IOC Report
PLAY.mal_.exe

loading gif

Files

File Path
Type
Category
Malicious
PLAY.mal_.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
A:\Recovery\WindowsRE\boot.sdi.PLAY (copy)
data
dropped
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PLAY.mal_.exe_1445cdc43efb964b32befeee25a179accaf97_d3ad2702_0d741ad7\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PLAY.mal_.exe_1445cdc43efb964b32befeee25a179accaf97_d3ad2702_1fe7fa4f\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab
data
dropped
 malicious
C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab
data
dropped
 malicious
C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\cab1.cab
data
dropped
 malicious
C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\cab1.cab
data
dropped
 malicious
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab
data
dropped
 malicious
C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab
data
dropped
 malicious
C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab
data
dropped
 malicious
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab
data
dropped
 malicious
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab
data
dropped
 malicious
C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab
data
dropped
 malicious
C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\cab1.cab
data
dropped
 malicious
C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab
data
dropped
 malicious
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl
data
dropped
 malicious
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl
data
dropped
 malicious
C:\ProgramData\USOShared\Logs\UpdateUx_Temp.1.etl
data
dropped
 malicious
C:\Recovery\WindowsRE\Winre.wim
data
dropped
 malicious
C:\Recovery\WindowsRE\boot.sdi
data
dropped
 malicious
A:\Recovery\WindowsRE\ReAgent.xml.PLAY (copy)
data
dropped
C:\$Recycle.Bin\S-1-5-18\desktop.ini
data
dropped
C:\$Recycle.Bin\S-1-5-18\desktop.ini.PLAY (copy)
data
dropped
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini
data
dropped
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini.PLAY (copy)
data
dropped
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini
data
dropped
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini.PLAY (copy)
data
dropped
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini
data
dropped
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.EXCEL.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.GRAPH.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.GROOVE.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.LYNC.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.LYNC_BASIC.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.LYNC_ONLINE.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.MSACCESS.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.MSOUC.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.MSPUB.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.ONENOTE.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.OUTLOOK.16.1033.hxn.PLAY (copy)
COM executable for DOS
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.POWERPNT.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SETLANG.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SKYPEFB.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SKYPEFB_BASIC.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SKYPEFB_ONLINE.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SKYPEFB_ONLINEG.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.WINWORD.16.1033.hxn.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\nslist.hxl.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\state.rsm.PLAY (copy)
data
dropped
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.PLAY (copy)
data
dropped
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp
data
dropped
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab
data
dropped
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini
data
dropped
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini
data
dropped
C:\ProgramData\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.LYNC_BASIC.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.LYNC_ONLINE.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.MSACCESS.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.ONENOTE.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.OUTLOOK.16.1033.hxn
COM executable for DOS
dropped
C:\ProgramData\Microsoft Help\MS.POWERPNT.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.SETLANG.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.SKYPEFB.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.SKYPEFB_BASIC.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINE.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINEG.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\MS.WINWORD.16.1033.hxn
data
dropped
C:\ProgramData\Microsoft Help\nslist.hxl
data
dropped
C:\ProgramData\Microsoft OneDrive\setup\refcount.ini
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\desktop.ini
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1115.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1FF.tmp.dmp
Mini DuMP crash report, 15 streams, Fri Sep 2 06:09:42 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8ACC.tmp.dmp
Mini DuMP crash report, 15 streams, Fri Sep 2 06:09:21 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD5B.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE60C.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERED70.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Oracle\Java\installcache\baseimagefam8
data
dropped
C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\state.rsm
data
dropped
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm
data
dropped
C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\state.rsm
data
dropped
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
data
dropped
C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm
data
dropped
C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm
data
dropped
C:\ProgramData\USOPrivate\UpdateStore\updatestore4df22196-a1f2-426c-aa27-062a9f86aba6.xml
data
dropped
C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml
data
dropped
C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl
data
dropped
C:\ProgramData\USOShared\Logs\NotifyIcon.002.etl
data
dropped
C:\ProgramData\USOShared\Logs\NotifyIcon.003.etl
data
dropped
C:\ProgramData\USOShared\Logs\NotifyIcon.004.etl
data
dropped
C:\ProgramData\USOShared\Logs\NotifyIcon.005.etl
data
dropped
C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.1.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl
data
dropped
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl
data
dropped
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Microsoft Office Professional Plus 2016.swidtag
data
dropped
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
data
dropped
C:\ReadMe.txt
ASCII text, with CRLF line terminators
dropped
C:\Recovery\WindowsRE\ReAgent.xml
data
dropped
C:\Users\Public\Desktop\desktop.ini
PGP\011Secret Key -
dropped
C:\Users\Public\Documents\desktop.ini
data
dropped
C:\Users\Public\Music\desktop.ini
data
dropped
C:\Users\Public\Pictures\desktop.ini
data
dropped
C:\Users\Public\Videos\desktop.ini
data
modified
C:\bootTel.dat
data
dropped
C:\bootTel.dat.PLAY (copy)
data
dropped
There are 130 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\PLAY.mal_.exe
"C:\Users\user\Desktop\PLAY.mal_.exe"
malicious
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 1540
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 1540
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 2796

URLs

Name
IP
Malicious
http://bugreport.sun.com/bugreport/crash.jsp
unknown
http://www.oracle.com/hotspot/jvm/java/monitor/address
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
http://www.oracle.com/hotspot/jvm/vm/compiler/id
unknown
http://www.oracle.com/hotspot/jvm/
unknown
http://www.oracle.com/hotspot/jvm/vm/gc/id
unknown
http://bugreport.sun.com/bugreport/crash.jspVM
unknown
http://ocsp.thawte.com0
unknown
http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.148
unknown
unknown
192.168.2.149
unknown
unknown
192.168.2.146
unknown
unknown
192.168.2.147
unknown
unknown
192.168.2.140
unknown
unknown
192.168.2.141
unknown
unknown
192.168.2.144
unknown
unknown
192.168.2.145
unknown
unknown
192.168.2.142
unknown
unknown
192.168.2.143
unknown
unknown
192.168.2.159
unknown
unknown
192.168.2.157
unknown
unknown
192.168.2.158
unknown
unknown
192.168.2.151
unknown
unknown
192.168.2.152
unknown
unknown
192.168.2.150
unknown
unknown
192.168.2.155
unknown
unknown
192.168.2.156
unknown
unknown
192.168.2.153
unknown
unknown
192.168.2.154
unknown
unknown
192.168.2.126
unknown
unknown
192.168.2.247
unknown
unknown
192.168.2.127
unknown
unknown
192.168.2.248
unknown
unknown
192.168.2.124
unknown
unknown
192.168.2.245
unknown
unknown
192.168.2.125
unknown
unknown
192.168.2.246
unknown
unknown
192.168.2.128
unknown
unknown
192.168.2.249
unknown
unknown
192.168.2.129
unknown
unknown
192.168.2.240
unknown
unknown
192.168.2.122
unknown
unknown
192.168.2.243
unknown
unknown
192.168.2.123
unknown
unknown
192.168.2.244
unknown
unknown
192.168.2.120
unknown
unknown
192.168.2.241
unknown
unknown
192.168.2.121
unknown
unknown
192.168.2.242
unknown
unknown
192.168.2.97
unknown
unknown
192.168.2.137
unknown
unknown
192.168.2.96
unknown
unknown
192.168.2.138
unknown
unknown
192.168.2.99
unknown
unknown
192.168.2.135
unknown
unknown
192.168.2.98
unknown
unknown
192.168.2.136
unknown
unknown
192.168.2.139
unknown
unknown
192.168.2.250
unknown
unknown
192.168.2.130
unknown
unknown
192.168.2.251
unknown
unknown
192.168.2.91
unknown
unknown
192.168.2.90
unknown
unknown
192.168.2.93
unknown
unknown
192.168.2.133
unknown
unknown
192.168.2.254
unknown
unknown
192.168.2.92
unknown
unknown
192.168.2.134
unknown
unknown
192.168.2.95
unknown
unknown
192.168.2.131
unknown
unknown
192.168.2.252
unknown
unknown
192.168.2.94
unknown
unknown
192.168.2.132
unknown
unknown
192.168.2.253
unknown
unknown
192.168.2.104
unknown
unknown
192.168.2.225
unknown
unknown
192.168.2.105
unknown
unknown
192.168.2.226
unknown
unknown
192.168.2.102
unknown
unknown
192.168.2.223
unknown
unknown
192.168.2.103
unknown
unknown
192.168.2.224
unknown
unknown
192.168.2.108
unknown
unknown
192.168.2.229
unknown
unknown
192.168.2.109
unknown
unknown
192.168.2.106
unknown
unknown
192.168.2.227
unknown
unknown
192.168.2.107
unknown
unknown
192.168.2.228
unknown
unknown
192.168.2.100
unknown
unknown
192.168.2.221
unknown
unknown
192.168.2.101
unknown
unknown
192.168.2.222
unknown
unknown
192.168.2.220
unknown
unknown
192.168.2.115
unknown
unknown
192.168.2.236
unknown
unknown
192.168.2.116
unknown
unknown
192.168.2.237
unknown
unknown
192.168.2.113
unknown
unknown
192.168.2.234
unknown
unknown
192.168.2.114
unknown
unknown
192.168.2.235
unknown
unknown
192.168.2.119
unknown
unknown
192.168.2.117
unknown
unknown
192.168.2.238
unknown
unknown
192.168.2.118
unknown
unknown
192.168.2.239
unknown
unknown
192.168.2.111
unknown
unknown
192.168.2.232
unknown
unknown
There are 90 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHivePermissionsCorrect
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHiveOwnerCorrect
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
ProgramId
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
FileId
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
LowerCaseLongPath
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
LongPathHash
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
Name
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
Publisher
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
Version
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
BinFileVersion
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
BinaryType
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
ProductName
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
ProductVersion
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
LinkDate
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
BinProductVersion
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
Size
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
Language
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
IsPeFile
\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c
IsOsComponent
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
ExceptionRecord
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
001840064172BCE4
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
There are 16 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
BBA0000
direct allocation
page read and write
C72E000
stack
page read and write
7260000
direct allocation
page read and write | page no cache
138FF000
stack
page read and write
AD30000
direct allocation
page read and write
2D76000
direct allocation
page read and write
7B298FF000
stack
page read and write
1253E000
stack
page read and write
AFD0000
direct allocation
page read and write
3E60000
direct allocation
page read and write | page no cache
C830000
direct allocation
page read and write
B6C7C77000
stack
page read and write
107F000
heap
page read and write
FE3E000
stack
page read and write
778A77E000
stack
page read and write
BE1E000
stack
page read and write
13C49F90000
trusted library allocation
page read and write
ADE0000
direct allocation
page read and write
3060000
direct allocation
page read and write | page no cache
24017F8E000
heap
page read and write
3DB000
unkown
page read and write
13C45000000
heap
page read and write
AE40000
direct allocation
page read and write
1713E000
stack
page read and write
12F3E000
stack
page read and write
1307E000
stack
page read and write
B810000
trusted library allocation
page read and write
3DB000
unkown
page read and write
B040000
direct allocation
page read and write
2EEB1C6C000
heap
page read and write
1033E000
stack
page read and write
2EEB1C76000
heap
page read and write
AE60000
direct allocation
page read and write
13C4487A000
heap
page read and write
9555CFF000
stack
page read and write
1343E000
stack
page read and write
21CB3802000
trusted library allocation
page read and write
1155000
heap
page read and write
F1FE000
stack
page read and write
B0CF000
direct allocation
page read and write
10ABD000
stack
page read and write
1430000
direct allocation
page read and write | page no cache
106B000
heap
page read and write
B81C000
trusted library allocation
page read and write
22C4EFE000
stack
page read and write
4660000
direct allocation
page read and write | page no cache
1079000
heap
page read and write
101FE000
stack
page read and write
3560000
direct allocation
page read and write | page no cache
10B0000
trusted library allocation
page read and write
BCDE000
stack
page read and write
D4FE000
stack
page read and write
12F3E000
stack
page read and write
105F000
heap
page read and write
1091000
heap
page read and write
19F3705F000
heap
page read and write
1097000
heap
page read and write
13C4A0F5000
heap
page read and write
FD7000
heap
page read and write
1073000
heap
page read and write
108FF000
stack
page read and write
ADB0000
direct allocation
page read and write
C45E000
stack
page read and write
14CFF000
stack
page read and write
EE7E000
stack
page read and write
B82A000
trusted library allocation
page read and write
AEF0000
direct allocation
page read and write
AE50000
direct allocation
page read and write
1057E000
stack
page read and write
B11F000
direct allocation
page read and write
2D9D000
direct allocation
page read and write
FF7E000
stack
page read and write
B824000
trusted library allocation
page read and write
106FE000
stack
page read and write
FBFE000
stack
page read and write
4B60000
direct allocation
page read and write | page no cache
BBA0000
direct allocation
page read and write
AEA0000
direct allocation
page read and write
C840000
direct allocation
page read and write
ACC0000
direct allocation
page read and write
15ABE000
stack
page read and write
3F60000
direct allocation
page read and write | page no cache
AF70000
direct allocation
page read and write
1016000
heap
page read and write
24018A02000
heap
page read and write
1077000
heap
page read and write
10A7D000
stack
page read and write
1150000
heap
page read and write
1433E000
stack
page read and write
5560000
direct allocation
page read and write | page no cache
2A925300000
heap
page read and write
109FF000
stack
page read and write
B6E0000
trusted library allocation
page read and write
2EEB1C58000
heap
page read and write
AF50000
direct allocation
page read and write
EF7F000
stack
page read and write
AFA0000
direct allocation
page read and write
1065000
heap
page read and write
1133F000
stack
page read and write
B85A000
trusted library allocation
page read and write
5960000
direct allocation
page read and write | page no cache
16DBE000
stack
page read and write
1430000
direct allocation
page read and write | page no cache
177BE000
stack
page read and write
11CFE000
stack
page read and write
129FF000
stack
page read and write
1460000
heap
page read and write
11BFE000
stack
page read and write
AD20000
direct allocation
page read and write
13C44872000
heap
page read and write
B6C78FE000
stack
page read and write
147FF000
stack
page read and write
14BFE000
stack
page read and write
3F60000
direct allocation
page read and write | page no cache
106B000
heap
page read and write
DB7E000
stack
page read and write
137FE000
stack
page read and write
1069000
heap
page read and write
24018900000
heap
page read and write
778A37D000
stack
page read and write
B840000
trusted library allocation
page read and write
13C45920000
trusted library section
page readonly
142F000
stack
page read and write
10AE000
heap
page read and write
FBA000
heap
page read and write
95560FF000
stack
page read and write
12B7E000
stack
page read and write
AE20000
direct allocation
page read and write
C31E000
stack
page read and write
7B297F7000
stack
page read and write
13C4488E000
heap
page read and write
1703E000
stack
page read and write
FEA000
heap
page read and write
1042000
heap
page read and write
4360000
direct allocation
page read and write | page no cache
107F000
heap
page read and write
108B000
heap
page read and write
FE9000
heap
page read and write
2A92528C000
heap
page read and write
24017E51000
heap
page read and write
105A000
heap
page read and write
14FBE000
stack
page read and write
B812000
trusted library allocation
page read and write
109FF000
stack
page read and write
EBBE000
stack
page read and write
1483E000
stack
page read and write
21CB3046000
heap
page read and write
4460000
direct allocation
page read and write | page no cache
1443F000
stack
page read and write
B15F000
direct allocation
page read and write
2CC1000
direct allocation
page read and write
3260000
direct allocation
page read and write | page no cache
1467000
heap
page read and write
AE40000
direct allocation
page read and write
107F000
heap
page read and write
141BF000
stack
page read and write
B84C000
trusted library allocation
page read and write
13C44FF0000
trusted library allocation
page read and write
156FE000
stack
page read and write
DCBE000
stack
page read and write
E5D000
stack
page read and write
2D7F000
direct allocation
page read and write
B858000
trusted library allocation
page read and write
109D000
heap
page read and write
F1FE000
stack
page read and write
1069000
heap
page read and write
1042000
heap
page read and write
BB5E000
stack
page read and write
1073000
heap
page read and write
5860000
direct allocation
page read and write | page no cache
2C10000
direct allocation
page read and write
ACD0000
direct allocation
page read and write
24018943000
heap
page read and write
B843000
trusted library allocation
page read and write
BBC0000
direct allocation
page read and write
3B1000
unkown
page execute read
1187E000
stack
page read and write
1143E000
stack
page read and write
2C60000
direct allocation
page read and write
13C4A04A000
heap
page read and write
5B60000
direct allocation
page read and write | page no cache
13C44878000
heap
page read and write
155FE000
stack
page read and write
C11E000
stack
page read and write
B85C000
trusted library allocation
page read and write
1091000
heap
page read and write
F2FE000
stack
page read and write
1047000
heap
page read and write
1014000
heap
page read and write
FF5000
heap
page read and write
13C4A01D000
heap
page read and write
1044000
heap
page read and write
1753E000
stack
page read and write
FF9000
heap
page read and write
5B60000
direct allocation
page read and write | page no cache
178BE000
stack
page read and write
ADB0000
direct allocation
page read and write
101A000
heap
page read and write
C9EE000
stack
page read and write
21A89230000
trusted library allocation
page read and write
13C49FC0000
remote allocation
page read and write
1150000
heap
page read and write
B836000
trusted library allocation
page read and write
3B0000
unkown
page readonly
2CAB000
direct allocation
page read and write
1003000
heap
page read and write
ACB0000
direct allocation
page read and write
DC7E000
stack
page read and write
27C4E1B0000
remote allocation
page read and write
120FF000
stack
page read and write
2D7C000
direct allocation
page read and write
1460000
heap
page read and write
13C44660000
heap
page read and write
B14F000
direct allocation
page read and write
10A1000
heap
page read and write
239D3864000
heap
page read and write
22C537E000
stack
page read and write
2EEB1C00000
heap
page read and write
B0CF000
direct allocation
page read and write
12EFF000
stack
page read and write
2EEB1C61000
heap
page read and write
1057E000
stack
page read and write
7B2916B000
stack
page read and write
106F000
heap
page read and write
128BF000
stack
page read and write
13C45930000
trusted library section
page readonly
AE90000
direct allocation
page read and write
AD70000
direct allocation
page read and write
2C60000
direct allocation
page read and write
3DE000
unkown
page readonly
4D60000
direct allocation
page read and write | page no cache
2C60000
direct allocation
page read and write | page no cache
10CFE000
stack
page read and write
E5D000
stack
page read and write
11A7E000
stack
page read and write
109B000
heap
page read and write
1010000
heap
page read and write
2A92526F000
heap
page read and write
12A3E000
stack
page read and write
BE5E000
stack
page read and write
10AB000
heap
page read and write
239D387E000
heap
page read and write
1091000
heap
page read and write
E07E000
stack
page read and write
13C4A102000
heap
page read and write
B83C000
trusted library allocation
page read and write
AD90000
direct allocation
page read and write
13C45960000
trusted library section
page readonly
2EEB1C29000
heap
page read and write
13C45CC0000
trusted library allocation
page read and write
C880000
direct allocation
page read and write
B84E000
trusted library allocation
page read and write
ECFE000
stack
page read and write
D6E4A7F000
stack
page read and write
12CBE000
stack
page read and write
5A60000
direct allocation
page read and write | page no cache
6A60000
direct allocation
page read and write | page no cache
D03E000
stack
page read and write
1267E000
stack
page read and write
7B2947E000
stack
page read and write
1079000
heap
page read and write
1150000
heap
page read and write
AFF0000
direct allocation
page read and write
100BE000
stack
page read and write
21CB3031000
heap
page read and write
B85A000
trusted library allocation
page read and write
1583E000
stack
page read and write
BBD0000
direct allocation
page read and write
1097000
heap
page read and write
AFA0000
direct allocation
page read and write
B838000
trusted library allocation
page read and write
6260000
direct allocation
page read and write | page no cache
D1BE000
stack
page read and write
136BE000
stack
page read and write
1155000
heap
page read and write
778A6F9000
stack
page read and write
E2FE000
stack
page read and write
22C4A7A000
stack
page read and write
6060000
direct allocation
page read and write | page no cache
15ABE000
stack
page read and write
D13E000
stack
page read and write
3960000
direct allocation
page read and write | page no cache
14D3E000
stack
page read and write
B040000
direct allocation
page read and write
4E60000
direct allocation
page read and write | page no cache
B59E000
stack
page read and write
13C45015000
heap
page read and write
132BF000
stack
page read and write
159BE000
stack
page read and write
B91E000
stack
page read and write
ACD0000
direct allocation
page read and write
2A92524F000
heap
page read and write
B18F000
direct allocation
page read and write
338A000
direct allocation
page read and write
AD50000
direct allocation
page read and write
AF00000
direct allocation
page read and write
B847000
trusted library allocation
page read and write
106BE000
stack
page read and write
140BE000
stack
page read and write
B810000
trusted library allocation
page read and write
FA7E000
stack
page read and write
3B1000
unkown
page execute read
D6E467C000
stack
page read and write
6F60000
direct allocation
page read and write | page no cache
3260000
direct allocation
page read and write | page no cache
1430000
direct allocation
page read and write | page no cache
1046000
heap
page read and write
F6FE000
stack
page read and write
1016000
heap
page read and write
1573E000
stack
page read and write
132F000
stack
page read and write
1077000
heap
page read and write
2C60000
direct allocation
page read and write
14E3F000
stack
page read and write
5C60000
direct allocation
page read and write | page no cache
1440000
direct allocation
page read and write
21A89702000
heap
page read and write
1079000
heap
page read and write
1007000
heap
page read and write
B13F000
direct allocation
page read and write
1443F000
stack
page read and write
FD4000
heap
page read and write
13C45102000
heap
page read and write
778AA79000
stack
page read and write
2A92523C000
heap
page read and write
B090000
direct allocation
page read and write
BF0000
unkown
page read and write
3DB000
unkown
page read and write
AEA0000
direct allocation
page read and write
136BE000
stack
page read and write
21A89502000
trusted library allocation
page read and write
AF30000
direct allocation
page read and write
AE10000
direct allocation
page read and write
12B3F000
stack
page read and write
1460000
heap
page read and write
D03E000
stack
page read and write
AE50000
direct allocation
page read and write
BBB0000
direct allocation
page read and write
6060000
direct allocation
page read and write | page no cache
D23E000
stack
page read and write
FF9000
heap
page read and write
10B0000
trusted library allocation
page read and write
15E7E000
stack
page read and write
13C49F70000
trusted library allocation
page read and write
2C10000
direct allocation
page read and write
111FE000
stack
page read and write
C7AE000
stack
page read and write
1047000
heap
page read and write
5260000
direct allocation
page read and write | page no cache
3DB000
unkown
page read and write
13C49CC0000
trusted library allocation
page read and write
3760000
direct allocation
page read and write | page no cache
DFBF000
stack
page read and write
2EEB1B00000
heap
page read and write
CEF0000
trusted library allocation
page read and write
2EEB1C64000
heap
page read and write
3B0000
unkown
page readonly
114BE000
stack
page read and write
2401896D000
heap
page read and write
13C45100000
heap
page read and write
FBA000
heap
page read and write
13C448AE000
heap
page read and write
114FD000
stack
page read and write
1078000
heap
page read and write
2EEB1D02000
heap
page read and write
151FF000
stack
page read and write
4D60000
direct allocation
page read and write | page no cache
10AE000
heap
page read and write
2EEB1C3D000
heap
page read and write
E53E000
stack
page read and write
3260000
direct allocation
page read and write | page no cache
239D3829000
heap
page read and write
138FF000
stack
page read and write
AC70000
direct allocation
page read and write
124FF000
stack
page read and write
2EEB1C67000
heap
page read and write
B10F000
direct allocation
page read and write
1307E000
stack
page read and write
22C467B000
stack
page read and write
146FE000
stack
page read and write
22C4E7F000
stack
page read and write
147FF000
stack
page read and write
FBA000
heap
page read and write
AFD0000
direct allocation
page read and write
E43E000
stack
page read and write
24018902000
heap
page read and write
1042000
heap
page read and write
D2FE000
stack
page read and write
C8A0000
direct allocation
page read and write
2C60000
direct allocation
page read and write
24017E00000
heap
page read and write
15D3E000
stack
page read and write
2A925A02000
trusted library allocation
page read and write
D1BE000
stack
page read and write
10AD000
heap
page read and write
2C10000
direct allocation
page read and write
C215000
stack
page read and write
132F000
stack
page read and write
105BE000
stack
page read and write
10F7E000
stack
page read and write
B17F000
direct allocation
page read and write
AF20000
direct allocation
page read and write
B84C000
trusted library allocation
page read and write
16DBE000
stack
page read and write
2C98000
direct allocation
page read and write
118FE000
stack
page read and write
13C49E80000
trusted library allocation
page read and write
D2FE000
stack
page read and write
2EEB1C79000
heap
page read and write
AE00000
direct allocation
page read and write
24017E13000
heap
page read and write
108B000
heap
page read and write
179FE000
stack
page read and write
1002000
heap
page read and write
108B000
heap
page read and write
318B000
direct allocation
page read and write
B836000
trusted library allocation
page read and write
10F7E000
stack
page read and write
142F000
stack
page read and write
24017E57000
heap
page read and write
E7BE000
stack
page read and write
2A925313000
heap
page read and write
109D000
heap
page read and write
AEE0000
direct allocation
page read and write
B59E000
stack
page read and write
ADA0000
direct allocation
page read and write
AE60000
direct allocation
page read and write
3DE000
unkown
page readonly
2C10000
direct allocation
page read and write
B856000
trusted library allocation
page read and write
B82E000
trusted library allocation
page read and write
11EFE000
stack
page read and write
E63F000
stack
page read and write
AD40000
direct allocation
page read and write
12DFE000
stack
page read and write
AE20000
direct allocation
page read and write
2CCE000
direct allocation
page read and write
10A9000
heap
page read and write
11BFE000
stack
page read and write
107F000
heap
page read and write
2EEB1C7D000
heap
page read and write
114FD000
stack
page read and write
2C10000
heap
page read and write
1007000
heap
page read and write
14F7F000
stack
page read and write
19F37002000
heap
page read and write
BBB0000
direct allocation
page read and write
FA70000
direct allocation
page read and write
13C448A6000
heap
page read and write
C5E0000
direct allocation
page read and write
21CB2ED0000
heap
page read and write
DEBF000
stack
page read and write
AEE0000
direct allocation
page read and write
2C60000
direct allocation
page read and write
14BFE000
stack
page read and write
1002000
heap
page read and write
107FF000
stack
page read and write
11CFE000
stack
page read and write
7B291EE000
stack
page read and write
1407F000
stack
page read and write
BFDE000
stack
page read and write
B85E000
trusted library allocation
page read and write
1183E000
stack
page read and write
AD50000
direct allocation
page read and write
2C60000
direct allocation
page read and write
1537E000
stack
page read and write
107F000
heap
page read and write
3B1000
unkown
page execute read
B7E0000
trusted library allocation
page read and write
C6E7DFF000
stack
page read and write
122FF000
stack
page read and write
AF30000
direct allocation
page read and write
5D60000
direct allocation
page read and write | page no cache
B5DE000
stack
page read and write
2A925302000
heap
page read and write
3D4000
unkown
page readonly
105BE000
stack
page read and write
FB0000
heap
page read and write
1026000
heap
page read and write
101BE000
stack
page read and write
AED0000
direct allocation
page read and write
2A925202000
heap
page read and write
EA3E000
stack
page read and write
11FFF000
stack
page read and write
2CD7000
direct allocation
page read and write
ACA0000
direct allocation
page read and write
178FE000
stack
page read and write
3D4000
unkown
page readonly
ADC0000
direct allocation
page read and write
19F37029000
heap
page read and write
6360000
direct allocation
page read and write | page no cache
ECBE000
stack
page read and write
10AE000
heap
page read and write
141BF000
stack
page read and write
AE90000
direct allocation
page read and write
14BBF000
stack
page read and write
B804000
trusted library allocation
page read and write
123FF000
stack
page read and write
2F60000
direct allocation
page read and write | page no cache
AF40000
direct allocation
page read and write
16D7E000
stack
page read and write
B17F000
direct allocation
page read and write
2C94000
direct allocation
page read and write
B6C7E7E000
stack
page read and write
1067000
heap
page read and write
B847000
trusted library allocation
page read and write
BBB0000
remote allocation
page read and write
21A89400000
unkown
page read and write
DDBE000
stack
page read and write
3D60000
direct allocation
page read and write | page no cache
150FE000
stack
page read and write
1073000
heap
page read and write
1263F000
stack
page read and write
13A7E000
stack
page read and write
B840000
trusted library allocation
page read and write
B1AF000
direct allocation
page read and write
5660000
direct allocation
page read and write | page no cache
B800000
trusted library allocation
page read and write
13C45840000
trusted library allocation
page read and write
2C60000
direct allocation
page read and write
CEF0000
trusted library allocation
page read and write
2EEB1C57000
heap
page read and write
239D387C000
heap
page read and write
1042000
heap
page read and write
B810000
trusted library allocation
page read and write
142F000
stack
page read and write
1123E000
stack
page read and write
13C45301000
trusted library allocation
page read and write
21A89700000
heap
page read and write
2C60000
direct allocation
page read and write
B0DF000
direct allocation
page read and write
F6BE000
stack
page read and write
1393E000
stack
page read and write
13E3E000
stack
page read and write
1587E000
stack
page read and write
FD4000
heap
page read and write
E17E000
stack
page read and write
ACA0000
direct allocation
page read and write
19F36FC0000
trusted library allocation
page read and write
2EEB1C47000
heap
page read and write
1073000
heap
page read and write
C6E767B000
stack
page read and write
BD1E000
stack
page read and write
1042000
heap
page read and write
1044000
heap
page read and write
B840000
trusted library allocation
page read and write
AFB0000
direct allocation
page read and write
2C20000
direct allocation
page read and write
AE80000
direct allocation
page read and write
109F000
heap
page read and write
14E3F000
stack
page read and write
5F60000
direct allocation
page read and write | page no cache
10B0000
trusted library allocation
page read and write
6260000
direct allocation
page read and write | page no cache
D53E000
stack
page read and write
3560000
direct allocation
page read and write | page no cache
2EEB23A0000
trusted library allocation
page read and write
132FE000
stack
page read and write
4060000
direct allocation
page read and write | page no cache
5E60000
direct allocation
page read and write | page no cache
FEA000
heap
page read and write
6C60000
direct allocation
page read and write | page no cache
1533F000
stack
page read and write
7B299FF000
stack
page read and write
AE70000
direct allocation
page read and write
EBBE000
stack
page read and write
2D60000
direct allocation
page read and write | page no cache
B824000
trusted library allocation
page read and write
EB7E000
stack
page read and write
2D90000
direct allocation
page read and write
B070000
direct allocation
page read and write
142F000
stack
page read and write
5560000
direct allocation
page read and write | page no cache
3060000
direct allocation
page read and write | page no cache
AD00000
direct allocation
page read and write
2C60000
direct allocation
page read and write
E2BE000
stack
page read and write
1016000
heap
page read and write
B090000
direct allocation
page read and write
1042000
heap
page read and write
14A7F000
stack
page read and write
106D000
heap
page read and write
14E7E000
stack
page read and write
21A89402000
unkown
page read and write
11DFE000
unkown
page read and write
AD70000
direct allocation
page read and write
B847000
trusted library allocation
page read and write
D27E000
stack
page read and write
FF9000
heap
page read and write
239D3813000
heap
page read and write
1067000
heap
page read and write
7C457F9000
stack
page read and write
108B000
heap
page read and write
19F37013000
heap
page read and write
5760000
direct allocation
page read and write | page no cache
239D3913000
heap
page read and write
13C4A03D000
heap
page read and write
13F3F000
stack
page read and write
AFC0000
direct allocation
page read and write
145BE000
stack
page read and write
105A000
heap
page read and write
15AFE000
stack
page read and write
107D000
heap
page read and write
1007000
heap
page read and write
109D000
heap
page read and write
B19F000
direct allocation
page read and write
B0C0000
direct allocation
page read and write
13C45113000
heap
page read and write
EFEDCFE000
stack
page read and write
B060000
direct allocation
page read and write
16EFE000
stack
page read and write
14E7E000
stack
page read and write
13C4A02B000
heap
page read and write
D6E4CFD000
stack
page read and write
15D7E000
stack
page read and write
105A000
heap
page read and write
B1AF000
direct allocation
page read and write
B10F000
direct allocation
page read and write
21A89290000
heap
page read and write
109D000
heap
page read and write
1047000
heap
page read and write
11BBE000
stack
page read and write
B0EF000
direct allocation
page read and write
15BFE000
stack
page read and write
16EBE000
stack
page read and write
113E000
stack
page read and write
E5D000
stack
page read and write
4160000
direct allocation
page read and write | page no cache
1407F000
stack
page read and write
10FE000
stack
page read and write
10A3E000
stack
page read and write
15E7E000
stack
page read and write
2C20000
direct allocation
page read and write
13E3E000
stack
page read and write
1483E000
stack
page read and write
1077000
heap
page read and write
CEEE000
stack
page read and write
1069000
heap
page read and write
ADC0000
direct allocation
page read and write
13C44FD1000
trusted library allocation
page read and write
2C60000
direct allocation
page read and write
105D000
heap
page read and write
13C44856000
heap
page read and write
24018990000
heap
page read and write
D63E000
stack
page read and write
6D60000
direct allocation
page read and write | page no cache
DB3E000
stack
page read and write
1002000
heap
page read and write
E07E000
stack
page read and write
239D3720000
heap
page read and write
B861000
trusted library allocation
page read and write
BBB0000
remote allocation
page read and write
27C4E0E0000
heap
page read and write
FCFE000
stack
page read and write
F1BE000
stack
page read and write
120FF000
stack
page read and write
6160000
direct allocation
page read and write | page no cache
AE30000
direct allocation
page read and write
146BF000
stack
page read and write
21A89602000
heap
page read and write
BBD0000
direct allocation
page read and write
14D3E000
stack
page read and write
CAEE000
stack
page read and write
106F000
heap
page read and write
BBD0000
remote allocation
page read and write
2D60000
direct allocation
page read and write | page no cache
106F000
heap
page read and write
108B000
heap
page read and write
13C4A0DF000
heap
page read and write
13C45002000
heap
page read and write
3A92000
direct allocation
page read and write
19F37075000
heap
page read and write
B802000
trusted library allocation
page read and write
3560000
direct allocation
page read and write | page no cache
37D9000
direct allocation
page read and write
B81B000
trusted library allocation
page read and write
E8FE000
stack
page read and write
13C45970000
trusted library section
page readonly
2C60000
direct allocation
page read and write
FBA000
heap
page read and write
4A60000
direct allocation
page read and write | page no cache
13C49D50000
trusted library allocation
page read and write
16EBE000
stack
page read and write
E6BE000
stack
page read and write
21CB3069000
heap
page read and write
109F000
heap
page read and write
142FE000
stack
page read and write
24017E6F000
heap
page read and write
109D000
heap
page read and write
123FF000
stack
page read and write
7C456FA000
stack
page read and write
CBEE000
stack
page read and write
21CB3052000
heap
page read and write
109B000
heap
page read and write
1497E000
stack
page read and write
1042000
heap
page read and write
105A000
heap
page read and write
2C60000
direct allocation
page read and write
2C60000
direct allocation
page read and write
E93E000
stack
page read and write
AF80000
direct allocation
page read and write
13C4A056000
heap
page read and write
B0B0000
direct allocation
page read and write
107F000
heap
page read and write
13DFF000
stack
page read and write
1067000
heap
page read and write
C7EE000
stack
page read and write
239D383C000
heap
page read and write
10AD000
heap
page read and write
3DE000
unkown
page readonly
2F60000
direct allocation
page read and write | page no cache
C0DF000
stack
page read and write
1042000
heap
page read and write
114BE000
stack
page read and write
B83C000
trusted library allocation
page read and write
3D4000
unkown
page readonly
2EEB1C73000
heap
page read and write
13C49E68000
trusted library allocation
page read and write
E5D000
stack
page read and write
D3FE000
stack
page read and write
13F3F000
stack
page read and write
AEC0000
direct allocation
page read and write
13C49CD0000
trusted library allocation
page read and write
C6E787E000
stack
page read and write
239D3800000
heap
page read and write
B85A000
trusted library allocation
page read and write
12B7E000
stack
page read and write
110FE000
stack
page read and write
1097000
heap
page read and write
3060000
direct allocation
page read and write | page no cache
1155000
heap
page read and write
19F37802000
trusted library allocation
page read and write
21A89500000
trusted library allocation
page read and write
24017CE0000
heap
page read and write
F6FE000
stack
page read and write
ACC0000
direct allocation
page read and write
B080000
direct allocation
page read and write
1353F000
stack
page read and write
1097000
heap
page read and write
13C49E60000
trusted library allocation
page read and write
13C446C0000
heap
page read and write
5A60000
direct allocation
page read and write | page no cache
C82E000
stack
page read and write
BBC0000
direct allocation
page read and write
27C4E180000
trusted library allocation
page read and write
95557AC000
stack
page read and write
108E000
heap
page read and write
D53E000
stack
page read and write
F0BE000
stack
page read and write
D73F000
stack
page read and write
13CFE000
stack
page read and write
24017E43000
heap
page read and write
13C4A000000
heap
page read and write
1277F000
stack
page read and write
D17E000
stack
page read and write
2EEB1C5E000
heap
page read and write
1061000
heap
page read and write
B83C000
trusted library allocation
page read and write
EFED7CB000
stack
page read and write
1533F000
stack
page read and write
2EEB1C69000
heap
page read and write
E93E000
stack
page read and write
27C4E202000
heap
page read and write
B16F000
direct allocation
page read and write
13A3F000
stack
page read and write
B856000
trusted library allocation
page read and write
1002000
heap
page read and write
C890000
direct allocation
page read and write
1003000
heap
page read and write
DFBF000
stack
page read and write
13A7E000
stack
page read and write
3D71000
direct allocation
page read and write
E2BE000
stack
page read and write
1005000
heap
page read and write
2C60000
direct allocation
page read and write | page no cache
12CBE000
stack
page read and write
17B3E000
stack
page read and write
D27E000
stack
page read and write
27C4E1B0000
remote allocation
page read and write
C11E000
stack
page read and write
14F7F000
stack
page read and write
B84C000
trusted library allocation
page read and write
21CB2E80000
heap
page read and write
5E60000
direct allocation
page read and write | page no cache
C460000
direct allocation
page read and write
C880000
direct allocation
page read and write
FCFE000
stack
page read and write
BCDE000
stack
page read and write
1767E000
stack
page read and write
2C10000
heap
page read and write
2A925308000
heap
page read and write
21CB303D000
heap
page read and write
1197E000
unkown
page read and write
C870000
direct allocation
page read and write
15AFE000
stack
page read and write
AD60000
direct allocation
page read and write
239D36C0000
heap
page read and write
14ABE000
stack
page read and write
FD7000
heap
page read and write
AD80000
direct allocation
page read and write
C6E7CFA000
stack
page read and write
FE8000
heap
page read and write
10E3E000
stack
page read and write
106FE000
stack
page read and write
B0C0000
direct allocation
page read and write
115FE000
stack
page read and write
D73F000
stack
page read and write
179FE000
stack
page read and write
B020000
direct allocation
page read and write
13C49E60000
trusted library allocation
page read and write
EA7E000
stack
page read and write
C86E000
stack
page read and write
BBD0000
remote allocation
page read and write
B84C000
trusted library allocation
page read and write
13C44913000
heap
page read and write
1065000
heap
page read and write
1753E000
stack
page read and write
4660000
direct allocation
page read and write | page no cache
1343E000
stack
page read and write
C7AE000
stack
page read and write
1573E000
stack
page read and write
1777E000
stack
page read and write
35CA000
direct allocation
page read and write
15D3E000
stack
page read and write
1096000
heap
page read and write
100BE000
stack
page read and write
FD7000
heap
page read and write
CBEE000
stack
page read and write
B856000
trusted library allocation
page read and write
AE70000
direct allocation
page read and write
AFE0000
direct allocation
page read and write
1763E000
stack
page read and write
EA7E000
stack
page read and write
3E60000
direct allocation
page read and write | page no cache
1018000
heap
page read and write
B14F000
direct allocation
page read and write
BBA0000
direct allocation
page read and write
FA3E000
stack
page read and write
D63E000
stack
page read and write
113E000
stack
page read and write
15D7E000
stack
page read and write
BF5E000
stack
page read and write
133FF000
stack
page read and write
BA1E000
stack
page read and write
24018802000
heap
page read and write
2D60000
direct allocation
page read and write | page no cache
2C20000
direct allocation
page read and write
6B60000
direct allocation
page read and write | page no cache
FDFE000
stack
page read and write
ACB0000
direct allocation
page read and write
B6C787C000
stack
page read and write
D6E4BFF000
stack
page read and write
D6E4E7E000
stack
page read and write
AC60000
direct allocation
page read and write
1440000
direct allocation
page read and write
21A89515000
trusted library allocation
page read and write
150BF000
stack
page read and write
5160000
direct allocation
page read and write | page no cache
108F000
heap
page read and write
123F000
trusted library allocation
page read and write
2C60000
direct allocation
page read and write | page no cache
14CFF000
stack
page read and write
2EEB1C3E000
heap
page read and write
AEB0000
direct allocation
page read and write
C6E7EFA000
stack
page read and write
108B000
heap
page read and write
6860000
direct allocation
page read and write | page no cache
1367F000
stack
page read and write
EDFE000
stack
page read and write
108B000
heap
page read and write
1440000
direct allocation
page read and write
E53E000
stack
page read and write
13C49EA0000
trusted library allocation
page read and write
4160000
direct allocation
page read and write | page no cache
121FF000
stack
page read and write
3D4000
unkown
page readonly
B050000
direct allocation
page read and write
D6E497E000
stack
page read and write
22C4F7F000
stack
page read and write
2C20000
direct allocation
page read and write
22C4D7E000
stack
page read and write
12B3F000
stack
page read and write
3B1000
unkown
page execute read
2A925120000
trusted library allocation
page read and write
1147E000
stack
page read and write
2EEB1C3C000
heap
page read and write
3A74000
direct allocation
page read and write
2EEB1C5B000
heap
page read and write
F59000
stack
page read and write
5260000
direct allocation
page read and write | page no cache
C62E000
stack
page read and write
BF5E000
stack
page read and write
22C507A000
stack
page read and write
21A89600000
heap
page read and write
1713E000
stack
page read and write
24017E91000
heap
page read and write
3B60000
direct allocation
page read and write | page no cache
2CBC000
direct allocation
page read and write
13C4A011000
heap
page read and write
142FE000
stack
page read and write
129FF000
stack
page read and write
24018913000
heap
page read and write
1763E000
stack
page read and write
178FE000
stack
page read and write
4860000
direct allocation
page read and write | page no cache
101FE000
stack
page read and write
1044000
heap
page read and write
1018000
heap
page read and write
C6E797F000
stack
page read and write
239D3865000
heap
page read and write
1014000
heap
page read and write
155FE000
stack
page read and write
AE30000
direct allocation
page read and write
2CCA000
direct allocation
page read and write
3260000
direct allocation
page read and write | page no cache
6F60000
direct allocation
page read and write | page no cache
1493F000
stack
page read and write
1163D000
stack
page read and write
1061000
heap
page read and write
2CB5000
direct allocation
page read and write
13C49E84000
trusted library allocation
page read and write
1357E000
stack
page read and write
95564FF000
stack
page read and write
7C458FF000
stack
page read and write
FA3E000
stack
page read and write
1084000
heap
page read and write
D6E4DFD000
stack
page read and write
B836000
trusted library allocation
page read and write
1547F000
stack
page read and write
24017FB9000
heap
page read and write
9555EFF000
stack
page read and write
13C44829000
heap
page read and write
27C4E23D000
heap
page read and write
AFC0000
direct allocation
page read and write
10AE000
heap
page read and write
E63F000
stack
page read and write
4460000
direct allocation
page read and write | page no cache
2EEB1C6A000
heap
page read and write
2A92524A000
heap
page read and write
B858000
trusted library allocation
page read and write
146FE000
stack
page read and write
13C45950000
trusted library section
page readonly
FF5000
heap
page read and write
107F000
heap
page read and write
1028000
heap
page read and write
FB0000
heap
page read and write
2EEB1A90000
heap
page read and write
B0A0000
direct allocation
page read and write
1547F000
stack
page read and write
AD40000
direct allocation
page read and write
150BF000
stack
page read and write
12DBF000
stack
page read and write
1079000
heap
page read and write
141FD000
stack
page read and write
13BBE000
stack
page read and write
EF7F000
stack
page read and write
B070000
direct allocation
page read and write
14ABE000
stack
page read and write
2CDB000
direct allocation
page read and write
1777E000
stack
page read and write
13C4A100000
heap
page read and write
10BFE000
stack
page read and write
B838000
trusted library allocation
page read and write
2C60000
direct allocation
page read and write | page no cache
B800000
trusted library allocation
page read and write
FB0000
heap
page read and write
10CFE000
stack
page read and write
D13E000
stack
page read and write
24018908000
heap
page read and write
7C459FE000
stack
page read and write
1197E000
unkown
page read and write
6D60000
direct allocation
page read and write | page no cache
C8EE000
stack
page read and write
19F3705B000
heap
page read and write
13C4B000000
heap
page read and write
1143E000
stack
page read and write
10AD000
heap
page read and write
E3FE000
stack
page read and write
B010000
direct allocation
page read and write
3191000
direct allocation
page read and write
118BE000
stack
page read and write
128FE000
stack
page read and write
F1BE000
stack
page read and write
109B000
heap
page read and write
E6BE000
stack
page read and write
DCBE000
stack
page read and write
7160000
direct allocation
page read and write | page no cache
6560000
direct allocation
page read and write | page no cache
132F000
stack
page read and write
35E6000
direct allocation
page read and write
122FF000
stack
page read and write
21A89428000
heap
page read and write
C0DF000
stack
page read and write
1357E000
stack
page read and write
2C60000
direct allocation
page read and write
10FE000
stack
page read and write
12DBF000
stack
page read and write
13C4A0A5000
heap
page read and write
2EEB1C60000
heap
page read and write
DEBF000
stack
page read and write
1047000
heap
page read and write
3DF3000
direct allocation
page read and write
24017E92000
heap
page read and write
1523E000
stack
page read and write
19F36EC0000
heap
page read and write
B843000
trusted library allocation
page read and write
4260000
direct allocation
page read and write | page no cache
13F7E000
stack
page read and write
110FE000
stack
page read and write
19F36E50000
heap
page read and write
BF0000
unkown
page read and write
146BF000
stack
page read and write
2C60000
direct allocation
page read and write
DB7E000
stack
page read and write
21CB2E70000
heap
page read and write
2EEB1C42000
heap
page read and write
12A3E000
stack
page read and write
19F37113000
heap
page read and write
24017E3C000
heap
page read and write
ADE0000
direct allocation
page read and write
F7FE000
stack
page read and write
BBC0000
direct allocation
page read and write
109B000
heap
page read and write
BF9E000
stack
page read and write
1043E000
stack
page read and write
1069000
heap
page read and write
21CB3102000
heap
page read and write
2C60000
direct allocation
page read and write
B814000
trusted library allocation
page read and write
B91E000
stack
page read and write
107D000
heap
page read and write
D6E48FE000
stack
page read and write
239D4002000
trusted library allocation
page read and write
24017D70000
trusted library allocation
page read and write
19F36E60000
heap
page read and write
107D000
heap
page read and write
BB9E000
stack
page read and write
105F000
heap
page read and write
2EEB1C83000
heap
page read and write
C9EE000
stack
page read and write
5F60000
direct allocation
page read and write | page no cache
13C44800000
heap
page read and write
1450000
direct allocation
page read and write
1062000
heap
page read and write
1523E000
stack
page read and write
C31E000
stack
page read and write
14BBF000
stack
page read and write
239D3884000
heap
page read and write
FDFE000
stack
page read and write
5860000
direct allocation
page read and write | page no cache
E2FE000
stack
page read and write
239D3889000
heap
page read and write
19F37102000
heap
page read and write
24017CD0000
heap
page read and write
27C4E302000
heap
page read and write
1173D000
stack
page read and write
FA7E000
stack
page read and write
106F000
heap
page read and write
239D3853000
heap
page read and write
6760000
direct allocation
page read and write | page no cache
1047000
heap
page read and write
1457F000
stack
page read and write
13C49FB0000
trusted library allocation
page read and write
13C4A104000
heap
page read and write
B82D000
trusted library allocation
page read and write
109B000
heap
page read and write
B0DF000
direct allocation
page read and write
EFEDDFE000
stack
page read and write
145BE000
stack
page read and write
24017FE5000
heap
page read and write
2C60000
direct allocation
page read and write
132BF000
stack
page read and write
2C8A000
direct allocation
page read and write
14A7F000
stack
page read and write
110BF000
stack
page read and write
B000000
direct allocation
page read and write
1317F000
stack
page read and write
27C4E213000
heap
page read and write
101A000
heap
page read and write
16D7E000
stack
page read and write
1082000
heap
page read and write
127BE000
stack
page read and write
2DA0000
direct allocation
page read and write
106F000
heap
page read and write
B49E000
stack
page read and write
1014000
heap
page read and write
109F000
heap
page read and write
24018A27000
heap
page read and write
CF3E000
stack
page read and write
B84D000
trusted library allocation
page read and write
B852000
trusted library allocation
page read and write
13C49E90000
trusted library allocation
page read and write
10BFE000
stack
page read and write
10D3E000
stack
page read and write
1133F000
stack
page read and write
22C4DFF000
stack
page read and write
6560000
direct allocation
page read and write | page no cache
B080000
direct allocation
page read and write
13A3F000
stack
page read and write
140BE000
stack
page read and write
AEF0000
direct allocation
page read and write
3D60000
direct allocation
page read and write | page no cache
FBFE000
stack
page read and write
3DB000
unkown
page write copy
DB3E000
stack
page read and write
27C4E0F0000
heap
page read and write
B849000
trusted library allocation
page read and write
22C497A000
stack
page read and write
BBB0000
direct allocation
page read and write
2F60000
direct allocation
page read and write | page no cache
1044000
heap
page read and write
C76E000
stack
page read and write
FF7E000
stack
page read and write
6A60000
direct allocation
page read and write | page no cache
B020000
direct allocation
page read and write
1044000
heap
page read and write
AE10000
direct allocation
page read and write
13C4A0E4000
heap
page read and write
1047000
heap
page read and write
24018922000
heap
page read and write
106B000
heap
page read and write
1044000
heap
page read and write
B81C000
trusted library allocation
page read and write
1079000
heap
page read and write
BE1E000
stack
page read and write
AFF0000
direct allocation
page read and write
13C45940000
trusted library section
page readonly
E7FE000
stack
page read and write
1147E000
stack
page read and write
13C45118000
heap
page read and write
1032000
heap
page read and write
B81E000
trusted library allocation
page read and write
1597E000
stack
page read and write
6E60000
direct allocation
page read and write | page no cache
BBC0000
direct allocation
page read and write
3261000
direct allocation
page read and write
107D000
heap
page read and write
2EEB2402000
trusted library allocation
page read and write
D17E000
stack
page read and write
C870000
direct allocation
page read and write
BBB0000
direct allocation
page read and write
778AB7B000
stack
page read and write
B829000
trusted library allocation
page read and write
107F000
heap
page read and write
778A87F000
stack
page read and write
10A7D000
stack
page read and write
7B296FB000
stack
page read and write
1087000
heap
page read and write
B0FF000
direct allocation
page read and write
2C60000
direct allocation
page read and write
22C4B7F000
stack
page read and write
2EEB1C74000
heap
page read and write
FFBE000
stack
page read and write
B6C7D7F000
stack
page read and write
1150000
heap
page read and write
1077000
heap
page read and write
150FE000
stack
page read and write
1043E000
stack
page read and write
113E000
stack
page read and write
13C49D40000
trusted library allocation
page read and write
EFEDAFE000
stack
page read and write
1003000
heap
page read and write
101D000
heap
page read and write
13C44813000
heap
page read and write
2C60000
direct allocation
page read and write
1393E000
stack
page read and write
6460000
direct allocation
page read and write | page no cache
1048000
heap
page read and write
24017D40000
heap
page read and write
BFDE000
stack
page read and write
B6C7B7B000
stack
page read and write
5C60000
direct allocation
page read and write | page no cache
13C49F30000
trusted library allocation
page read and write
24017E43000
heap
page read and write
22C4C7B000
stack
page read and write
19F37000000
heap
page read and write
1088000
heap
page read and write
ACF0000
direct allocation
page read and write
BA1E000
stack
page read and write
15C3E000
stack
page read and write
AE00000
direct allocation
page read and write
2A92527D000
heap
page read and write
4C60000
direct allocation
page read and write | page no cache
1457F000
stack
page read and write
13C44858000
heap
page read and write
132F000
stack
page read and write
B820000
trusted library allocation
page read and write
159BE000
stack
page read and write
2EEB1C4E000
heap
page read and write
7C455FF000
stack
page read and write
1353F000
stack
page read and write
D2BE000
stack
page read and write
EA3E000
stack
page read and write
13C4A0A2000
heap
page read and write
2F60000
direct allocation
page read and write | page no cache
5360000
direct allocation
page read and write | page no cache
1193E000
unkown
page read and write
6460000
direct allocation
page read and write | page no cache
BA5E000
stack
page read and write
B83C000
trusted library allocation
page read and write
22C4877000
stack
page read and write
FBBE000
stack
page read and write
B6C797F000
stack
page read and write
24018A00000
heap
page read and write
3B1000
unkown
page execute read
B838000
trusted library allocation
page read and write
1447E000
stack
page read and write
D23E000
stack
page read and write
C62E000
stack
page read and write
B050000
direct allocation
page read and write
124FF000
stack
page read and write
2EEB1C63000
heap
page read and write
3960000
direct allocation
page read and write | page no cache
21A8940D000
unkown
page read and write
6660000
direct allocation
page read and write | page no cache
107D000
heap
page read and write
C7EE000
stack
page read and write
105A000
heap
page read and write
C8A0000
direct allocation
page read and write
2EEB1C41000
heap
page read and write
B838000
trusted library allocation
page read and write
2A924FC0000
heap
page read and write
AC90000
direct allocation
page read and write
1253E000
stack
page read and write
6B60000
direct allocation
page read and write | page no cache
1450000
direct allocation
page read and write
22C5179000
stack
page read and write
2C60000
direct allocation
page read and write
10FE000
stack
page read and write
107D000
heap
page read and write
16C7E000
stack
page read and write
2C60000
direct allocation
page read and write
B818000
trusted library allocation
page read and write
24017E2A000
heap
page read and write
6860000
direct allocation
page read and write | page no cache
CAEE000
stack
page read and write
13C49F80000
trusted library allocation
page read and write
ECBE000
stack
page read and write
177BE000
stack
page read and write
7060000
direct allocation
page read and write | page no cache
1267E000
stack
page read and write
13B7F000
stack
page read and write
1450000
direct allocation
page read and write
27C4E200000
heap
page read and write
13C44FF3000
trusted library allocation
page read and write
AD30000
direct allocation
page read and write
13CFE000
stack
page read and write
ACE0000
direct allocation
page read and write
1155000
heap
page read and write
1042000
heap
page read and write
B82A000
trusted library allocation
page read and write
1447E000
stack
page read and write
13C44841000
heap
page read and write
2D60000
direct allocation
page read and write | page no cache
17A3E000
stack
page read and write
21A89523000
heap
page read and write
21A89613000
heap
page read and write
1032000
heap
page read and write
24017E88000
heap
page read and write
10AE000
heap
page read and write
AF90000
direct allocation
page read and write
1087000
heap
page read and write
2CD2000
direct allocation
page read and write
1007000
heap
page read and write
1450000
direct allocation
page read and write
13C4A0AC000
heap
page read and write
106F000
heap
page read and write
24017E69000
heap
page read and write
AC80000
direct allocation
page read and write
AD00000
direct allocation
page read and write
3760000
direct allocation
page read and write | page no cache
AD60000
direct allocation
page read and write
137BF000
stack
page read and write
106B000
heap
page read and write
BD1E000
stack
page read and write
1597E000
stack
page read and write
AD90000
direct allocation
page read and write
131BE000
stack
page read and write
BE5E000
stack
page read and write
12C7F000
stack
page read and write
105A000
heap
page read and write
113E000
stack
page read and write
3DE000
unkown
page readonly
2C60000
direct allocation
page read and write
13C49EA4000
trusted library allocation
page read and write
2EEB1C62000
heap
page read and write
2EEB1C44000
heap
page read and write
1193E000
unkown
page read and write
13C447C0000
trusted library allocation
page read and write
B82E000
trusted library allocation
page read and write
13C44894000
heap
page read and write
2EEB1C45000
heap
page read and write
1767E000
stack
page read and write
24018954000
heap
page read and write
24018922000
heap
page read and write
10BBE000
stack
page read and write
10FBE000
stack
page read and write
13C44902000
heap
page read and write
F83E000
stack
page read and write
27C4E223000
heap
page read and write
B81A000
trusted library allocation
page read and write
128FE000
stack
page read and write
24018A13000
heap
page read and write
109F000
heap
page read and write
E8FE000
stack
page read and write
3760000
direct allocation
page read and write | page no cache
240189AE000
heap
page read and write
105F000
heap
page read and write
27C4EC02000
trusted library allocation
page read and write
2A925200000
heap
page read and write
27C4E229000
heap
page read and write
EFEDEFF000
stack
page read and write
AED0000
direct allocation
page read and write
1537E000
stack
page read and write
6C60000
direct allocation
page read and write | page no cache
B060000
direct allocation
page read and write
101BE000
stack
page read and write
ACE0000
direct allocation
page read and write
107F000
heap
page read and write
240189BC000
heap
page read and write
4E60000
direct allocation
page read and write | page no cache
10A3E000
stack
page read and write
16C7E000
stack
page read and write
1016000
heap
page read and write
13C448A0000
heap
page read and write
1263F000
stack
page read and write
13C44650000
heap
page read and write
F93E000
stack
page read and write
F83E000
stack
page read and write
6360000
direct allocation
page read and write | page no cache
B18F000
direct allocation
page read and write
B15F000
direct allocation
page read and write
21CB3002000
heap
page read and write
FFBE000
stack
page read and write
1703E000
stack
page read and write
1583E000
stack
page read and write
1029000
heap
page read and write
4B60000
direct allocation
page read and write | page no cache
AFE0000
direct allocation
page read and write
21CB3038000
heap
page read and write
11BBE000
stack
page read and write
CF3E000
stack
page read and write
E17E000
stack
page read and write
12DFE000
stack
page read and write
AC60000
direct allocation
page read and write
EFEDA7E000
stack
page read and write
1065000
heap
page read and write
21CB301F000
heap
page read and write
B840000
trusted library allocation
page read and write
1026000
heap
page read and write
1026000
heap
page read and write
2EEB1C13000
heap
page read and write
5960000
direct allocation
page read and write | page no cache
13CBF000
stack
page read and write
C6E77FE000
stack
page read and write
15BFE000
stack
page read and write
107D000
heap
page read and write
C76E000
stack
page read and write
D2BE000
stack
page read and write
1044000
heap
page read and write
6160000
direct allocation
page read and write | page no cache
21A8944A000
heap
page read and write
11DFE000
unkown
page read and write
2C60000
direct allocation
page read and write
BA5E000
stack
page read and write
AF70000
direct allocation
page read and write
BB5E000
stack
page read and write
13F7E000
stack
page read and write
B816000
trusted library allocation
page read and write
2C10000
heap
page read and write
13C49FC0000
remote allocation
page read and write
BF0000
unkown
page read and write
13C44890000
heap
page read and write
6960000
direct allocation
page read and write | page no cache
5460000
direct allocation
page read and write | page no cache
131BE000
stack
page read and write
B7E0000
trusted library allocation
page read and write
1018000
heap
page read and write
1047E000
stack
page read and write
2EEB1C5A000
heap
page read and write
AF10000
direct allocation
page read and write
B6E0000
trusted library allocation
page read and write
AEC0000
direct allocation
page read and write
19F37041000
heap
page read and write
BB9E000
stack
page read and write
239D3902000
heap
page read and write
137FE000
stack
page read and write
95561FE000
stack
page read and write
AEB0000
direct allocation
page read and write
B6DE000
stack
page read and write
2EEB1C5F000
heap
page read and write
1587E000
stack
page read and write
FBBE000
stack
page read and write
B836000
trusted library allocation
page read and write
ADA0000
direct allocation
page read and write
778A3FE000
stack
page read and write
7B295FF000
stack
page read and write
9555BFA000
stack
page read and write
105A000
heap
page read and write
1067000
heap
page read and write
10E7E000
stack
page read and write
1277F000
stack
page read and write
1087000
heap
page read and write
22C4CFF000
stack
page read and write
AE80000
direct allocation
page read and write
1047E000
stack
page read and write
2C60000
direct allocation
page read and write
13C45118000
heap
page read and write
1026000
heap
page read and write
1065000
heap
page read and write
1123E000
stack
page read and write
FD7000
heap
page read and write
107D000
heap
page read and write
13C49FC0000
remote allocation
page read and write
13C49FA0000
trusted library allocation
page read and write
13CBF000
stack
page read and write
21A89220000
heap
page read and write
B84E000
trusted library allocation
page read and write
21CB3013000
heap
page read and write
3DF0000
direct allocation
page read and write
24017E8C000
heap
page read and write
239D387C000
heap
page read and write
239D3891000
heap
page read and write
2EEB1C5C000
heap
page read and write
F93E000
stack
page read and write
E43E000
stack
page read and write
11850000
direct allocation
page read and write
FD4000
heap
page read and write
C215000
stack
page read and write
1467000
heap
page read and write
AF60000
direct allocation
page read and write
24017F13000
heap
page read and write
4860000
direct allocation
page read and write | page no cache
1467000
heap
page read and write
3B0000
unkown
page readonly
21CB3000000
heap
page read and write
1069000
heap
page read and write
13C49FC0000
trusted library allocation
page read and write
239D3FC0000
trusted library allocation
page read and write
12C7F000
stack
page read and write
CEEE000
stack
page read and write
C82E000
stack
page read and write
E7BE000
stack
page read and write
106D000
heap
page read and write
E7FE000
stack
page read and write
16EFE000
stack
page read and write
11B7F000
stack
page read and write
DC7E000
stack
page read and write
EDFE000
stack
page read and write
111FE000
stack
page read and write
1367F000
stack
page read and write
C6E7AF9000
stack
page read and write
27C4E257000
heap
page read and write
21CB3029000
heap
page read and write
1187E000
stack
page read and write
BF0000
unkown
page read and write
2EEB1C7A000
heap
page read and write
B16F000
direct allocation
page read and write
105A000
heap
page read and write
13C4487C000
heap
page read and write
17B3E000
stack
page read and write
4A60000
direct allocation
page read and write | page no cache
F7FE000
stack
page read and write
F59000
stack
page read and write
ADD0000
direct allocation
page read and write
6E60000
direct allocation
page read and write | page no cache
9555FFD000
stack
page read and write
C6E7BFF000
stack
page read and write
95562FE000
stack
page read and write
AF00000
direct allocation
page read and write
E1BE000
stack
page read and write
B843000
trusted library allocation
page read and write
FF9000
heap
page read and write
1493F000
stack
page read and write
4C60000
direct allocation
page read and write | page no cache
141FD000
stack
page read and write
108FF000
stack
page read and write
2A925020000
heap
page read and write
10FE000
stack
page read and write
C45E000
stack
page read and write
1048000
heap
page read and write
21A89448000
unkown
page read and write
10E7E000
stack
page read and write
14FBE000
stack
page read and write
108B000
heap
page read and write
15C3E000
stack
page read and write
FB0000
heap
page read and write
95563FF000
stack
page read and write
1467000
heap
page read and write
2D12000
direct allocation
page read and write
115FE000
stack
page read and write
13C4A0FD000
heap
page read and write
27C4E150000
heap
page read and write
B81C000
trusted library allocation
page read and write
AF20000
direct allocation
page read and write
AF60000
direct allocation
page read and write
5760000
direct allocation
page read and write | page no cache
11B7F000
stack
page read and write
13C49E81000
trusted library allocation
page read and write
B030000
direct allocation
page read and write
21A89713000
heap
page read and write
B49E000
stack
page read and write
6760000
direct allocation
page read and write | page no cache
9555DFD000
stack
page read and write
B010000
direct allocation
page read and write
EB7E000
stack
page read and write
1093000
heap
page read and write
AC90000
direct allocation
page read and write
AF90000
direct allocation
page read and write
346B000
direct allocation
page read and write
FF9000
heap
page read and write
105A000
heap
page read and write
B80A000
trusted library allocation
page read and write
F59000
stack
page read and write
12EFF000
stack
page read and write
B0B0000
direct allocation
page read and write
F2FE000
stack
page read and write
B12F000
direct allocation
page read and write
11870000
direct allocation
page read and write
2C10000
direct allocation
page read and write
109B000
heap
page read and write
C86E000
stack
page read and write
239D3827000
heap
page read and write
D6E4B7D000
stack
page read and write
1317F000
stack
page read and write
AF40000
direct allocation
page read and write
1433E000
stack
page read and write
109F000
heap
page read and write
C6E7A7B000
stack
page read and write
106B000
heap
page read and write
11EFE000
stack
page read and write
778A97E000
stack
page read and write
AFB0000
direct allocation
page read and write
1497E000
stack
page read and write
AF50000
direct allocation
page read and write
AC70000
direct allocation
page read and write
10E3E000
stack
page read and write
118BE000
stack
page read and write
B0EF000
direct allocation
page read and write
3B0000
unkown
page readonly
10FBE000
stack
page read and write
156FE000
stack
page read and write
ACF0000
direct allocation
page read and write
ADF0000
direct allocation
page read and write
6960000
direct allocation
page read and write | page no cache
1067000
heap
page read and write
24018A23000
heap
page read and write
21CB304F000
heap
page read and write
4060000
direct allocation
page read and write | page no cache
FE9000
heap
page read and write
4360000
direct allocation
page read and write | page no cache
B824000
trusted library allocation
page read and write
1067000
heap
page read and write
1183E000
stack
page read and write
B19F000
direct allocation
page read and write
ECFE000
stack
page read and write
16FFE000
stack
page read and write
239D3900000
heap
page read and write
ADF0000
direct allocation
page read and write
EE7E000
stack
page read and write
2C10000
direct allocation
page read and write
1430000
direct allocation
page read and write | page no cache
13C49E6E000
trusted library allocation
page read and write
6660000
direct allocation
page read and write | page no cache
1073000
heap
page read and write
2C60000
direct allocation
page read and write
FD4000
heap
page read and write
ADD0000
direct allocation
page read and write
21A89436000
heap
page read and write
24017E5B000
heap
page read and write
239D36B0000
heap
page read and write
B0A0000
direct allocation
page read and write
1033E000
stack
page read and write
BBB0000
direct allocation
page read and write
13DFF000
stack
page read and write
5360000
direct allocation
page read and write | page no cache
B847000
trusted library allocation
page read and write
13C49E90000
trusted library allocation
page read and write
2EEB1AA0000
heap
page read and write
7B2957B000
stack
page read and write
16FFE000
stack
page read and write
2C60000
direct allocation
page read and write
3060000
direct allocation
page read and write | page no cache
151FF000
stack
page read and write
2EEB1C3A000
heap
page read and write
B5DE000
stack
page read and write
1047000
heap
page read and write
10B0000
trusted library allocation
page read and write
10ABD000
stack
page read and write
DDBE000
stack
page read and write
1091000
heap
page read and write
102C000
heap
page read and write
2A925229000
heap
page read and write
13C4A063000
heap
page read and write
24017E71000
heap
page read and write
1430000
direct allocation
page read and write
7260000
direct allocation
page read and write | page no cache
3DE000
unkown
page readonly
132FE000
stack
page read and write
AF10000
direct allocation
page read and write
AC80000
direct allocation
page read and write
B000000
direct allocation
page read and write
1077000
heap
page read and write
133FF000
stack
page read and write
F6BE000
stack
page read and write
21A89413000
unkown
page read and write
105A000
heap
page read and write
239D385F000
heap
page read and write
7060000
direct allocation
page read and write | page no cache
109F000
heap
page read and write
121FF000
stack
page read and write
B82E000
trusted library allocation
page read and write
11A7E000
stack
page read and write
F59000
stack
page read and write
BBD0000
direct allocation
page read and write
5460000
direct allocation
page read and write | page no cache
13BBE000
stack
page read and write
13C447D0000
trusted library section
page read and write
C72E000
stack
page read and write
2A925213000
heap
page read and write
2EEB1C30000
heap
page read and write
D4FE000
stack
page read and write
10BBE000
stack
page read and write
1068000
heap
page read and write
17A3E000
stack
page read and write
3D4000
unkown
page readonly
2C60000
direct allocation
page read and write
128BF000
stack
page read and write
24017E66000
heap
page read and write
10D3E000
stack
page read and write
21CB2FD0000
trusted library allocation
page read and write
2A925255000
heap
page read and write
1067000
heap
page read and write
10AB000
heap
page read and write
2C60000
direct allocation
page read and write
1163D000
stack
page read and write
1303F000
stack
page read and write
2EEB1C46000
heap
page read and write
1042000
heap
page read and write
B843000
trusted library allocation
page read and write
2C60000
direct allocation
page read and write
118FE000
stack
page read and write
D3FE000
stack
page read and write
7160000
direct allocation
page read and write | page no cache
108B000
heap
page read and write
5160000
direct allocation
page read and write | page no cache
C890000
direct allocation
page read and write
C8EE000
stack
page read and write
3B60000
direct allocation
page read and write | page no cache
B840000
trusted library allocation
page read and write
C460000
direct allocation
page read and write
3960000
direct allocation
page read and write | page no cache
FE3E000
stack
page read and write
BBB0000
direct allocation
page read and write
B836000
trusted library allocation
page read and write
B84C000
trusted library allocation
page read and write
13C448FE000
heap
page read and write
3B0000
unkown
page readonly
B83C000
trusted library allocation
page read and write
1450000
direct allocation
page read and write
178BE000
stack
page read and write
AD80000
direct allocation
page read and write
B852000
trusted library allocation
page read and write
110BF000
stack
page read and write
7C4519C000
stack
page read and write
2C10000
heap
page read and write
B6DE000
stack
page read and write
2EEB1C02000
heap
page read and write
4260000
direct allocation
page read and write | page no cache
B843000
trusted library allocation
page read and write
5D60000
direct allocation
page read and write | page no cache
107D000
heap
page read and write
AF80000
direct allocation
page read and write
B030000
direct allocation
page read and write
1173D000
stack
page read and write
107FF000
stack
page read and write
1026000
heap
page read and write
BBB0000
direct allocation
page read and write
B0FF000
direct allocation
page read and write
B847000
trusted library allocation
page read and write
11FFF000
stack
page read and write
27C4E1B0000
remote allocation
page read and write
B13F000
direct allocation
page read and write
2A924FB0000
heap
page read and write
127BE000
stack
page read and write
239D3869000
heap
page read and write
13B7F000
stack
page read and write
B11F000
direct allocation
page read and write
AD20000
direct allocation
page read and write
2C60000
direct allocation
page read and write
137BF000
stack
page read and write
24018A30000
heap
page read and write
F0BE000
stack
page read and write
239D3908000
heap
page read and write
24018911000
heap
page read and write
1303F000
stack
page read and write
109D000
heap
page read and write
BF9E000
stack
page read and write
1460000
heap
page read and write
E3FE000
stack
page read and write
106BE000
stack
page read and write
B12F000
direct allocation
page read and write
1016000
heap
page read and write
B838000
trusted library allocation
page read and write
1044000
heap
page read and write
24017D90000
trusted library allocation
page read and write
5660000
direct allocation
page read and write | page no cache
E1BE000
stack
page read and write
There are 1698 hidden memdumps, click here to show them.