IOC Report
z56NF-Faturada-23042024.msi

loading gif

Files

File Path
Type
Category
Malicious
z56NF-Faturada-23042024.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {9B9B4B50-FADF-4D23-89DB-E711993CB95D}, Number of Words: 10, Subject: DaemonToolsPro, Author: Daemon Tools Pro, Name of Creating Application: DaemonToolsPro, Template: ;1033, Comments: This installer database contains the logic and data required to install DaemonToolsPro., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Apr 20 14:27:01 2024, Last Saved Time/Date: Sat Apr 20 14:27:01 2024, Last Printed: Sat Apr 20 14:27:01 2024, Number of Pages: 450
initial sample
 malicious
C:\Users\user\AppData\Roaming\DTCommonRes.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Config.Msi\46a43c.rbs
data
modified
C:\Users\user\AppData\Roaming\FomsTudio .exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Windows\Installer\46a43a.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {9B9B4B50-FADF-4D23-89DB-E711993CB95D}, Number of Words: 10, Subject: DaemonToolsPro, Author: Daemon Tools Pro, Name of Creating Application: DaemonToolsPro, Template: ;1033, Comments: This installer database contains the logic and data required to install DaemonToolsPro., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Apr 20 14:27:01 2024, Last Saved Time/Date: Sat Apr 20 14:27:01 2024, Last Printed: Sat Apr 20 14:27:01 2024, Number of Pages: 450
dropped
C:\Windows\Installer\MSIA573.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSIA5F1.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSIA620.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSIA641.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSIA690.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSIA71D.tmp
data
dropped
C:\Windows\Installer\SourceHash{7CF68476-6C14-470A-B502-0AF87529D6C4}
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\inprogressinstallinfo.ipi
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\Temp\~DF34F7AB5C439EFE8D.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF42FE5A672B0110E3.TMP
data
dropped
C:\Windows\Temp\~DF4E76FE9B182349A6.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF68384667919C48FC.TMP
data
dropped
C:\Windows\Temp\~DF6892E840199E0FC6.TMP
data
dropped
C:\Windows\Temp\~DF8DC66E98D8B05E2D.TMP
data
dropped
C:\Windows\Temp\~DF8FF182F2B9EDFE72.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF916064942B12AB8B.TMP
data
dropped
C:\Windows\Temp\~DFC5A88D1AF07560FE.TMP
data
dropped
C:\Windows\Temp\~DFCD723B255CBC27D9.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFE2B33A45B536F457.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFEB4DCF725B1B94B4.TMP
data
dropped
There are 16 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\AppData\Roaming\FomsTudio .exe
"C:\Users\user\AppData\Roaming\FomsTudio .exe"
 malicious
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\z56NF-Faturada-23042024.msi"
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 82AB0033A19E1EB01243E1439C0A5B64

URLs

Name
IP
Malicious
https://i.pinimg.com/236x/5b/f8/1a/5bf81a501ab9d26db806e7fec4edfa75.jpgr
unknown
https://www.daemon-tools.cc/contacts/producttechnicalsupporthttps://www.daemon-tools.cc/account/seri
unknown
https://i.pinimg.com/236x/5b/f8/1a/5bf81a501ab9d26db806e7fec4edfa75.jpgp
unknown
https://pix.servebbs.com/a
unknown
https://rdcontra.com/clientes/index.phpA
unknown
https://pix.servebbs.com
unknown
https://pix.servebbs.com/sendlog.php
unknown
https://pix.servebbs.com/sendonline.phphttp
unknown
https://pix.servebbs.com/b
unknown
https://pix.servebbs.com/gs
unknown
https://i.pinimg.com/236x/5b/f8/1a/5bf81a501ab9d26db806e7fec4edfa75.jpgl
unknown
https://www.daemon-tools.cc/account/serials?email=%shttps://www.daemon-tools.cc/cart/set_upgrade?con
unknown
https://pix.servebbs.com:443/sendonline.php
unknown
https://pix.servebbs.com/k
unknown
https://pix.servebbs.com/m
unknown
https://pix.servebbs.com/v
unknown
https://ix.servebbs.com/senddata.phppp
unknown
https://pix.servebbs.com/w
unknown
https://rdcontra.com/clientes/index.php
191.6.209.225
https://www.daemon-tools.cc/contacts/producttechnicalsupport?&product=%s&os=%s&hwkey=%sonFindSpecial
unknown
https://i.pinimg.com/236x/5b/f8/1a/5bf81a501ab9d26db806e7fec4edfa75.jpg
151.101.12.84
https://pix.servebbs.com/sendonline.php
178.128.15.164
https://rdcontra.com/clientes/index.phpmO
unknown
https://www.daemon-tools.cc/cart/buy_check?abbr=%s&coupon_code=20off%s&system_key=%s&utm_source=%s&u
unknown
https://pix.servebbs.com/comX
unknown
https://pix.servebbs.com/sendonline.php-
unknown
https://pix.servebbs.com/B
unknown
https://pix.servebbs.com/com
unknown
https://pix.servebbs.com/E
unknown
https://pix.servebbs.com/donline.
unknown
https://pix.servebbs.com/Q
unknown
https://pix.servebbs.com/gsine.php
unknown
https://pix.servebbs.com/sendonline.php2
unknown
https://pix.servebbs.com/V
unknown
https://pix.servebbs.com:443/
unknown
https://pix.servebbs.com/R
unknown
https://pix.servebbs.com/
178.128.15.164
https://pix.servebbs.com/&
unknown
https://pix.servebbs.com/sendonline.phpA03;
unknown
https://pix.serv
unknown
https://pix.servebbs.com/fM
unknown
https://pix.servebbs.com/jpg
unknown
https://rdcontra.com/
unknown
https://pix.servebbs.com/.
unknown
https://pix.servebbs.com/senddata.php03;
unknown
https://pix.servebbs.com:443/ws
unknown
https://pix.servebbs.com/sendonl
unknown
https://pix.servebbs.com/2
unknown
https://pix.servebbs.com/sendonline.phpc
unknown
https://pix.servebbs.com/sendonline.phpebbs
unknown
https://i.pinimg.com/236x/5b/f8/1a/5bf81a501ab9d26db806e7fec4edfa75.jpgP
unknown
https://pix.servebbscom/
unknown
https://pix.servebbs.com:443/f
unknown
https://pix.servebbs.com/Pphp
unknown
https://pix.servebbs.com/senddataB.php
unknown
https://pix.servebbs.comq
unknown
https://www.daemon-tools.cc/account/serialsAdd
unknown
https://pix.servebbs.com/sendonline.phpy
unknown
There are 48 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
pix.servebbs.com
178.128.15.164
dualstack.pinterest.map.fastly.net
151.101.12.84
rdcontra.com
191.6.209.225
i.pinimg.com
unknown

IPs

IP
Domain
Country
Malicious
178.128.15.164
pix.servebbs.com
Netherlands
151.101.12.84
dualstack.pinterest.map.fastly.net
United States
191.6.209.225
rdcontra.com
Brazil

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\46a43c.rbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\46a43c.rbsLow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\user\AppData\Roaming\Microsoft\Installer\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\3CB28F16924C1634DB4E15C25BA5C054
67486FC741C6A0745B20A08F57926D4C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\81D5FA2980CB71E4DA56BA9BAC29F70C
67486FC741C6A0745B20A08F57926D4C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\3D9F9F883D04F91488E349689A01DAD5
67486FC741C6A0745B20A08F57926D4C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\4387993669AF29D4AA93C889D57DA013
67486FC741C6A0745B20A08F57926D4C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\5DFB1026E44FA28489E6330EA50CFA1B
67486FC741C6A0745B20A08F57926D4C
HKEY_CURRENT_USER\SOFTWARE\Daemon Tools Pro\DaemonToolsPro
Version
HKEY_CURRENT_USER\SOFTWARE\Daemon Tools Pro\DaemonToolsPro
Path
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\System32\ci.dll,-100
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\System32\ci.dll,-101
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\System32\fveui.dll,-843
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\System32\fveui.dll,-844
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\System32\wuaueng.dll,-400
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\system32\NgcRecovery.dll,-100
There are 12 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
26D88A0F000
heap
page read and write
26D8A327000
direct allocation
page read and write
26D88A15000
heap
page read and write
26D8C45C000
heap
page read and write
66687000
unkown
page write copy
26D8C451000
heap
page read and write
26D88A98000
heap
page read and write
7FC0CF9000
stack
page read and write
26D8C459000
heap
page read and write
26D8A2CB000
direct allocation
page read and write
26D8C3B9000
heap
page read and write
26D8C4B4000
trusted library allocation
page read and write
26D8C250000
heap
page read and write
26D8C456000
heap
page read and write
7FF60A250000
unkown
page readonly
26D88A98000
heap
page read and write
7FC04FA000
stack
page read and write
26D8C42E000
heap
page read and write
26D88A77000
heap
page read and write
26D88A4E000
heap
page read and write
26D8A34D000
direct allocation
page read and write
26D8C464000
heap
page read and write
26D88A80000
heap
page read and write
26D8C1D0000
heap
page read and write
26D88A80000
heap
page read and write
26D8A2EA000
direct allocation
page read and write
26D8C45E000
heap
page read and write
26D88A6A000
heap
page read and write
26D88A80000
heap
page read and write
26D8C41B000
heap
page read and write
26D8A373000
direct allocation
page read and write
26D88A4E000
heap
page read and write
26D8ADB0000
heap
page read and write
26D8C453000
heap
page read and write
26D8C458000
heap
page read and write
26D88A6E000
heap
page read and write
26D88A85000
heap
page read and write
26D88A66000
heap
page read and write
26D88A98000
heap
page read and write
66631000
unkown
page write copy
7FC0AFD000
stack
page read and write
26D8C430000
heap
page read and write
26D8C4B9000
trusted library allocation
page read and write
7FC0FFE000
stack
page read and write
66657000
unkown
page read and write
26D8A903000
heap
page read and write
666A2000
unkown
page write copy
26D88A9E000
heap
page read and write
26D88A98000
heap
page read and write
26D8A337000
direct allocation
page read and write
26D8AA10000
heap
page read and write
66650000
unkown
page read and write
26D88A85000
heap
page read and write
26D8C4B0000
trusted library allocation
page read and write
26D88A40000
heap
page read and write
6666E000
unkown
page write copy
666A9000
unkown
page readonly
66640000
unkown
page read and write
26D88A9E000
heap
page read and write
26D88A4E000
heap
page read and write
26D88A85000
heap
page read and write
7FF60A488000
unkown
page readonly
26D88A98000
heap
page read and write
26D8A2B7000
direct allocation
page read and write
26D8C4B6000
trusted library allocation
page read and write
26D8C40D000
heap
page read and write
26D8C1B0000
heap
page read and write
26D8A33E000
direct allocation
page read and write
26D8AB50000
heap
page read and write
26D8A354000
direct allocation
page read and write
26D88C70000
heap
page read and write
6664F000
unkown
page write copy
26D888D0000
heap
page read and write
6664B000
unkown
page read and write
26D88A2F000
heap
page read and write
26D8C40C000
heap
page read and write
666A8000
unkown
page write copy
7FF60A551000
unkown
page read and write
26D8C453000
heap
page read and write
26D8C255000
heap
page read and write
26D8C435000
heap
page read and write
26D88A80000
heap
page read and write
6663A000
unkown
page write copy
26D8A3BA000
direct allocation
page read and write
26D8A38F000
direct allocation
page read and write
66664000
unkown
page write copy
26D8C435000
heap
page read and write
66630000
unkown
page read and write
26D8C430000
heap
page read and write
26D88A9E000
heap
page read and write
26D88A80000
heap
page read and write
26D8A3AC000
direct allocation
page read and write
666A5000
unkown
page write copy
26D8C435000
heap
page read and write
26D8C451000
heap
page read and write
26D88A98000
heap
page read and write
26D88A50000
heap
page read and write
66641000
unkown
page write copy
66633000
unkown
page read and write
26D8C455000
heap
page read and write
26D8A345000
direct allocation
page read and write
26D8ABE0000
heap
page read and write
6668C000
unkown
page write copy
26D88A98000
heap
page read and write
26D88A98000
heap
page read and write
6664C000
unkown
page write copy
26D8C453000
heap
page read and write
66686000
unkown
page read and write
26D88A9E000
heap
page read and write
26D8AA55000
heap
page read and write
26D8C4B0000
trusted library allocation
page read and write
26D88A53000
heap
page read and write
7FF60A569000
unkown
page readonly
26D8C45A000
heap
page read and write
7FF60A569000
unkown
page readonly
26D8A309000
direct allocation
page read and write
26D8C406000
heap
page read and write
26D88A48000
heap
page read and write
7FF60A554000
unkown
page write copy
26D8A39D000
direct allocation
page read and write
26D8C489000
heap
page read and write
26D8C42F000
heap
page read and write
66698000
unkown
page read and write
26D88A72000
heap
page read and write
26D88A85000
heap
page read and write
26D8AB20000
heap
page read and write
26D8C453000
heap
page read and write
26D88A98000
heap
page read and write
26D8A9A0000
trusted library allocation
page read and write
26D8A37B000
direct allocation
page read and write
66654000
unkown
page read and write
26D88A77000
heap
page read and write
26D8C45E000
heap
page read and write
7FF60A5E7000
unkown
page readonly
26D88A50000
heap
page read and write
26D88A9E000
heap
page read and write
26D88C75000
heap
page read and write
26D8C40C000
heap
page read and write
26D8C41A000
heap
page read and write
66240000
unkown
page readonly
26D8C3B5000
heap
page read and write
26D8A900000
heap
page read and write
26D8A363000
direct allocation
page read and write
26D8A388000
direct allocation
page read and write
26D88A80000
heap
page read and write
66658000
unkown
page write copy
26D889A0000
heap
page read and write
26D8C4B5000
trusted library allocation
page read and write
26D8A301000
direct allocation
page read and write
26D8C460000
heap
page read and write
26D8C451000
heap
page read and write
26D8C500000
trusted library allocation
page read and write
26D88A79000
heap
page read and write
26D8AA50000
heap
page read and write
66241000
unkown
page execute read
26D88A98000
heap
page read and write
6668B000
unkown
page read and write
26D88A50000
heap
page read and write
7FC0DFF000
stack
page read and write
7FC0BFB000
stack
page read and write
6669A000
unkown
page read and write
26D8C4F0000
heap
page read and write
26D8C3A0000
heap
page read and write
26D88A18000
heap
page read and write
66694000
unkown
page read and write
26D8C451000
heap
page read and write
26D8C120000
remote allocation
page read and write
26D8A3B3000
direct allocation
page read and write
7FC0EFB000
stack
page read and write
26D88A4E000
heap
page read and write
6664D000
unkown
page read and write
26D88C30000
heap
page read and write
26D88A85000
heap
page read and write
26D8C460000
heap
page read and write
26D8C435000
heap
page read and write
666A7000
unkown
page read and write
7FC09FE000
stack
page read and write
26D8C459000
heap
page read and write
26D88A6F000
heap
page read and write
26D8AC20000
heap
page read and write
26D8C424000
heap
page read and write
26D8C457000
heap
page read and write
26D889BC000
heap
page read and write
26D8C466000
heap
page read and write
26D8A2DA000
direct allocation
page read and write
26D88A85000
heap
page read and write
26D88A9E000
heap
page read and write
6665F000
unkown
page read and write
26D88A6E000
heap
page read and write
26D88960000
direct allocation
page execute and read and write
26D8C41B000
heap
page read and write
26D88900000
heap
page read and write
26D8A9C0000
heap
page read and write
26D8C4B1000
trusted library allocation
page read and write
26D88A6E000
heap
page read and write
26D8C4B7000
trusted library allocation
page read and write
26D8C4B2000
trusted library allocation
page read and write
66651000
unkown
page write copy
26D8ABF0000
heap
page read and write
66663000
unkown
page read and write
26D8A319000
direct allocation
page read and write
26D88A80000
heap
page read and write
26D88A85000
heap
page read and write
666A3000
unkown
page read and write
26D8C3BD000
heap
page read and write
26D8ADA0000
heap
page read and write
26D8C466000
heap
page read and write
26D88A85000
heap
page read and write
26D88A11000
heap
page read and write
26D8C435000
heap
page read and write
26D8C100000
heap
page read and write
66659000
unkown
page read and write
7FF60A54F000
unkown
page write copy
26D8C45A000
heap
page read and write
7FF60A5A0000
unkown
page readonly
7FF60A54E000
unkown
page read and write
26D88A6F000
heap
page read and write
26D887F0000
heap
page read and write
26D8AA00000
heap
page read and write
26D8A396000
direct allocation
page read and write
26D88A72000
heap
page read and write
26D8C421000
heap
page read and write
26D8C42A000
heap
page read and write
66645000
unkown
page write copy
26D88A80000
heap
page read and write
26D8C3B0000
heap
page read and write
26D8C435000
heap
page read and write
26D88A6E000
heap
page read and write
26D8C464000
heap
page read and write
26D8A2D3000
direct allocation
page read and write
66268000
unkown
page execute read
26D8C120000
remote allocation
page read and write
7FF60A251000
unkown
page execute read
26D889D1000
heap
page read and write
26D8C42B000
heap
page read and write
26D8C455000
heap
page read and write
6665B000
unkown
page write copy
26D88A9E000
heap
page read and write
7FF60A5E7000
unkown
page readonly
66655000
unkown
page write copy
26D88A72000
heap
page read and write
26D88A9E000
heap
page read and write
26D88A6E000
heap
page read and write
26D8A2BD000
direct allocation
page read and write
26D88A80000
heap
page read and write
26D8A320000
direct allocation
page read and write
26D88A9E000
heap
page read and write
26D88A50000
heap
page read and write
26D8AB90000
heap
page read and write
26D88A40000
heap
page read and write
26D8C4B8000
trusted library allocation
page read and write
26D88A74000
heap
page read and write
26D8C451000
heap
page read and write
66644000
unkown
page read and write
26D8C8B0000
heap
page read and write
26D889DB000
heap
page read and write
26D8C453000
heap
page read and write
7FF60A564000
unkown
page read and write
26D8C45E000
heap
page read and write
6669F000
unkown
page read and write
7FF60A55D000
unkown
page read and write
26D8AA40000
heap
page read and write
26D8C422000
heap
page read and write
26D8C466000
heap
page read and write
26D8AAA0000
heap
page read and write
26D889A8000
heap
page read and write
7FF60A488000
unkown
page readonly
26D88A0C000
heap
page read and write
26D88A80000
heap
page read and write
26D88A85000
heap
page read and write
7FF60A250000
unkown
page readonly
26D8C4B3000
trusted library allocation
page read and write
26D8C409000
heap
page read and write
26D8C423000
heap
page read and write
26D88A9E000
heap
page read and write
7FC07E2000
stack
page read and write
66660000
unkown
page write copy
26D88A40000
heap
page read and write
26D8A2F2000
direct allocation
page read and write
7FF60A251000
unkown
page execute read
7FC08FE000
stack
page read and write
26D8C42B000
heap
page read and write
26D8C456000
heap
page read and write
26D88A41000
heap
page read and write
26D8C210000
heap
page read and write
26D8C424000
heap
page read and write
26D88A71000
heap
page read and write
26D8C460000
heap
page read and write
666AB000
unkown
page readonly
26D8A36C000
direct allocation
page read and write
26D8AD00000
heap
page read and write
26D8C421000
heap
page read and write
7FF60A54E000
unkown
page write copy
26D88A9E000
heap
page read and write
26D889E7000
heap
page read and write
26D8A3C1000
direct allocation
page read and write
26D88A72000
heap
page read and write
26D88A4E000
heap
page read and write
7FF60A5A0000
unkown
page readonly
26D88A85000
heap
page read and write
26D88A50000
heap
page read and write
26D8C120000
remote allocation
page read and write
26D88A1B000
heap
page read and write
There are 293 hidden memdumps, click here to show them.