IOC Report
stealc.exe

FilesProcessesURLsDomainsIPsRegistryMemdumps108642010010Label

Files

File Path
Type
Category
Malicious
Download
stealc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\HCAEHJJKFCAAFHJKFBKKEBKECB
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\JEBKJDAFHJDGDHJKKEGI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\JEGHJDGIJECGDHJJECGHIIIECB
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\JKJKJJDBKEGIECAAECFH
ASCII text, with very long lines (1769), with CRLF line terminators
dropped
C:\ProgramData\KJEGDBKF
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\KKFCAAKFBAEHJJJJDHIE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\00d58f03-a177-4489-973f-ce1a632c3a88.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\17eed00c-f3f0-42cb-a0ba-88f76a3307cb.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4577ddff-ce78-482b-9991-bc9c3087a168.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67934BF7-183C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67934BF8-77C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25d49.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25d58.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF26a39.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF26a49.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c9ee4623-fd46-4802-9ac8-8655c5d38cf9.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f38a64dd-9078-42b5-98c0-6ea07e4ead3e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm
data
dropped
Chrome Cache Entry: 85
ASCII text, with very long lines (3318)
downloaded
Chrome Cache Entry: 86
ASCII text, with very long lines (2410)
downloaded
Chrome Cache Entry: 87
ASCII text
downloaded
Chrome Cache Entry: 88
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 89
ASCII text, with very long lines (1395)
downloaded
Chrome Cache Entry: 90
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 91
SVG Scalable Vector Graphics image
downloaded
There are 34 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\stealc.exe
"C:\Users\user\Desktop\stealc.exe"
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2056,i,6275331821772207505,9419767013198167548,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2292,i,7694155308755989713,11847986718267216664,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2224,i,9051550203304740774,749963421846722884,262144 /prefetch:3
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\stealc.exe" & del "C:\ProgramData\*.dll"" & exit
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\timeout.exe
timeout /t 5

URLs

Name
IP
Malicious
http://64.95.13.166/c262c2557c712ca5/sqlite3.dll
64.95.13.166
malicious
http://64.95.13.166/c262c2557c712ca5/freebl3.dll
64.95.13.166
malicious
http://64.95.13.166/c262c2557c712ca5/msvcp140.dll
64.95.13.166
malicious
http://64.95.13.166/c262c2557c712ca5/nss3.dll
64.95.13.166
malicious
http://64.95.13.166/
64.95.13.166
malicious
http://64.95.13.166/c262c2557c712ca5/mozglue.dll
64.95.13.166
malicious
http://64.95.13.166/c262c2557c712ca5/softokn3.dll
64.95.13.166
malicious
http://64.95.13.166
unknown
malicious
http://64.95.13.166/c262c2557c712ca5/vcruntime140.dll
64.95.13.166
malicious
http://64.95.13.166/4c0eeee3a4b86b26.php
64.95.13.166
malicious
http://64.95.13.166/4c0eeee3a4b86b26.phpi
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://duckduckgo.com/ac/?q=
unknown
https://mozilla.org0/
unknown
http://www.broofa.com
unknown
http://64.95.13.166/c262c2557c712ca5/nss3.dllF
unknown
http://64.95.13.166/4c0eeee3a4b86b26.phphrome
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://www.google.com/async/newtab_promos
142.250.185.132
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
unknown
https://plus.google.com
unknown
http://64.95.13.166/4c0eeee3a4b86b26.phplication
unknown
https://www.google.com/async/ddljson?async=ntp:2
142.250.185.132
https://play.google.com/log?format=json&hasfast=true
172.217.16.206
http://64.95.13.166/c262c2557c712ca5/nss3.dlll
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.185.132
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0
142.250.186.78
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
http://64.95.13.166ppData
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.185.132
https://apis.google.com
unknown
https://support.mozilla.org
unknown
http://64.95.13.166/4c0eeee3a4b86b26.phps
unknown
http://64.95.13.166/c262c2557c712ca5/mozglue.dllR
unknown
http://64.95.13.166esY
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
unknown
https://domains.google.com/suggest/flow
unknown
http://www.sqlite.org/copyright.html.
unknown
https://clients6.google.com
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
unknown
There are 38 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
plus.l.google.com
142.250.186.78
play.google.com
172.217.16.206
www.google.com
142.250.185.132
apis.google.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.7
unknown
unknown
malicious
64.95.13.166
unknown
United States
malicious
142.250.186.78
plus.l.google.com
United States
172.217.16.206
play.google.com
United States
142.250.185.132
www.google.com
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
There are 3 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
D9E000
heap
page read and write
malicious
9EB000
unkown
page readonly
malicious
9EB000
unkown
page readonly
malicious
6CDD1000
unkown
page execute read
9C0000
unkown
page readonly
9449000
heap
page read and write
9C1000
unkown
page execute read
955A000
heap
page read and write
9420000
heap
page read and write
941F000
heap
page read and write
6CFAE000
unkown
page read and write
2FAC000
stack
page read and write
33B0000
heap
page read and write
941D000
heap
page read and write
B27000
unkown
page read and write
9440000
heap
page read and write
943F000
heap
page read and write
9440000
heap
page read and write
941F000
heap
page read and write
31EB000
stack
page read and write
61ED4000
direct allocation
page readonly
CF7000
heap
page read and write
9F7000
unkown
page write copy
109DF000
heap
page read and write
9600000
trusted library allocation
page read and write
2F6E000
stack
page read and write
700C1000
unkown
page execute read
1080000
heap
page read and write
99FB000
stack
page read and write
CF7000
heap
page read and write
9587000
heap
page read and write
941F000
heap
page read and write
CF7000
heap
page read and write
942A000
heap
page read and write
2D5F000
stack
page read and write
61ED3000
direct allocation
page read and write
30EC000
stack
page read and write
61ED0000
direct allocation
page read and write
9433000
heap
page read and write
E08000
heap
page read and write
9411000
heap
page read and write
941D000
heap
page read and write
9A16000
heap
page read and write
942C000
heap
page read and write
9433000
heap
page read and write
33A1000
heap
page read and write
CF7000
heap
page read and write
9440000
heap
page read and write
9420000
heap
page read and write
930000
heap
page read and write
DFA000
heap
page read and write
D3E000
stack
page read and write
27AC000
stack
page read and write
9540000
heap
page read and write
61E01000
direct allocation
page execute read
104CA000
heap
page read and write
2B7E000
stack
page read and write
941F000
heap
page read and write
941F000
heap
page read and write
105EB000
stack
page read and write
CF7000
heap
page read and write
108C000
heap
page read and write
9440000
heap
page read and write
CF7000
heap
page read and write
941D000
heap
page read and write
CF5000
heap
page read and write
61ECC000
direct allocation
page read and write
33A0000
heap
page read and write
9C1000
unkown
page execute read
941D000
heap
page read and write
95EA000
heap
page read and write
DFF000
heap
page read and write
A94000
unkown
page read and write
9449000
heap
page read and write
8FE000
stack
page read and write
9449000
heap
page read and write
942C000
heap
page read and write
322E000
stack
page read and write
CF7000
heap
page read and write
CF7000
heap
page read and write
700C0000
unkown
page readonly
944E000
heap
page read and write
957E000
heap
page read and write
CF7000
heap
page read and write
941D000
heap
page read and write
A75000
unkown
page read and write
941D000
heap
page read and write
9433000
heap
page read and write
6CFB0000
unkown
page read and write
9433000
heap
page read and write
CF7000
heap
page read and write
941D000
heap
page read and write
9970000
trusted library allocation
page read and write
941F000
heap
page read and write
61E00000
direct allocation
page execute and read and write
CF7000
heap
page read and write
942C000
heap
page read and write
9440000
heap
page read and write
CF7000
heap
page read and write
9433000
heap
page read and write
2D6F000
stack
page read and write
CF7000
heap
page read and write
8F2000
stack
page read and write
E55000
heap
page read and write
9438000
heap
page read and write
70152000
unkown
page readonly
3390000
heap
page read and write
CF7000
heap
page read and write
9500000
heap
page read and write
941F000
heap
page read and write
7013D000
unkown
page readonly
9433000
heap
page read and write
941F000
heap
page read and write
2E6F000
stack
page read and write
1042B000
stack
page read and write
61EB4000
direct allocation
page read and write
33A1000
heap
page read and write
94A7000
heap
page read and write
5DB000
stack
page read and write
34A0000
trusted library allocation
page read and write
9441000
heap
page read and write
941D000
heap
page read and write
61EB7000
direct allocation
page readonly
941F000
heap
page read and write
942A000
heap
page read and write
942B000
heap
page read and write
9440000
heap
page read and write
940C000
heap
page read and write
D9A000
heap
page read and write
958F000
heap
page read and write
954E000
heap
page read and write
9412000
heap
page read and write
9433000
heap
page read and write
941F000
heap
page read and write
9A0D000
heap
page read and write
9441000
heap
page read and write
2BE0000
heap
page read and write
F8F000
stack
page read and write
CF0000
heap
page read and write
941F000
heap
page read and write
7014E000
unkown
page read and write
9426000
heap
page read and write
940000
heap
page read and write
9A05000
heap
page read and write
9433000
heap
page read and write
9593000
heap
page read and write
CF7000
heap
page read and write
9400000
trusted library allocation
page read and write
46E0000
heap
page read and write
941D000
heap
page read and write
61ECD000
direct allocation
page readonly
99B0000
heap
page read and write
9407000
heap
page read and write
957C000
heap
page read and write
942A000
heap
page read and write
9440000
heap
page read and write
9449000
heap
page read and write
9438000
heap
page read and write
34A0000
heap
page read and write
9400000
trusted library allocation
page read and write
100E000
stack
page read and write
CF7000
heap
page read and write
9520000
heap
page read and write
9F7000
unkown
page write copy
9A13000
heap
page read and write
BF8000
unkown
page read and write
9427000
heap
page read and write
942B000
heap
page read and write
9427000
heap
page read and write
942C000
heap
page read and write
6CDD0000
unkown
page readonly
9A1E000
heap
page read and write
E00000
heap
page read and write
DDC000
heap
page read and write
941F000
heap
page read and write
9424000
heap
page read and write
E0D000
heap
page read and write
9770000
heap
page read and write
9404000
heap
page read and write
941D000
heap
page read and write
9440000
heap
page read and write
118E000
stack
page read and write
2A50000
heap
page read and write
9433000
heap
page read and write
941D000
heap
page read and write
966E000
stack
page read and write
940D000
heap
page read and write
9427000
heap
page read and write
942C000
heap
page read and write
9440000
heap
page read and write
2D1E000
stack
page read and write
2BE8000
heap
page read and write
30AC000
stack
page read and write
27ED000
stack
page read and write
941A000
heap
page read and write
941D000
heap
page read and write
9413000
heap
page read and write
9440000
heap
page read and write
9433000
heap
page read and write
CF7000
heap
page read and write
6CF6F000
unkown
page readonly
941F000
heap
page read and write
DCB000
heap
page read and write
CF7000
heap
page read and write
940C000
heap
page read and write
9422000
heap
page read and write
9442000
heap
page read and write
1083000
heap
page read and write
942B000
heap
page read and write
6CFAF000
unkown
page write copy
941D000
heap
page read and write
97D8000
heap
page read and write
CF7000
heap
page read and write
95DB000
heap
page read and write
941B000
heap
page read and write
1087000
heap
page read and write
9433000
heap
page read and write
9433000
heap
page read and write
9438000
heap
page read and write
2BBE000
stack
page read and write
942C000
heap
page read and write
9440000
heap
page read and write
104C0000
heap
page read and write
CF7000
heap
page read and write
C0A000
unkown
page readonly
E59000
heap
page read and write
8F8000
stack
page read and write
33ED000
heap
page read and write
941D000
heap
page read and write
332F000
stack
page read and write
2B30000
heap
page read and write
D40000
heap
page read and write
104E000
stack
page read and write
9400000
heap
page read and write
9433000
heap
page read and write
9440000
heap
page read and write
941F000
heap
page read and write
C0A000
unkown
page readonly
9440000
heap
page read and write
D90000
heap
page read and write
A90000
unkown
page read and write
9553000
heap
page read and write
9411000
heap
page read and write
940D000
heap
page read and write
9427000
heap
page read and write
CF7000
heap
page read and write
95C9000
heap
page read and write
9412000
heap
page read and write
FCE000
stack
page read and write
106EC000
stack
page read and write
941F000
heap
page read and write
9581000
heap
page read and write
942A000
heap
page read and write
CF7000
heap
page read and write
9440000
heap
page read and write
9442000
heap
page read and write
9433000
heap
page read and write
2BC0000
heap
page read and write
CF7000
heap
page read and write
9433000
heap
page read and write
9440000
heap
page read and write
6CFB5000
unkown
page readonly
9598000
heap
page read and write
9433000
heap
page read and write
941F000
heap
page read and write
9440000
heap
page read and write
941A000
heap
page read and write
A44000
unkown
page read and write
DFF000
heap
page read and write
98E000
stack
page read and write
9C0000
unkown
page readonly
976F000
stack
page read and write
941D000
heap
page read and write
There are 263 hidden memdumps, click here to show them.