPro
|
Path
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
271DA93B000
|
heap
|
page read and write
|
||
|
271DA95A000
|
heap
|
page read and write
|
||
|
64F80000
|
unkown
|
page read and write
|
||
|
271DA860000
|
heap
|
page read and write
|
||
|
EEB3CFA000
|
stack
|
page read and write
|
||
|
271D8811000
|
heap
|
page read and write
|
||
|
64F75000
|
unkown
|
page write copy
|
||
|
64B98000
|
unkown
|
page execute read
|
||
|
271DA966000
|
heap
|
page read and write
|
||
|
271DA954000
|
heap
|
page read and write
|
||
|
271D883C000
|
heap
|
page read and write
|
||
|
271D883D000
|
heap
|
page read and write
|
||
|
271DC240000
|
heap
|
page read and write
|
||
|
271DA93F000
|
heap
|
page read and write
|
||
|
271DA0D3000
|
direct allocation
|
page read and write
|
||
|
271DA730000
|
heap
|
page read and write
|
||
|
64FD2000
|
unkown
|
page write copy
|
||
|
271DA93F000
|
heap
|
page read and write
|
||
|
271D8818000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271D883C000
|
heap
|
page read and write
|
||
|
271D883D000
|
heap
|
page read and write
|
||
|
271DA954000
|
heap
|
page read and write
|
||
|
271DA937000
|
heap
|
page read and write
|
||
|
271DA958000
|
heap
|
page read and write
|
||
|
64FBC000
|
unkown
|
page write copy
|
||
|
271D8819000
|
heap
|
page read and write
|
||
|
7FF648F7D000
|
unkown
|
page read and write
|
||
|
64FBB000
|
unkown
|
page read and write
|
||
|
271DA956000
|
heap
|
page read and write
|
||
|
EEB46FB000
|
stack
|
page read and write
|
||
|
271D8803000
|
heap
|
page read and write
|
||
|
271DA93E000
|
heap
|
page read and write
|
||
|
271DA710000
|
heap
|
page read and write
|
||
|
271DA968000
|
heap
|
page read and write
|
||
|
271D883C000
|
heap
|
page read and write
|
||
|
64F7D000
|
unkown
|
page read and write
|
||
|
271DA7A0000
|
heap
|
page read and write
|
||
|
271D85F0000
|
heap
|
page read and write
|
||
|
271DA93F000
|
heap
|
page read and write
|
||
|
271D883C000
|
heap
|
page read and write
|
||
|
271D87A8000
|
heap
|
page read and write
|
||
|
271DA12A000
|
direct allocation
|
page read and write
|
||
|
271D883D000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271DA939000
|
heap
|
page read and write
|
||
|
271DA0FF000
|
direct allocation
|
page read and write
|
||
|
7FF648F6F000
|
unkown
|
page write copy
|
||
|
EEB44F9000
|
stack
|
page read and write
|
||
|
271DA95A000
|
heap
|
page read and write
|
||
|
271DA942000
|
heap
|
page read and write
|
||
|
271D87A5000
|
heap
|
page read and write
|
||
|
271DA95A000
|
heap
|
page read and write
|
||
|
64F87000
|
unkown
|
page read and write
|
||
|
271DA0E3000
|
direct allocation
|
page read and write
|
||
|
64F7F000
|
unkown
|
page write copy
|
||
|
271DA7A5000
|
heap
|
page read and write
|
||
|
271D883D000
|
heap
|
page read and write
|
||
|
64FB7000
|
unkown
|
page write copy
|
||
|
271DA0EB000
|
direct allocation
|
page read and write
|
||
|
271DA968000
|
heap
|
page read and write
|
||
|
271DA6C0000
|
heap
|
page read and write
|
||
|
64F63000
|
unkown
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271D8819000
|
heap
|
page read and write
|
||
|
271DA968000
|
heap
|
page read and write
|
||
|
271D87FA000
|
heap
|
page read and write
|
||
|
EEB43FD000
|
stack
|
page read and write
|
||
|
64F89000
|
unkown
|
page read and write
|
||
|
271DA760000
|
remote allocation
|
page read and write
|
||
|
271D8803000
|
heap
|
page read and write
|
||
|
271DA049000
|
direct allocation
|
page read and write
|
||
|
64F70000
|
unkown
|
page read and write
|
||
|
271DA90C000
|
heap
|
page read and write
|
||
|
271DA820000
|
heap
|
page read and write
|
||
|
271DA938000
|
heap
|
page read and write
|
||
|
271DA8F7000
|
heap
|
page read and write
|
||
|
7FF648F6E000
|
unkown
|
page read and write
|
||
|
271DA8F9000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271D8819000
|
heap
|
page read and write
|
||
|
271DA95A000
|
heap
|
page read and write
|
||
|
271D8818000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
64F84000
|
unkown
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271D86D0000
|
heap
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271D8771000
|
heap
|
page read and write
|
||
|
271DC250000
|
trusted library allocation
|
page read and write
|
||
|
7FF648EA8000
|
unkown
|
page readonly
|
||
|
64F61000
|
unkown
|
page write copy
|
||
|
271DA968000
|
heap
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271D883D000
|
heap
|
page read and write
|
||
|
271DA11C000
|
direct allocation
|
page read and write
|
||
|
271DA96A000
|
heap
|
page read and write
|
||
|
271DA4A3000
|
heap
|
page read and write
|
||
|
64FCF000
|
unkown
|
page read and write
|
||
|
271DA059000
|
direct allocation
|
page read and write
|
||
|
271DA026000
|
direct allocation
|
page read and write
|
||
|
271D8811000
|
heap
|
page read and write
|
||
|
271DA93B000
|
heap
|
page read and write
|
||
|
271DA90E000
|
heap
|
page read and write
|
||
|
271D883C000
|
heap
|
page read and write
|
||
|
64F60000
|
unkown
|
page read and write
|
||
|
271DA954000
|
heap
|
page read and write
|
||
|
271D8715000
|
heap
|
page read and write
|
||
|
271DBEB0000
|
trusted library allocation
|
page read and write
|
||
|
271DA93B000
|
heap
|
page read and write
|
||
|
7FF648F89000
|
unkown
|
page readonly
|
||
|
7FF648F84000
|
unkown
|
page read and write
|
||
|
7FF649007000
|
unkown
|
page readonly
|
||
|
271DA93F000
|
heap
|
page read and write
|
||
|
271D883D000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271D8710000
|
heap
|
page read and write
|
||
|
64F93000
|
unkown
|
page read and write
|
||
|
7FF648C70000
|
unkown
|
page readonly
|
||
|
271DA106000
|
direct allocation
|
page read and write
|
||
|
271D8720000
|
heap
|
page read and write
|
||
|
271D875C000
|
heap
|
page read and write
|
||
|
271D87E0000
|
heap
|
page read and write
|
||
|
271DA061000
|
direct allocation
|
page read and write
|
||
|
271DA946000
|
heap
|
page read and write
|
||
|
271DA968000
|
heap
|
page read and write
|
||
|
64FD5000
|
unkown
|
page write copy
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271DA123000
|
direct allocation
|
page read and write
|
||
|
271DA958000
|
heap
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271D87EC000
|
heap
|
page read and write
|
||
|
271DA760000
|
remote allocation
|
page read and write
|
||
|
7FF648C71000
|
unkown
|
page execute read
|
||
|
271DAB30000
|
heap
|
page read and write
|
||
|
271DA954000
|
heap
|
page read and write
|
||
|
64FC8000
|
unkown
|
page read and write
|
||
|
64F88000
|
unkown
|
page write copy
|
||
|
271DA715000
|
heap
|
page read and write
|
||
|
64FB6000
|
unkown
|
page read and write
|
||
|
271D883D000
|
heap
|
page read and write
|
||
|
271DA8BD000
|
heap
|
page read and write
|
||
|
271DA968000
|
heap
|
page read and write
|
||
|
271DA919000
|
heap
|
page read and write
|
||
|
271DA940000
|
heap
|
page read and write
|
||
|
271D87B4000
|
heap
|
page read and write
|
||
|
271DA0AE000
|
direct allocation
|
page read and write
|
||
|
271DC040000
|
heap
|
page read and write
|
||
|
271DA95A000
|
heap
|
page read and write
|
||
|
271DA4A0000
|
heap
|
page read and write
|
||
|
271DA9C0000
|
heap
|
page read and write
|
||
|
EEB40FE000
|
stack
|
page read and write
|
||
|
271D8819000
|
heap
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271DA10D000
|
direct allocation
|
page read and write
|
||
|
271DA968000
|
heap
|
page read and write
|
||
|
64FD7000
|
unkown
|
page read and write
|
||
|
271D8811000
|
heap
|
page read and write
|
||
|
271DA0B5000
|
direct allocation
|
page read and write
|
||
|
271DA088000
|
direct allocation
|
page read and write
|
||
|
271DA131000
|
direct allocation
|
page read and write
|
||
|
271DA954000
|
heap
|
page read and write
|
||
|
271DA02C000
|
direct allocation
|
page read and write
|
||
|
271DA95E000
|
heap
|
page read and write
|
||
|
271D8819000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
7FF649007000
|
unkown
|
page readonly
|
||
|
271DA95A000
|
heap
|
page read and write
|
||
|
271DA93B000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
64B71000
|
unkown
|
page execute read
|
||
|
271DA890000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271DA968000
|
heap
|
page read and write
|
||
|
271DA0A7000
|
direct allocation
|
page read and write
|
||
|
271D8740000
|
heap
|
page read and write
|
||
|
64F9E000
|
unkown
|
page write copy
|
||
|
271DA070000
|
direct allocation
|
page read and write
|
||
|
64F6A000
|
unkown
|
page write copy
|
||
|
64FD3000
|
unkown
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271DA760000
|
remote allocation
|
page read and write
|
||
|
64F8B000
|
unkown
|
page write copy
|
||
|
271DA8A8000
|
heap
|
page read and write
|
||
|
271DA078000
|
direct allocation
|
page read and write
|
||
|
271D8819000
|
heap
|
page read and write
|
||
|
EEB42FB000
|
stack
|
page read and write
|
||
|
271DA956000
|
heap
|
page read and write
|
||
|
271DA0C4000
|
direct allocation
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271DA956000
|
heap
|
page read and write
|
||
|
271DA0F8000
|
direct allocation
|
page read and write
|
||
|
271DA958000
|
heap
|
page read and write
|
||
|
271DA966000
|
heap
|
page read and write
|
||
|
7FF648C71000
|
unkown
|
page execute read
|
||
|
271DA938000
|
heap
|
page read and write
|
||
|
271DA968000
|
heap
|
page read and write
|
||
|
EEB3FEB000
|
stack
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271D8819000
|
heap
|
page read and write
|
||
|
271DA917000
|
heap
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271DA490000
|
direct allocation
|
page execute and read and write
|
||
|
271DA8AE000
|
heap
|
page read and write
|
||
|
271DA710000
|
heap
|
page read and write
|
||
|
EEB45FE000
|
stack
|
page read and write
|
||
|
271D883C000
|
heap
|
page read and write
|
||
|
271DA954000
|
heap
|
page read and write
|
||
|
64F81000
|
unkown
|
page write copy
|
||
|
271D8811000
|
heap
|
page read and write
|
||
|
271DA918000
|
heap
|
page read and write
|
||
|
271D8839000
|
heap
|
page read and write
|
||
|
271D8839000
|
heap
|
page read and write
|
||
|
271D87EA000
|
heap
|
page read and write
|
||
|
64F8F000
|
unkown
|
page read and write
|
||
|
7FF648EA8000
|
unkown
|
page readonly
|
||
|
64F74000
|
unkown
|
page read and write
|
||
|
271D8819000
|
heap
|
page read and write
|
||
|
271DA780000
|
heap
|
page read and write
|
||
|
271DA954000
|
heap
|
page read and write
|
||
|
271DA954000
|
heap
|
page read and write
|
||
|
271DA93F000
|
heap
|
page read and write
|
||
|
64F7B000
|
unkown
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271D8839000
|
heap
|
page read and write
|
||
|
7FF648F71000
|
unkown
|
page read and write
|
||
|
271D8818000
|
heap
|
page read and write
|
||
|
271D8749000
|
heap
|
page read and write
|
||
|
7FF648F74000
|
unkown
|
page write copy
|
||
|
271D8811000
|
heap
|
page read and write
|
||
|
271DA08F000
|
direct allocation
|
page read and write
|
||
|
7FF648FC0000
|
unkown
|
page readonly
|
||
|
7FF648F6E000
|
unkown
|
page write copy
|
||
|
271DA946000
|
heap
|
page read and write
|
||
|
64FDB000
|
unkown
|
page readonly
|
||
|
271D8819000
|
heap
|
page read and write
|
||
|
64F71000
|
unkown
|
page write copy
|
||
|
64F85000
|
unkown
|
page write copy
|
||
|
271D883D000
|
heap
|
page read and write
|
||
|
271D8803000
|
heap
|
page read and write
|
||
|
7FF648F89000
|
unkown
|
page readonly
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271DA956000
|
heap
|
page read and write
|
||
|
271DA93A000
|
heap
|
page read and write
|
||
|
271D883D000
|
heap
|
page read and write
|
||
|
271DA93B000
|
heap
|
page read and write
|
||
|
271D87FF000
|
heap
|
page read and write
|
||
|
EEB41FE000
|
stack
|
page read and write
|
||
|
64F90000
|
unkown
|
page write copy
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271DA939000
|
heap
|
page read and write
|
||
|
271D8819000
|
heap
|
page read and write
|
||
|
64FCA000
|
unkown
|
page read and write
|
||
|
271DA93F000
|
heap
|
page read and write
|
||
|
271DA94B000
|
heap
|
page read and write
|
||
|
64FD9000
|
unkown
|
page readonly
|
||
|
7FF648FC0000
|
unkown
|
page readonly
|
||
|
64B70000
|
unkown
|
page readonly
|
||
|
271DA949000
|
heap
|
page read and write
|
||
|
271DA0BD000
|
direct allocation
|
page read and write
|
||
|
271DA95A000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271DA95A000
|
heap
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271DA039000
|
direct allocation
|
page read and write
|
||
|
271DA910000
|
heap
|
page read and write
|
||
|
271DA8A0000
|
heap
|
page read and write
|
||
|
64FC4000
|
unkown
|
page read and write
|
||
|
271D8811000
|
heap
|
page read and write
|
||
|
271DABA0000
|
heap
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
7FF648C70000
|
unkown
|
page readonly
|
||
|
271DA0DC000
|
direct allocation
|
page read and write
|
||
|
64FD8000
|
unkown
|
page write copy
|
||
|
64F94000
|
unkown
|
page write copy
|
||
|
271DBFA0000
|
heap
|
page read and write
|
||
|
271D883C000
|
heap
|
page read and write
|
||
|
271DA95A000
|
heap
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271D8837000
|
heap
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271DA096000
|
direct allocation
|
page read and write
|
||
|
271DA95E000
|
heap
|
page read and write
|
||
|
271DA96A000
|
heap
|
page read and write
|
||
|
271D8819000
|
heap
|
page read and write
|
||
|
271D883C000
|
heap
|
page read and write
|
||
|
271DA93B000
|
heap
|
page read and write
|
||
|
EEB47FE000
|
stack
|
page read and write
|
||
|
271DA93F000
|
heap
|
page read and write
|
||
|
271DA917000
|
heap
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
271D8820000
|
heap
|
page read and write
|
||
|
64F7C000
|
unkown
|
page write copy
|
||
|
271DA042000
|
direct allocation
|
page read and write
|
||
|
271D87CC000
|
heap
|
page read and write
|
||
|
271D883C000
|
heap
|
page read and write
|
||
|
271DA966000
|
heap
|
page read and write
|
There are 289 hidden memdumps, click here to show them.