Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
VisualStudioSetup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
 |
|
|
C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202405231229282350.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_24b8e7e77c3c4e358bd5e1de0726ac88.tmp
|
ASCII text, with very long lines (6080), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_24b8e7e77c3c4e358bd5e1de0726ac88.trn
(copy)
|
ASCII text, with very long lines (6080), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240523163000_631515a6268b4bc5adba92a40c352661.trn
(copy)
|
ASCII text, with very long lines (6080), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_98a010cee40f4f95af445d881a41a2d6.tmp
|
ASCII text, with very long lines (1776), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_98a010cee40f4f95af445d881a41a2d6.trn
(copy)
|
ASCII text, with very long lines (1776), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240525194707_c12eac8f38804f6bb862d19c21f1fcfe.trn
(copy)
|
ASCII text, with very long lines (1776), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_6c47a1a998644fd49bfd1efaf289c838.trn
(copy)
|
ASCII text, with very long lines (5264), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_86a9129f4885435c9ed3a73cbce6d3ba.tmp
|
ASCII text, with very long lines (5264), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240607185001_86a9129f4885435c9ed3a73cbce6d3ba.trn
(copy)
|
ASCII text, with very long lines (5264), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_3a72124a56384c98b712ff34cb5c41c9.tmp
|
ASCII text, with very long lines (3020), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_3a72124a56384c98b712ff34cb5c41c9.trn
(copy)
|
ASCII text, with very long lines (3020), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240614084043_7d750e310097423c95c14a6bca305e4e.trn
(copy)
|
ASCII text, with very long lines (3020), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_43ccb07acb9945aa9c8b44353104deb8.trn
(copy)
|
ASCII text, with very long lines (1780), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_6b5e978452e84cb397f54a326fe6931c.tmp
|
ASCII text, with very long lines (1780), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240616161207_6b5e978452e84cb397f54a326fe6931c.trn
(copy)
|
ASCII text, with very long lines (1780), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_b3cff21c83bf4353905574a9020524ee.trn
(copy)
|
ASCII text, with very long lines (3872), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_e0da717c5d50411ebf74d5aca452db70.tmp
|
ASCII text, with very long lines (3872), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240623062655_e0da717c5d50411ebf74d5aca452db70.trn
(copy)
|
ASCII text, with very long lines (3872), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_0a458ab2b67549ab921d5e4199c0b68e.tmp
|
ASCII text, with very long lines (2372), with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_0a458ab2b67549ab921d5e4199c0b68e.trn
(copy)
|
ASCII text, with very long lines (2372), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20240625142858_5f3fe5b349b74f4c8f0b9c89bf97638f.trn
(copy)
|
ASCII text, with very long lines (2372), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\RemoteSettings_Installer[1].cache
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\dyntelconfig[1].cache
|
ASCII text, with very long lines (20426), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1028\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1029\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1031\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1033\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1036\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1040\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1041\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1042\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1045\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1046\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1049\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\1055\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\2052\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\HelpFile\3082\help.html
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.Broker.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.Extensions.Msal.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.NativeInterop.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.Identity.Client.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.IdentityModel.Abstractions.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\Newtonsoft.Json.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Memory.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\VSInstallerElevationService.Contracts.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\cs\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\de\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\detection.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\es\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\fr\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\it\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ja\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ko\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\pl\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\pt-BR\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\ru\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-arm64\native\msalruntime_arm64.dll
|
PE32+ executable (DLL) (console) Aarch64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-x64\native\msalruntime.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\runtimes\win-x86\native\msalruntime_x86.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\tr\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.config
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\zh-Hans\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\zh-Hant\vs_setup_bootstrapper.resources.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\dd_VisualStudioSetup_decompression_log.txt
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\dd_bootstrapper_20240523122858.log
|
ASCII text, with very long lines (311), with CRLF line terminators
|
dropped
|
There are 69 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
|
"C:\Users\user\AppData\Local\Temp\0912109488e5fc596ed0\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\user\Desktop\VisualStudioSetup.exe
_SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\user\Desktop"
|
|
|
|
C:\Windows\SysWOW64\getmac.exe
|
"getmac"
|
|
|
|
C:\Users\user\Desktop\VisualStudioSetup.exe
|
"C:\Users\user\Desktop\VisualStudioSetup.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
|
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47
|
unknown
|
||
|
https://aka.ms/net-cache-persistence-errors.
|
unknown
|
||
|
https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnet
|
unknown
|
||
|
http://www.tagvault.org/tv_extensions.xsd
|
unknown
|
||
|
https://aka.ms/msal-net-authority-override
|
unknown
|
||
|
https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnetf
|
unknown
|
||
|
http://aka.ms/msal-net-iwa
|
unknown
|
||
|
http://aka.ms/valid-authorities
|
unknown
|
||
|
https://aka.ms/msal-client-apps
|
unknown
|
||
|
https://aka.ms/msal-net-enable-keychain-access
|
unknown
|
||
|
https://dc.services.visualstudio.com/v2/trackWDequeueAndSend:
|
unknown
|
||
|
https://aka.ms/msal-net-wam#parent-window-handles
|
unknown
|
||
|
https://devdiv.visualstudio.com/DevDiv/_git/VSRemoteControl
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trusthttp://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey
|
unknown
|
||
|
https://aka.ms/msal-net-iwa-troubleshooting
|
unknown
|
||
|
https://aka.ms/msal-net-custom-instance-metadata
|
unknown
|
||
|
https://aka.ms/msal-net-throttling.JNo
|
unknown
|
||
|
http://standards.iso.org/iso/19770/-2/2009/schema.xsd
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueMEX
|
unknown
|
||
|
https://aka.ms/msal-net-signed-assertion.
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/http
|
unknown
|
||
|
https://aka.ms/msal-net-ios-13-broker
|
unknown
|
||
|
https://aka.ms/VSSetupErrorReports?q=
|
unknown
|
||
|
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
|
unknown
|
||
|
https://aka.ms/msal-net-3-breaking-changes.
|
unknown
|
||
|
https://aka.ms/msal-net-up
|
unknown
|
||
|
https://login.microsoftonline.com/consumersinvalidEnvwinrtExceptionsucceededinvalidCodemissingWindow
|
unknown
|
||
|
https://sso2urn:ietf:wg:oauth:2.0:oobxhttps://login.microsoftonline.com/common/oauth2/nativeclient
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://aka.ms/msal-net-application-configuration
|
unknown
|
||
|
https://aka.ms/vs/arm64SSU
|
unknown
|
||
|
https://aka.ms/msal-net-b2c
|
unknown
|
||
|
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer
|
unknown
|
||
|
https://aka.ms/msal-net-pop
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsds:mustUnderstandwss
|
unknown
|
||
|
https://aka.ms/Brokered-Authentication-for-Android.
|
unknown
|
||
|
https://login.microsoftonline.com/dsts/
|
unknown
|
||
|
https://aka.ms/msal-net-3x-cache-breaking-change).
|
unknown
|
||
|
https://aka.ms/vs/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueWhttp://schemas.xmlsoap.org/ws/2005/02/trustsht
|
unknown
|
||
|
http://169.254.169.254/metadata/identity/oauth2/token
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/IssueBuilding
|
unknown
|
||
|
https://www.nuget.org/packages/Microsoft.Identity.Client/
|
unknown
|
||
|
https://aka.ms/msal-brokers
|
unknown
|
||
|
https://aka.ms/msal-net-ropc
|
unknown
|
||
|
https://aka.ms/VSSetupErrorReports?q=InstallerUpdateLoop
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdJurn:oasis:names:t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/Issuehttp://schemas.xmlsoap.org/ws/2005/05/identity/NoPr
|
unknown
|
||
|
https://login.microsoftonline.com/commonSetCorrelationIdd
|
unknown
|
||
|
https://aka.ms/msal-net-xamarin
|
unknown
|
||
|
https://aka.ms/msal-net-application-configuration.
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey
|
unknown
|
||
|
https://aka.ms/msal-net-pop.
|
unknown
|
||
|
https://login.microsoftonline.com/common/-invalid_authority_type=Unsupported
|
unknown
|
||
|
https://aka.ms/vs/arm/DriveAccessibilityCheckmPrecheck:
|
unknown
|
||
|
https://www.newtonsoft.com/jsonschema
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
|
unknown
|
||
|
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issuewsdl:definitionswsp:PolicyxmlUnable
|
unknown
|
||
|
https://aka.ms/msal-net-client-credentials
|
unknown
|
||
|
https://aka.ms/msal-net-logging.
|
unknown
|
||
|
https://aka.ms/msal-net-cca-token-cache-serialization
|
unknown
|
||
|
https://marketplace.visualstudio.com
|
unknown
|
||
|
https://login.microsoftonline.com=https://login.chinacloudapi.cnAhttps://login.microsoftonline.deAht
|
unknown
|
||
|
https://aka.ms/vs/install/latest/installer
|
unknown
|
||
|
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet
|
unknown
|
||
|
https://go.m
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuehttp://docs.oasis-open.org/ws-sx/ws-trust/20051
|
unknown
|
||
|
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet7
|
unknown
|
||
|
https://aka.ms/msal-net-4x-cache-breaking-change
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/nativeclient3urn:ietf:wg:oauth:2.0:oob
|
unknown
|
||
|
https://aka.ms/vs/config/v2/
|
unknown
|
||
|
https://aka.ms/vs/installer/latest/feed
|
unknown
|
||
|
https://devdiv.visualstudio.com/DevDiv/_git/CommonInternalUtilities
|
unknown
|
||
|
https://aka.ms/msal-net-invalid-client
|
unknown
|
||
|
https://aka.ms/msal-net-long-running-obo
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/httpsoap12:bindingFound
|
unknown
|
||
|
https://aka.ms/msal-net-3x-cache-breaking-changea
|
unknown
|
||
|
https://aka.ms/vs/17/release/installer
|
unknown
|
||
|
http://aka.ms/vs/setup/layout/errors/missingpackages)
|
unknown
|
||
|
https://aka.ms/msal-net-client-credentials.
|
unknown
|
||
|
https://aka.ms/msal-net-up.
|
unknown
|
||
|
https://aka.ms/vs/cleanup
|
unknown
|
||
|
https://www.newtonsoft.com/json
|
unknown
|
||
|
https://aka.ms/msal-net/ccsRouting.
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust
|
unknown
|
||
|
https://dc.services.visualstudio.com/v2/track
|
unknown
|
||
|
https://aka.ms/vs/arm
|
unknown
|
||
|
https://aka.ms/msal-net-iwa
|
unknown
|
||
|
https://login.microsoftonline.com/consumers
|
unknown
|
||
|
https://aka.ms/adal_token_cache_serialization.
|
unknown
|
||
|
https://github.com/dotnet/corefx/tree/32b4919
|
unknown
|
||
|
https://aka.ms/msal-net-wam
|
unknown
|
||
|
https://aka.ms/VSSetupErrorReports?q=InstallerUpdateLoop-InstallVersionHelpLinkUhttps://aka.ms/vs/in
|
unknown
|
||
|
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
|
unknown
|
||
|
https://aka.ms/msal-net-region-discovery
|
unknown
|
||
|
https://aka.ms/msal-net-webview2
|
unknown
|
||
|
https://aka.ms/vs/installer/latest/feed)latestInstaller.json
|
unknown
|
||
|
http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://micros
|
unknown
|
||
|
https://aka.ms/vs/channels3packageProgressCollection
|
unknown
|
||
|
https://login.microsoftonline.com/consumersinvalidEnvfailedaadinvalidCodemissingWindowHandleservice:
|
unknown
|
There are 90 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\Telemetry
|
UseCollector
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\Telemetry\Default\v2
|
UseCollector
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\vs_setup_bootstrapper_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\Telemetry
|
VS.Core.Machine.VirtualMachineType
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\Telemetry\PersistentPropertyBag
|
mac.address
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features
|
__comment
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features
|
RecommendSel
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\SortWklds*
|
0:SortWklds:Flight.VSWSortWklds
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\SortWklds*
|
1:SortWklds
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\RecWklds*
|
0:RecWklds:Flight.VSWRecWklds
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\RecWklds*
|
1:RecWklds
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features
|
Surveys
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\ShowBitrate*
|
0:ShowBitrate:Flight.VSWShowBitrate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\ShowBitrate*
|
1:ShowBitrate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\CloudFirstDesc*
|
0:CloudFirstDesc:Flight.VSWCloudFirstDesc
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\CloudFirstDesc*
|
1:CloudFirstDesc
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\CloudNativeDesc*
|
0:CloudNativeDesc:Flight.VSWCloudNativeDesc
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\CloudNativeDesc*
|
1:CloudNativeDesc
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features
|
InstallationOptionsPageKS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\ProblemsDlgRetry*
|
0:ProblemsDlgRetry:Flight.VSWProblemsDlgRetry
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\ProblemsDlgRetry*
|
1:ProblemsDlgRetry
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features
|
CommonError
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features
|
DownloadThenUpdate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features
|
BackgroundDownload
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features
|
EnableVSIXV1Block
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\SynchronousNgenForP1Activities*
|
0:SynchronousNgenForP1Activities:Flight.VSSyncNgenTF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\SynchronousNgenForP1Activities*
|
1:SynchronousNgenForP1Activities
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\WhatsNewProgressLink*
|
0:WhatsNewProgressLink:Flight.VSWWhatsNewLink
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\WhatsNewProgressLink*
|
1:WhatsNewProgressLink
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\UseNewInstaller*
|
0:UseNewInstaller:Version.Major > 2 || (Version.Major == 2 && Version.Minor >= 9)
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\UseNewInstaller*
|
1:UseNewInstaller
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\UninstallBanner*
|
0:UninstallBanner:Flight.VSWUninstallBanner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\UninstallBanner*
|
1:UninstallBanner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features
|
IfModifiedSince
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\Rollback*
|
0:Rollback:Version.Major > 3 || (Version.Major == 3 && Version.Minor >= 4)
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\Rollback*
|
1:Rollback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\EnableExtensionEngineVsixInstallerDecoupling*
|
0:EnableExtensionEngineVsixInstallerDecoupling:Version.Major > 17 || (Version.Major == 17 && Version.Minor >= 6)
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Features\EnableExtensionEngineVsixInstallerDecoupling*
|
1:EnableExtensionEngineVsixInstallerDecoupling
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Variables
|
BatteryPercentage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Variables
|
DiskSpacePercentageRemaining
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Variables
|
DiskSpaceSizeRemaining
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Variables
|
CreateRestorePointTimeout
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Variables\ConcurrentDownloads*
|
0:ConcurrentDownloads:Flight.VSWConcurrentDownloads_6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Variables\ConcurrentDownloads*
|
1:ConcurrentDownloads:Flight.VSWConcurrentDownloads_10
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Variables\ConcurrentDownloads*
|
2:ConcurrentDownloads:Flight.VSWConcurrentDownloads_2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json\420\Installer\Variables\ConcurrentDownloads*
|
3:ConcurrentDownloads
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json
|
FileVersion
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\RemoteSettings_Installer.json
|
SettingsVersion
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\vs-bootstrapper\3.10.2154.60269\Installer\Features
|
Rollback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\vs-bootstrapper\3.10.2154.60269\Installer\Features
|
Rollback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\vs-bootstrapper\3.10.2154.60269\Installer\Features
|
Rollback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\vs-bootstrapper\3.10.2154.60269\Installer\Features
|
Rollback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\vs-bootstrapper\3.10.2154.60269\Installer\Features
|
Rollback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\vs-bootstrapper\3.10.2154.60269\Installer\Features
|
Rollback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\vs-bootstrapper\3.10.2154.60269\Installer\Features
|
Rollback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\vs-bootstrapper\3.10.2154.60269\Installer\Features
|
Rollback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\vs-bootstrapper\3.10.2154.60269\Installer\Features
|
Rollback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\RemoteSettings\vs-bootstrapper\3.10.2154.60269\Installer\Features
|
Rollback
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VisualStudio\Telemetry\Default\v2
|
UseCollector
|
There are 64 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
33C6000
|
heap
|
page read and write
|
||
|
C1C2000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
C1DD000
|
heap
|
page read and write
|
||
|
C137000
|
heap
|
page read and write
|
||
|
5A20000
|
unkown
|
page readonly
|
||
|
7CCD000
|
heap
|
page read and write
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
E3FC000
|
stack
|
page read and write
|
||
|
5FB0000
|
heap
|
page read and write
|
||
|
C151000
|
heap
|
page read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page read and write
|
||
|
5B9D000
|
stack
|
page read and write
|
||
|
61B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
66D0000
|
heap
|
page read and write
|
||
|
55D0000
|
unkown
|
page readonly
|
||
|
5130000
|
unkown
|
page readonly
|
||
|
59B0000
|
unkown
|
page readonly
|
||
|
2DE0000
|
trusted library allocation
|
page read and write
|
||
|
F42000
|
trusted library allocation
|
page read and write
|
||
|
4BF7000
|
heap
|
page read and write
|
||
|
5EC000
|
stack
|
page read and write
|
||
|
5962000
|
unkown
|
page readonly
|
||
|
901000
|
unkown
|
page execute read
|
||
|
5442000
|
unkown
|
page readonly
|
||
|
115E000
|
stack
|
page read and write
|
||
|
1167000
|
heap
|
page read and write
|
||
|
C09A000
|
heap
|
page read and write
|
||
|
DBF000
|
heap
|
page read and write
|
||
|
5A22000
|
unkown
|
page readonly
|
||
|
5E5A000
|
stack
|
page read and write
|
||
|
823B000
|
stack
|
page read and write
|
||
|
7CFC000
|
heap
|
page read and write
|
||
|
6AE5000
|
heap
|
page read and write
|
||
|
4A10000
|
heap
|
page read and write
|
||
|
4EAF000
|
stack
|
page read and write
|
||
|
5990000
|
trusted library allocation
|
page read and write
|
||
|
BF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F4F000
|
stack
|
page read and write
|
||
|
3374000
|
heap
|
page read and write
|
||
|
68C0000
|
trusted library allocation
|
page read and write
|
||
|
7F431000
|
trusted library allocation
|
page execute read
|
||
|
8260000
|
trusted library allocation
|
page execute and read and write
|
||
|
DB9000
|
heap
|
page read and write
|
||
|
7BD8000
|
heap
|
page read and write
|
||
|
C12A000
|
heap
|
page read and write
|
||
|
68B0000
|
heap
|
page execute and read and write
|
||
|
5E60000
|
heap
|
page read and write
|
||
|
6D04000
|
heap
|
page read and write
|
||
|
F4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
C104000
|
heap
|
page read and write
|
||
|
3365000
|
heap
|
page read and write
|
||
|
619D000
|
stack
|
page read and write
|
||
|
50BC000
|
stack
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
C128000
|
heap
|
page read and write
|
||
|
7B84000
|
heap
|
page read and write
|
||
|
7C3D000
|
heap
|
page read and write
|
||
|
C0BD000
|
heap
|
page read and write
|
||
|
78F2000
|
heap
|
page read and write
|
||
|
55E0000
|
unkown
|
page readonly
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
7A0D000
|
stack
|
page read and write
|
||
|
A7B3000
|
heap
|
page read and write
|
||
|
7F430000
|
trusted library allocation
|
page readonly
|
||
|
6670000
|
heap
|
page read and write
|
||
|
6B29000
|
heap
|
page read and write
|
||
|
4C87000
|
heap
|
page read and write
|
||
|
7F45A000
|
trusted library allocation
|
page execute read
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
2E86000
|
trusted library allocation
|
page read and write
|
||
|
5C5D000
|
unkown
|
page read and write
|
||
|
34BF000
|
stack
|
page read and write
|
||
|
595A000
|
stack
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
67DE000
|
stack
|
page read and write
|
||
|
C0C4000
|
heap
|
page read and write
|
||
|
C27D000
|
heap
|
page read and write
|
||
|
4BF2000
|
heap
|
page read and write
|
||
|
2A11000
|
trusted library allocation
|
page read and write
|
||
|
4A0E000
|
stack
|
page read and write
|
||
|
7BAC000
|
heap
|
page read and write
|
||
|
BEE0000
|
trusted library allocation
|
page read and write
|
||
|
8573000
|
heap
|
page read and write
|
||
|
CFD0000
|
trusted library allocation
|
page read and write
|
||
|
4FA0000
|
trusted library allocation
|
page read and write
|
||
|
80FB000
|
stack
|
page read and write
|
||
|
7E0C000
|
stack
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page read and write
|
||
|
66D5000
|
heap
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
C158000
|
heap
|
page read and write
|
||
|
5F2000
|
unkown
|
page readonly
|
||
|
52DE000
|
stack
|
page read and write
|
||
|
C176000
|
heap
|
page read and write
|
||
|
C155000
|
heap
|
page read and write
|
||
|
3A33000
|
trusted library allocation
|
page read and write
|
||
|
67F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E45000
|
trusted library allocation
|
page read and write
|
||
|
DFFC000
|
stack
|
page read and write
|
||
|
C15A000
|
heap
|
page read and write
|
||
|
72DE000
|
stack
|
page read and write
|
||
|
5CDD000
|
unkown
|
page read and write
|
||
|
813D000
|
stack
|
page read and write
|
||
|
4C69000
|
heap
|
page read and write
|
||
|
93B000
|
unkown
|
page readonly
|
||
|
7B5B000
|
heap
|
page read and write
|
||
|
FF7000
|
heap
|
page read and write
|
||
|
2B93000
|
trusted library allocation
|
page read and write
|
||
|
2B3B000
|
trusted library allocation
|
page read and write
|
||
|
AF9D000
|
heap
|
page read and write
|
||
|
7F45E000
|
trusted library allocation
|
page execute read
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
6A88000
|
stack
|
page read and write
|
||
|
4C93000
|
heap
|
page read and write
|
||
|
7F432000
|
trusted library allocation
|
page readonly
|
||
|
654E000
|
stack
|
page read and write
|
||
|
2B64000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page read and write
|
||
|
D8B000
|
stack
|
page read and write
|
||
|
C010000
|
heap
|
page read and write
|
||
|
BF20000
|
trusted library allocation
|
page read and write
|
||
|
C2A4000
|
heap
|
page read and write
|
||
|
6ECD000
|
stack
|
page read and write
|
||
|
C2FF000
|
heap
|
page read and write
|
||
|
CFB0000
|
trusted library allocation
|
page read and write
|
||
|
C1FC000
|
heap
|
page read and write
|
||
|
7B64000
|
heap
|
page read and write
|
||
|
55B0000
|
heap
|
page execute and read and write
|
||
|
C237000
|
heap
|
page read and write
|
||
|
D19D000
|
stack
|
page read and write
|
||
|
30BB000
|
trusted library allocation
|
page read and write
|
||
|
B1DC000
|
heap
|
page read and write
|
||
|
6C0D000
|
stack
|
page read and write
|
||
|
DDFB000
|
stack
|
page read and write
|
||
|
6B27000
|
heap
|
page read and write
|
||
|
337F000
|
heap
|
page read and write
|
||
|
5C9D000
|
unkown
|
page read and write
|
||
|
6F30000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
7BBE000
|
heap
|
page read and write
|
||
|
C092000
|
heap
|
page read and write
|
||
|
C30E000
|
heap
|
page read and write
|
||
|
7BCA000
|
heap
|
page read and write
|
||
|
55D2000
|
unkown
|
page readonly
|
||
|
C31A000
|
heap
|
page read and write
|
||
|
7F44E000
|
trusted library allocation
|
page readonly
|
||
|
60DC000
|
unkown
|
page readonly
|
||
|
4BFD000
|
heap
|
page read and write
|
||
|
C7A0000
|
trusted library allocation
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
3077000
|
trusted library allocation
|
page read and write
|
||
|
78D0000
|
heap
|
page read and write
|
||
|
78C8000
|
stack
|
page read and write
|
||
|
7B10000
|
heap
|
page read and write
|
||
|
D040000
|
trusted library allocation
|
page read and write
|
||
|
7F459000
|
trusted library allocation
|
page readonly
|
||
|
D730000
|
trusted library allocation
|
page read and write
|
||
|
6120000
|
trusted library allocation
|
page read and write
|
||
|
78F4000
|
heap
|
page read and write
|
||
|
83AC000
|
stack
|
page read and write
|
||
|
790D000
|
heap
|
page read and write
|
||
|
7B8D000
|
heap
|
page read and write
|
||
|
5A1D000
|
stack
|
page read and write
|
||
|
D282000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
60B0000
|
trusted library allocation
|
page read and write
|
||
|
4BF5000
|
heap
|
page read and write
|
||
|
CED000
|
stack
|
page read and write
|
||
|
6150000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B1E000
|
stack
|
page read and write
|
||
|
7B52000
|
heap
|
page read and write
|
||
|
6E8000
|
stack
|
page read and write
|
||
|
7BA3000
|
heap
|
page read and write
|
||
|
4BD7000
|
heap
|
page read and write
|
||
|
C2AE000
|
heap
|
page read and write
|
||
|
C184000
|
heap
|
page read and write
|
||
|
C153000
|
heap
|
page read and write
|
||
|
C0F7000
|
heap
|
page read and write
|
||
|
5C1D000
|
stack
|
page read and write
|
||
|
C135000
|
heap
|
page read and write
|
||
|
3074000
|
trusted library allocation
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
7F460000
|
trusted library allocation
|
page execute and read and write
|
||
|
C12D000
|
heap
|
page read and write
|
||
|
6200000
|
trusted library allocation
|
page execute and read and write
|
||
|
10CB000
|
trusted library allocation
|
page read and write
|
||
|
D050000
|
trusted library allocation
|
page read and write
|
||
|
6D4D000
|
stack
|
page read and write
|
||
|
1008000
|
trusted library allocation
|
page read and write
|
||
|
9EC0000
|
trusted library allocation
|
page read and write
|
||
|
F47000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C4B000
|
stack
|
page read and write
|
||
|
2B4B000
|
trusted library allocation
|
page read and write
|
||
|
B7CD000
|
heap
|
page read and write
|
||
|
C200000
|
heap
|
page read and write
|
||
|
7F449000
|
trusted library allocation
|
page execute read
|
||
|
7B9E000
|
heap
|
page read and write
|
||
|
53F0000
|
unkown
|
page readonly
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
7F44D000
|
trusted library allocation
|
page execute read
|
||
|
6830000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C87000
|
heap
|
page read and write
|
||
|
D080000
|
trusted library allocation
|
page read and write
|
||
|
7F458000
|
trusted library allocation
|
page execute read
|
||
|
6C6D0000
|
unkown
|
page readonly
|
||
|
C29C000
|
heap
|
page read and write
|
||
|
D08000
|
heap
|
page read and write
|
||
|
68D0000
|
trusted library allocation
|
page read and write
|
||
|
7E82000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
unkown
|
page readonly
|
||
|
61E0000
|
trusted library allocation
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
2BA8000
|
trusted library allocation
|
page read and write
|
||
|
82AE000
|
stack
|
page read and write
|
||
|
2B8F000
|
trusted library allocation
|
page read and write
|
||
|
C192000
|
heap
|
page read and write
|
||
|
6130000
|
trusted library allocation
|
page read and write
|
||
|
C164000
|
heap
|
page read and write
|
||
|
F80000
|
trusted library allocation
|
page read and write
|
||
|
3364000
|
heap
|
page read and write
|
||
|
6874000
|
trusted library allocation
|
page read and write
|
||
|
7F450000
|
trusted library allocation
|
page execute read
|
||
|
D2B000
|
heap
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
3397000
|
heap
|
page read and write
|
||
|
60D2000
|
unkown
|
page readonly
|
||
|
DCFB000
|
stack
|
page read and write
|
||
|
55C1000
|
trusted library allocation
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
CFA0000
|
trusted library allocation
|
page read and write
|
||
|
C2EE000
|
heap
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
C0D3000
|
heap
|
page read and write
|
||
|
F36000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B45000
|
heap
|
page read and write
|
||
|
F14000
|
trusted library allocation
|
page read and write
|
||
|
5980000
|
trusted library allocation
|
page read and write
|
||
|
5132000
|
unkown
|
page readonly
|
||
|
7F44B000
|
trusted library allocation
|
page execute read
|
||
|
3A35000
|
trusted library allocation
|
page read and write
|
||
|
7F448000
|
trusted library allocation
|
page readonly
|
||
|
4C02000
|
heap
|
page read and write
|
||
|
C68D000
|
stack
|
page read and write
|
||
|
607A000
|
heap
|
page read and write
|
||
|
3348000
|
heap
|
page read and write
|
||
|
4B4E000
|
stack
|
page read and write
|
||
|
7EB0000
|
trusted library allocation
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
6B62000
|
heap
|
page read and write
|
||
|
7B6B000
|
heap
|
page read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
C17B000
|
heap
|
page read and write
|
||
|
C13B000
|
heap
|
page read and write
|
||
|
4BD3000
|
heap
|
page read and write
|
||
|
6770000
|
heap
|
page read and write
|
||
|
7CAF000
|
heap
|
page read and write
|
||
|
6C6E2000
|
unkown
|
page readonly
|
||
|
900000
|
unkown
|
page readonly
|
||
|
6862000
|
trusted library allocation
|
page read and write
|
||
|
5960000
|
unkown
|
page readonly
|
||
|
C6A0000
|
heap
|
page execute and read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
7F45C000
|
trusted library allocation
|
page execute read
|
||
|
C041000
|
heap
|
page read and write
|
||
|
7F455000
|
trusted library allocation
|
page readonly
|
||
|
2E5C000
|
trusted library allocation
|
page read and write
|
||
|
6820000
|
trusted library allocation
|
page read and write
|
||
|
111C000
|
stack
|
page read and write
|
||
|
60F0000
|
trusted library allocation
|
page read and write
|
||
|
60C0000
|
trusted library allocation
|
page read and write
|
||
|
C0F5000
|
heap
|
page read and write
|
||
|
6DCB000
|
stack
|
page read and write
|
||
|
3A1E000
|
trusted library allocation
|
page read and write
|
||
|
C161000
|
heap
|
page read and write
|
||
|
6886000
|
trusted library allocation
|
page read and write
|
||
|
4C97000
|
heap
|
page read and write
|
||
|
7F433000
|
trusted library allocation
|
page execute read
|
||
|
4F8C000
|
stack
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
76BC000
|
stack
|
page read and write
|
||
|
4BB8000
|
heap
|
page read and write
|
||
|
870F000
|
stack
|
page read and write
|
||
|
60E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DB5000
|
trusted library allocation
|
page read and write
|
||
|
C313000
|
heap
|
page read and write
|
||
|
6D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
C121000
|
heap
|
page read and write
|
||
|
7B66000
|
heap
|
page read and write
|
||
|
F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F451000
|
trusted library allocation
|
page readonly
|
||
|
B37A000
|
heap
|
page read and write
|
||
|
C148000
|
heap
|
page read and write
|
||
|
F13000
|
trusted library allocation
|
page execute and read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
4A30000
|
heap
|
page read and write
|
||
|
C22D000
|
heap
|
page read and write
|
||
|
2AC4000
|
trusted library allocation
|
page read and write
|
||
|
2AD8000
|
trusted library allocation
|
page read and write
|
||
|
C54D000
|
stack
|
page read and write
|
||
|
7F441000
|
trusted library allocation
|
page execute read
|
||
|
84AC000
|
stack
|
page read and write
|
||
|
F1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
BFBD000
|
stack
|
page read and write
|
||
|
62A000
|
unkown
|
page readonly
|
||
|
30C7000
|
trusted library allocation
|
page read and write
|
||
|
6C6EB000
|
unkown
|
page readonly
|
||
|
DCC000
|
stack
|
page read and write
|
||
|
DA2D000
|
stack
|
page read and write
|
||
|
10B6000
|
trusted library allocation
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A37000
|
trusted library allocation
|
page read and write
|
||
|
4FB3000
|
heap
|
page read and write
|
||
|
66C0000
|
heap
|
page read and write
|
||
|
F10000
|
trusted library allocation
|
page read and write
|
||
|
C2BB000
|
heap
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
969A000
|
heap
|
page read and write
|
||
|
7CE0000
|
heap
|
page read and write
|
||
|
C073000
|
heap
|
page read and write
|
||
|
4FA2000
|
trusted library allocation
|
page read and write
|
||
|
7F1A000
|
trusted library allocation
|
page read and write
|
||
|
5FB7000
|
heap
|
page read and write
|
||
|
C086000
|
heap
|
page read and write
|
||
|
7C0A000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
585E000
|
stack
|
page read and write
|
||
|
4C77000
|
heap
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
76D0000
|
heap
|
page read and write
|
||
|
3397000
|
heap
|
page read and write
|
||
|
3357000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
3374000
|
heap
|
page read and write
|
||
|
C21F000
|
heap
|
page read and write
|
||
|
C0F1000
|
heap
|
page read and write
|
||
|
5440000
|
unkown
|
page readonly
|
||
|
7E6000
|
stack
|
page read and write
|
||
|
630D000
|
stack
|
page read and write
|
||
|
6810000
|
trusted library allocation
|
page execute and read and write
|
||
|
5ACE000
|
unkown
|
page readonly
|
||
|
900000
|
unkown
|
page readonly
|
||
|
7F10000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
7F444000
|
trusted library allocation
|
page readonly
|
||
|
3391000
|
heap
|
page read and write
|
||
|
BFFD000
|
stack
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
686F000
|
trusted library allocation
|
page read and write
|
||
|
93B000
|
unkown
|
page readonly
|
||
|
347E000
|
stack
|
page read and write
|
||
|
E4FC000
|
stack
|
page read and write
|
||
|
7F447000
|
trusted library allocation
|
page execute read
|
||
|
7B68000
|
heap
|
page read and write
|
||
|
C58E000
|
stack
|
page read and write
|
||
|
7B0C000
|
stack
|
page read and write
|
||
|
ADD000
|
stack
|
page read and write
|
||
|
4B0C000
|
stack
|
page read and write
|
||
|
7E70000
|
trusted library allocation
|
page read and write
|
||
|
2B53000
|
trusted library allocation
|
page read and write
|
||
|
7C6A000
|
heap
|
page read and write
|
||
|
D820000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BCE000
|
stack
|
page read and write
|
||
|
D7F0000
|
trusted library allocation
|
page read and write
|
||
|
2DDC000
|
trusted library allocation
|
page read and write
|
||
|
4C97000
|
heap
|
page read and write
|
||
|
F45000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F452000
|
trusted library allocation
|
page execute read
|
||
|
7B89000
|
heap
|
page read and write
|
||
|
C1F4000
|
heap
|
page read and write
|
||
|
4C65000
|
heap
|
page read and write
|
||
|
C233000
|
heap
|
page read and write
|
||
|
7F454000
|
trusted library allocation
|
page execute read
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
31F5000
|
heap
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
7F0E000
|
stack
|
page read and write
|
||
|
D020000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
2B9C000
|
trusted library allocation
|
page read and write
|
||
|
6A9E000
|
heap
|
page read and write
|
||
|
BDA9000
|
heap
|
page read and write
|
||
|
4DAF000
|
stack
|
page read and write
|
||
|
C298000
|
heap
|
page read and write
|
||
|
D060000
|
trusted library allocation
|
page read and write
|
||
|
4C67000
|
heap
|
page read and write
|
||
|
C15C000
|
heap
|
page read and write
|
||
|
7C12000
|
heap
|
page read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
7660000
|
trusted library allocation
|
page read and write
|
||
|
6690000
|
heap
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
939000
|
unkown
|
page write copy
|
||
|
A9D000
|
stack
|
page read and write
|
||
|
2BA4000
|
trusted library allocation
|
page read and write
|
||
|
3356000
|
heap
|
page read and write
|
||
|
4BCD000
|
heap
|
page read and write
|
||
|
6B31000
|
heap
|
page read and write
|
||
|
C215000
|
heap
|
page read and write
|
||
|
C0C2000
|
heap
|
page read and write
|
||
|
60D0000
|
unkown
|
page readonly
|
||
|
939000
|
unkown
|
page read and write
|
||
|
2B62000
|
trusted library allocation
|
page read and write
|
||
|
78FB000
|
heap
|
page read and write
|
||
|
7E4D000
|
stack
|
page read and write
|
||
|
7E50000
|
trusted library allocation
|
page execute and read and write
|
||
|
CFC0000
|
trusted library allocation
|
page read and write
|
||
|
DBD000
|
heap
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
5EAE000
|
stack
|
page read and write
|
||
|
7670000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D00000
|
heap
|
page read and write
|
||
|
7BFA000
|
heap
|
page read and write
|
||
|
7CC0000
|
heap
|
page read and write
|
||
|
FDE000
|
stack
|
page read and write
|
||
|
D9F000
|
heap
|
page read and write
|
||
|
78F8000
|
heap
|
page read and write
|
||
|
C207000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
6F2D000
|
stack
|
page read and write
|
||
|
7CC2000
|
heap
|
page read and write
|
||
|
6850000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
7E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
6140000
|
trusted library allocation
|
page read and write
|
||
|
353F000
|
stack
|
page read and write
|
||
|
7F456000
|
trusted library allocation
|
page execute read
|
||
|
BF7D000
|
stack
|
page read and write
|
||
|
5D5C000
|
stack
|
page read and write
|
||
|
6070000
|
heap
|
page read and write
|
||
|
2EDB000
|
trusted library allocation
|
page read and write
|
||
|
6857000
|
trusted library allocation
|
page read and write
|
||
|
6840000
|
trusted library allocation
|
page read and write
|
||
|
C1B4000
|
heap
|
page read and write
|
||
|
7B5F000
|
heap
|
page read and write
|
||
|
901000
|
unkown
|
page execute read
|
||
|
D39000
|
heap
|
page read and write
|
||
|
4F9D000
|
trusted library allocation
|
page read and write
|
||
|
2E3E000
|
trusted library allocation
|
page read and write
|
||
|
C44E000
|
stack
|
page read and write
|
||
|
6EE0000
|
trusted library allocation
|
page read and write
|
||
|
D030000
|
trusted library allocation
|
page read and write
|
||
|
7F44F000
|
trusted library allocation
|
page execute read
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
A6A3000
|
heap
|
page read and write
|
||
|
5110000
|
unkown
|
page readonly
|
||
|
8FD000
|
stack
|
page read and write
|
||
|
33CE000
|
heap
|
page read and write
|
||
|
2B3E000
|
trusted library allocation
|
page read and write
|
||
|
6C6E9000
|
unkown
|
page read and write
|
||
|
2A90000
|
trusted library allocation
|
page read and write
|
||
|
7F445000
|
trusted library allocation
|
page execute read
|
||
|
6895000
|
trusted library allocation
|
page read and write
|
||
|
68A0000
|
trusted library allocation
|
page read and write
|
||
|
D070000
|
trusted library allocation
|
page read and write
|
||
|
2B4F000
|
trusted library allocation
|
page read and write
|
||
|
857C000
|
heap
|
page read and write
|
||
|
BC9A000
|
heap
|
page read and write
|
||
|
7F45D000
|
trusted library allocation
|
page readonly
|
||
|
C10C000
|
heap
|
page read and write
|
||
|
2DCB000
|
trusted library allocation
|
page read and write
|
||
|
556E000
|
stack
|
page read and write
|
||
|
F2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
59B2000
|
unkown
|
page readonly
|
||
|
66DE000
|
stack
|
page read and write
|
||
|
C230000
|
heap
|
page read and write
|
||
|
78EA000
|
heap
|
page read and write
|
||
|
DEFB000
|
stack
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
668E000
|
stack
|
page read and write
|
||
|
31AF000
|
stack
|
page read and write
|
||
|
535E000
|
stack
|
page read and write
|
||
|
C15E000
|
heap
|
page read and write
|
||
|
2B87000
|
trusted library allocation
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
2B98000
|
trusted library allocation
|
page read and write
|
||
|
3044000
|
trusted library allocation
|
page read and write
|
||
|
C0F3000
|
heap
|
page read and write
|
||
|
E2FC000
|
stack
|
page read and write
|
||
|
C304000
|
heap
|
page read and write
|
||
|
75EC000
|
stack
|
page read and write
|
||
|
6C6D1000
|
unkown
|
page execute read
|
||
|
7BB5000
|
heap
|
page read and write
|
||
|
55B3000
|
heap
|
page execute and read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
30BF000
|
trusted library allocation
|
page read and write
|
||
|
C1AE000
|
heap
|
page read and write
|
||
|
4C0C000
|
heap
|
page read and write
|
||
|
55E2000
|
unkown
|
page readonly
|
||
|
337F000
|
heap
|
page read and write
|
||
|
5112000
|
unkown
|
page readonly
|
||
|
5FB3000
|
heap
|
page read and write
|
||
|
C14A000
|
heap
|
page read and write
|
||
|
68E0000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
heap
|
page execute and read and write
|
||
|
3A11000
|
trusted library allocation
|
page read and write
|
||
|
2B8B000
|
trusted library allocation
|
page read and write
|
||
|
D090000
|
trusted library allocation
|
page read and write
|
||
|
D750000
|
trusted library allocation
|
page read and write
|
||
|
78E0000
|
heap
|
page read and write
|
||
|
C061000
|
heap
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
6893000
|
trusted library allocation
|
page read and write
|
||
|
658E000
|
stack
|
page read and write
|
||
|
5BDF000
|
stack
|
page read and write
|
||
|
53F2000
|
unkown
|
page readonly
|
||
|
6073000
|
heap
|
page read and write
|
||
|
958D000
|
heap
|
page read and write
|
||
|
5FAE000
|
stack
|
page read and write
|
||
|
305E000
|
trusted library allocation
|
page read and write
|
||
|
57DC000
|
stack
|
page read and write
|
||
|
7F443000
|
trusted library allocation
|
page execute read
|
||
|
7C16000
|
heap
|
page read and write
|
||
|
E0FA000
|
stack
|
page read and write
|
There are 510 hidden memdumps, click here to show them.