Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
current[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe
|
MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
||
C:\Program Files\7-Zip\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_current[1].exe_9b5737f5faee579b493102f3d6aa2427c2a8d_78bff3be_07a493f7-7c08-4e63-830e-5d8ecd9668e0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\jJEAWO.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_jJEAWO.exe_2bd22f57251f20d34b755a755d907fabae7c39b_c18945cf_77b172d6-41a2-4dd7-bb1f-84845737eb17\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2CEF.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Jul 24 22:26:20 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D7C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2DAC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB9B3.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Jul 24 22:25:51 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBB0C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBB2C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\k1[1].rar
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\089268A2.exe
|
ASCII text
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\current[1].exe
|
"C:\Users\user\Desktop\current[1].exe"
|
||
C:\Users\user\AppData\Local\Temp\jJEAWO.exe
|
C:\Users\user\AppData\Local\Temp\jJEAWO.exe
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 1624
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 1504
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://ddos.dnsnb8.net:799/cj//k2.rarDownloadManagerA
|
unknown
|
||
sofahuntingslidedine.shop
|
|||
triangleseasonbenchwj.shop
|
|||
https://sofahuntingslidedine.shop/api
|
188.114.96.3
|
||
modestessayevenmilwek.shop
|
|||
http://ddos.dnsnb8.net:799/cj//k2.rarh?
|
unknown
|
||
https://sofahuntingslidedine.shop/
|
unknown
|
||
https://sofahuntingslidedine.shop/u
|
unknown
|
||
secretionsuitcasenioise.shop
|
|||
gemcreedarticulateod.shop
|
|||
http://ddos.dnsnb8.net:799/cj//k2.rar
|
44.221.84.105
|
||
http://ddos.dnsnb8.net:799/cj//k2.rarp
|
unknown
|
||
http://ddos.dnsnb8.net:799/cj//k2.rark
|
unknown
|
||
http://ddos.dnsnb8.net:799/cj//k2.rarl
|
unknown
|
||
http://ddos.dnsnb8.net:799/cj//k2.rarm
|
unknown
|
||
http://ddos.dnsnb8.net:799/cj//k1.rarE0
|
unknown
|
||
http://ddos.dnsnb8.net:799/cj//k1.rarT
|
unknown
|
||
http://ddos.dnsnb8.net:799/cj//k1.rar
|
44.221.84.105
|
||
liabilityarrangemenyit.shop
|
|||
https://sofahuntingslidedine.shop/apik
|
unknown
|
||
culturesketchfinanciall.shop
|
|||
http://ddos.dnsnb8.net:799/cj//k1.rarcC:
|
unknown
|
||
claimconcessionrebe.shop
|
|||
http://ddos.dnsnb8.net:799/cj//k2.rarN
|
unknown
|
||
http://www.scintilla.org/scite.rng
|
unknown
|
||
http://www.rftp.comJosiah
|
unknown
|
||
http://www.activestate.com
|
unknown
|
||
http://www.activestate.comHolger
|
unknown
|
||
http://%s:%d/%s/%sZwQuerySystemInformationntdll.dllNtSystemDebugControlSeDebugPrivilege%s%.8x.bat:DE
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
http://www.rftp.com
|
unknown
|
||
http://www.baanboard.comBrendon
|
unknown
|
||
https://www.smartsharesystems.com/
|
unknown
|
||
http://www.scintilla.org
|
unknown
|
||
http://www.spaceblue.comMathias
|
unknown
|
||
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
https://www.smartsharesystems.com/Morten
|
unknown
|
||
http://www.develop.com
|
unknown
|
||
http://www.lua.org
|
unknown
|
||
http://www.spaceblue.com
|
unknown
|
||
http://www.baanboard.com
|
unknown
|
||
https://www.cloudflare.com/learning/ddos/glossary/malware/
|
unknown
|
||
http://www.develop.comDeepak
|
unknown
|
There are 33 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
sofahuntingslidedine.shop
|
188.114.96.3
|
||
ddos.dnsnb8.net
|
44.221.84.105
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
188.114.96.3
|
sofahuntingslidedine.shop
|
European Union
|
||
44.221.84.105
|
ddos.dnsnb8.net
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
ProgramId
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
FileId
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
LowerCaseLongPath
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
LongPathHash
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Name
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
OriginalFileName
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Publisher
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Version
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
BinFileVersion
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
BinaryType
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
ProductName
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
ProductVersion
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
LinkDate
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
BinProductVersion
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
AppxPackageFullName
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Size
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Language
|
||
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Usn
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
ProgramId
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
FileId
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
LowerCaseLongPath
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
LongPathHash
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Name
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
OriginalFileName
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Publisher
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Version
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
BinFileVersion
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
BinaryType
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
ProductName
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
ProductVersion
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
LinkDate
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
BinProductVersion
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
AppxPackageFullName
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Size
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Language
|
||
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Usn
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00EC0950A0E
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 33 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
740000
|
direct allocation
|
page execute and read and write
|
||
2FB7000
|
stack
|
page read and write
|
||
630000
|
heap
|
page read and write
|
||
E80000
|
direct allocation
|
page read and write
|
||
2DDE000
|
stack
|
page read and write
|
||
19B000
|
stack
|
page read and write
|
||
8B1000
|
heap
|
page read and write
|
||
10CB000
|
heap
|
page read and write
|
||
382C000
|
stack
|
page read and write
|
||
9C000
|
stack
|
page read and write
|
||
21B0000
|
remote allocation
|
page read and write
|
||
E80000
|
direct allocation
|
page read and write
|
||
E94000
|
unkown
|
page read and write
|
||
E91000
|
unkown
|
page execute and write copy
|
||
10FE000
|
heap
|
page read and write
|
||
33FF000
|
stack
|
page read and write
|
||
3A6E000
|
stack
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
E96000
|
unkown
|
page execute and read and write
|
||
10EB000
|
heap
|
page read and write
|
||
8DD000
|
heap
|
page read and write
|
||
2BAD000
|
trusted library allocation
|
page read and write
|
||
E60000
|
direct allocation
|
page read and write
|
||
896000
|
heap
|
page read and write
|
||
8B1000
|
heap
|
page read and write
|
||
10B4000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
8BE000
|
heap
|
page read and write
|
||
10F3000
|
heap
|
page read and write
|
||
2B9F000
|
stack
|
page read and write
|
||
8BC000
|
heap
|
page read and write
|
||
1510000
|
heap
|
page read and write
|
||
497000
|
unkown
|
page execute and write copy
|
||
1517000
|
heap
|
page read and write
|
||
10EB000
|
heap
|
page read and write
|
||
10D5000
|
heap
|
page read and write
|
||
10D5000
|
heap
|
page read and write
|
||
E80000
|
direct allocation
|
page read and write
|
||
E80000
|
direct allocation
|
page read and write
|
||
150E000
|
stack
|
page read and write
|
||
466000
|
unkown
|
page readonly
|
||
151A000
|
heap
|
page read and write
|
||
5BE000
|
stack
|
page read and write
|
||
8CD000
|
heap
|
page read and write
|
||
8A0000
|
heap
|
page read and write
|
||
E93000
|
unkown
|
page readonly
|
||
241D000
|
stack
|
page read and write
|
||
89A000
|
heap
|
page read and write
|
||
105A000
|
heap
|
page read and write
|
||
37CF000
|
stack
|
page read and write
|
||
8BB000
|
heap
|
page read and write
|
||
109F000
|
heap
|
page read and write
|
||
222D000
|
stack
|
page read and write
|
||
8B3000
|
heap
|
page read and write
|
||
21B0000
|
direct allocation
|
page read and write
|
||
396D000
|
stack
|
page read and write
|
||
A0E000
|
stack
|
page read and write
|
||
2EBF000
|
stack
|
page read and write
|
||
483000
|
unkown
|
page execute and read and write
|
||
570000
|
heap
|
page read and write
|
||
2BA0000
|
trusted library allocation
|
page read and write
|
||
21B0000
|
remote allocation
|
page read and write
|
||
2A9E000
|
stack
|
page read and write
|
||
896000
|
heap
|
page read and write
|
||
81E000
|
heap
|
page read and write
|
||
5370000
|
heap
|
page read and write
|
||
2BAB000
|
trusted library allocation
|
page read and write
|
||
2310000
|
heap
|
page read and write
|
||
8B1000
|
heap
|
page read and write
|
||
8CD000
|
heap
|
page read and write
|
||
894000
|
heap
|
page read and write
|
||
896000
|
heap
|
page read and write
|
||
2DBA000
|
stack
|
page read and write
|
||
F9C000
|
stack
|
page read and write
|
||
141F000
|
stack
|
page read and write
|
||
353F000
|
stack
|
page read and write
|
||
131E000
|
stack
|
page read and write
|
||
81A000
|
heap
|
page read and write
|
||
271F000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page execute and read and write
|
||
2BA5000
|
trusted library allocation
|
page read and write
|
||
149D000
|
stack
|
page read and write
|
||
10FA000
|
heap
|
page read and write
|
||
5FE000
|
stack
|
page read and write
|
||
5450000
|
trusted library allocation
|
page read and write
|
||
E60000
|
direct allocation
|
page read and write
|
||
B9C000
|
stack
|
page read and write
|
||
10D5000
|
heap
|
page read and write
|
||
357E000
|
stack
|
page read and write
|
||
880000
|
heap
|
page read and write
|
||
E91000
|
unkown
|
page execute read
|
||
14A0000
|
heap
|
page read and write
|
||
498000
|
unkown
|
page execute and write copy
|
||
E96000
|
unkown
|
page execute and write copy
|
||
82E000
|
heap
|
page execute and read and write
|
||
1098000
|
heap
|
page read and write
|
||
810000
|
heap
|
page read and write
|
||
E4E000
|
stack
|
page read and write
|
||
36CE000
|
stack
|
page read and write
|
||
10B4000
|
heap
|
page read and write
|
||
2CDE000
|
stack
|
page read and write
|
||
8DE000
|
heap
|
page read and write
|
||
BF0000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
1034000
|
heap
|
page read and write
|
||
470000
|
unkown
|
page write copy
|
||
8CD000
|
heap
|
page read and write
|
||
10FE000
|
heap
|
page read and write
|
||
E75000
|
heap
|
page read and write
|
||
109F000
|
heap
|
page read and write
|
||
E00000
|
heap
|
page read and write
|
||
8DE000
|
heap
|
page read and write
|
||
8A3000
|
heap
|
page read and write
|
||
21B0000
|
remote allocation
|
page read and write
|
||
88E000
|
heap
|
page read and write
|
||
620000
|
heap
|
page read and write
|
||
FDE000
|
stack
|
page read and write
|
||
89A000
|
heap
|
page read and write
|
||
392C000
|
stack
|
page read and write
|
||
226E000
|
stack
|
page read and write
|
||
73F000
|
stack
|
page read and write
|
||
343E000
|
stack
|
page read and write
|
||
251D000
|
stack
|
page read and write
|
||
E93000
|
unkown
|
page write copy
|
||
E70000
|
heap
|
page read and write
|
||
5360000
|
heap
|
page read and write
|
||
E90000
|
unkown
|
page readonly
|
||
367F000
|
stack
|
page read and write
|
||
1103000
|
heap
|
page read and write
|
||
105E000
|
heap
|
page read and write
|
||
10B4000
|
heap
|
page read and write
|
||
10EB000
|
heap
|
page read and write
|
||
8CD000
|
heap
|
page read and write
|
||
261F000
|
stack
|
page read and write
|
||
46C000
|
unkown
|
page write copy
|
||
145E000
|
stack
|
page read and write
|
||
1030000
|
heap
|
page read and write
|
||
10FF000
|
heap
|
page read and write
|
||
8BE000
|
heap
|
page read and write
|
||
47F000
|
unkown
|
page readonly
|
||
107B000
|
heap
|
page read and write
|
||
635000
|
heap
|
page read and write
|
||
10FE000
|
heap
|
page read and write
|
||
22AE000
|
stack
|
page read and write
|
||
109F000
|
heap
|
page read and write
|
||
21E0000
|
heap
|
page read and write
|
||
1019000
|
stack
|
page read and write
|
||
1050000
|
heap
|
page read and write
|
||
8DE000
|
heap
|
page read and write
|
||
8FB000
|
heap
|
page read and write
|
||
E90000
|
unkown
|
page readonly
|
||
1F0000
|
heap
|
page read and write
|
||
412000
|
unkown
|
page execute read
|
||
89A000
|
heap
|
page read and write
|
||
8BE000
|
heap
|
page read and write
|
||
8BE000
|
heap
|
page read and write
|
||
22EE000
|
stack
|
page read and write
|
There are 147 hidden memdumps, click here to show them.