Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\Marys Organizer 2023 Release.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\build.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Sep 25 15:44:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Sep 25 15:44:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Sep 25 15:44:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Sep 25 15:44:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Sep 25 15:44:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\6c0e1526-d764-492b-bf2b-91f1d0333ac8.tmp
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Downloads\Marys Organizer 2023 Release (1).zip.crdownload
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Downloads\Marys Organizer 2023 Release.zip.crdownload
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Downloads\e882fb46-3f06-487e-bb0c-858422981dc4.tmp
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
Chrome Cache Entry: 73
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 74
|
HTML document, ASCII text, with very long lines (3909)
|
downloaded
|
||
|
Chrome Cache Entry: 75
|
ASCII text, with very long lines (65324)
|
downloaded
|
||
|
Chrome Cache Entry: 76
|
PNG image data, 65 x 64, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 77
|
ASCII text, with very long lines (47261)
|
dropped
|
||
|
Chrome Cache Entry: 78
|
PNG image data, 37 x 4, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 79
|
PNG image data, 65 x 64, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 80
|
PNG image data, 37 x 4, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 81
|
ASCII text, with very long lines (47261)
|
downloaded
|
||
|
Chrome Cache Entry: 82
|
HTML document, ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 83
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 84
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
downloaded
|
There are 16 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2028,i,2931579537296338705,3953823219278610053,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://maveuve.github.io/frlpodf/marynewreleasefax.html"
|
|
|
|
C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe
|
"C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"
|
|
|
|
C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe
|
"C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"
|
|
|
|
C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe
|
"C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint
/f
|
|
|
|
C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe
|
"C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"
|
|
|
|
C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe
|
"C:\Users\user\Downloads\Marys Organizer 2023 Release\MY ORGANIZER 2023 Mortgage Interest PaymentsPDF.exe"
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint
/f & exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Local\Temp\build.exe
|
"C:\Users\user\AppData\Local\Temp\build.exe"
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://maveuve.github.io/frlpodf/marynewreleasefax.html
|
|
||
|
privmerkt.com
|
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7bc1cab943c1&lang=auto
|
104.18.95.41
|
||
|
http://www.zeniko.ch/#SumatraPDFSimon
|
unknown
|
||
|
https://challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js
|
104.18.95.41
|
||
|
http://www.drm-x.net/http://cn.drm-x.com/LicPrepare2008.aspxLicPrepare20082013.aspx.drm-x.com/2/%s?c
|
unknown
|
||
|
http://www.symantec.com/XMLSchema/dcs/disc-protection
|
unknown
|
||
|
https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
|
104.18.10.207
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c8c7ad8c96941a6&lang=auto
|
104.18.95.41
|
||
|
https://raw.githubusercontent.com/maveuve/vbdsz/refs/heads/main/Marys%20Organizer%202023%20Release.zip
|
185.199.111.133
|
||
|
http://itexmac.sourceforge.net/SyncTeX.htmlJ
|
unknown
|
||
|
http://HDMHDMLoading...%s
|
unknown
|
||
|
https://maveuve.github.io/frlpodf/marynewreleasefax.html
|
|||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8c8c7bc1cab943c1/1727282716834/454bfa27911b53eaf89b77fb676ac9ea7d67d7c4009c0340595e1039d45fc476/ANn6E4_AEvWbw_F
|
104.18.95.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c8c7ad8c96941a6/1727282678373/4K3pZlDmL6zt7ib
|
104.18.95.41
|
||
|
http://p.yusukekamiyamane.com/Yusuke
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
http://mailto:EmbeddedFilesTypeFilespecD%s%dR%s%sA%s%sKids.seen.seen.seenNumsSPStD%s.%d:%d:%dInfoPag
|
unknown
|
||
|
http://www.haihaisoft.com/Contact.aspx
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5renj/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/
|
104.18.95.41
|
||
|
http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
|
unknown
|
||
|
http://www.freetype.org/FreeTypefont
|
unknown
|
||
|
http://www.haihaisoft.com/PDF_Reader_download.aspxhttp://www.drm-x.com/pdfversion.htmMS
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://challenges.cloudflare.com/turnstile/v0/api.js?compat=recaptcha
|
104.18.95.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/9m1ve/0x4AAAAAAAktEy218PeM5fmO/auto/fbE/normal/auto/
|
104.18.95.41
|
||
|
http://geoplugin.net/json.gpT
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
|
104.18.95.41
|
||
|
http://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD%AF%E4%BB%B6PDF%E9%98%85%E8%AF%BB%E5%99%A8.aspxopen
|
unknown
|
||
|
http://geoplugin.net/json.gpV
|
unknown
|
||
|
http://www.haihaisoft.com/Contact.aspx%u%?.Install_DirSoftware
|
unknown
|
||
|
https://githubstatus.com
|
unknown
|
||
|
http://cn.haihaisoft.comhttp://www.haihaisoft.comcnhttp://cn.haihaisoft.com/%E6%B5%B7%E6%B5%B7%E8%BD
|
unknown
|
||
|
http://blog.kowalczyk.infoKrzysztof
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/784762221:1727280895:DpZwutPQnAJ2xMIFwpiobNTMBlYJp9CWXlp9V5GN5Yo/8c8c7bc1cab943c1/4904f693d598ee1
|
104.18.95.41
|
||
|
http://www.haihaisoft.comSumatraPDF
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://blog.kowalczyk.info/software/sumatrapdf/translators.htmlThe
|
unknown
|
||
|
http://www.haihaisoft.comlibmupdf.pdbSumatraPDF.pdbSumatraPDF-prereleaseSumatraPDF.pdbSumatraPDF-1.5
|
unknown
|
||
|
http://www.symantec.com/XMLSchema/dcs/disc-results
|
unknown
|
||
|
http://geoplugin.net/json.gpn
|
unknown
|
||
|
https://twitter.com/githubstatus
|
unknown
|
||
|
http://www.drm-x.com/pdfversion.htm1.5.7.0..http://www.haihaisoft.com/PDF_Reader_download.aspxopenSo
|
unknown
|
||
|
https://getbootstrap.com/)
|
unknown
|
||
|
http://www.flashvidz.tk/Zenonprogram
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/621320543:1727280800:x-uSLD9blvM2sN0MY5eDk1KX-nemuunHuqvoVAWU97E/8c8c7ad8c96941a6/596e5d08887dcbd
|
104.18.95.41
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://blog.kowalczyk.info/software/sumatrapdf/translations.htmlContribute
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
http://www.openssl.org/support/faq.html....................
|
unknown
|
||
|
http://william.famille-blum.org/William
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0Digitized
|
unknown
|
||
|
http://mupdf.comMuPDFpdf
|
unknown
|
||
|
http://www.winimage.com/zLibDllbad
|
unknown
|
||
|
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
|
https://maveuve.github.io/favicon.ico
|
185.199.108.153
|
||
|
https://github.com/maveuve/vbdsz/raw/refs/heads/main/Marys%20Organizer%202023%20Release.zip
|
140.82.121.4
|
||
|
http://www.winimage.com/zLibDll
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c8c7bc1cab943c1/1727282716836/wNiz968zyhOEG8-
|
104.18.95.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8c8c7ad8c96941a6/1727282678369/d41a30965b817c48f2b8012ecc5d4118160944ab876415a0adeddf7d6fb64e62/cwl0dNi4gO4wp8F
|
104.18.95.41
|
||
|
https://help.github.com/pages/
|
unknown
|
There are 50 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
privmerkt.com
|
172.111.163.227
|
|
|
|
nwemarkets.com
|
45.74.48.2
|
|
|
|
stackpath.bootstrapcdn.com
|
104.18.10.207
|
||
|
github.com
|
140.82.121.4
|
||
|
challenges.cloudflare.com
|
104.18.95.41
|
||
|
raw.githubusercontent.com
|
185.199.111.133
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
www.google.com
|
142.250.186.68
|
||
|
maveuve.github.io
|
185.199.108.153
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.16
|
unknown
|
unknown
|
|
|
|
172.111.163.227
|
privmerkt.com
|
United States
|
|
|
|
142.250.186.68
|
www.google.com
|
United States
|
||
|
104.18.10.207
|
stackpath.bootstrapcdn.com
|
United States
|
||
|
216.58.212.164
|
unknown
|
United States
|
||
|
104.18.94.41
|
unknown
|
United States
|
||
|
104.18.95.41
|
challenges.cloudflare.com
|
United States
|
||
|
140.82.121.4
|
github.com
|
United States
|
||
|
185.199.111.133
|
raw.githubusercontent.com
|
Netherlands
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
185.199.108.153
|
maveuve.github.io
|
Netherlands
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
There are 2 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-9QRTYQ
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-9QRTYQ
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-9QRTYQ
|
time
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
*UpdaterCisco
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
10163000
|
unkown
|
page execute and read and write
|
|
|
|
2850000
|
direct allocation
|
page execute and read and write
|
|
|
|
DA8000
|
heap
|
page read and write
|
|
|
|
F48000
|
heap
|
page read and write
|
|
|
|
EFE000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
E0F000
|
trusted library allocation
|
page read and write
|
||
|
AA4000
|
remote allocation
|
page execute and read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
E64000
|
trusted library allocation
|
page read and write
|
||
|
101E8000
|
unkown
|
page execute and write copy
|
||
|
3CC7000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
41B9000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
E89000
|
trusted library allocation
|
page read and write
|
||
|
2C1F000
|
stack
|
page read and write
|
||
|
24E08A7A000
|
heap
|
page read and write
|
||
|
1036F000
|
direct allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
4B48000
|
trusted library allocation
|
page read and write
|
||
|
28C8000
|
direct allocation
|
page execute and read and write
|
||
|
C7A000
|
heap
|
page read and write
|
||
|
6CF000
|
unkown
|
page readonly
|
||
|
375E000
|
stack
|
page read and write
|
||
|
1DF000
|
stack
|
page read and write
|
||
|
10225000
|
unkown
|
page execute and write copy
|
||
|
E40000
|
trusted library allocation
|
page read and write
|
||
|
42AB000
|
trusted library allocation
|
page read and write
|
||
|
A7E000
|
stack
|
page read and write
|
||
|
632687F000
|
stack
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
980000
|
unkown
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
101F1000
|
unkown
|
page execute and read and write
|
||
|
BF3000
|
heap
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
2AA3000
|
heap
|
page read and write
|
||
|
101F4000
|
unkown
|
page execute and write copy
|
||
|
F40000
|
heap
|
page read and write
|
||
|
BFF000
|
stack
|
page read and write
|
||
|
3F60000
|
trusted library allocation
|
page read and write
|
||
|
DF6000
|
trusted library allocation
|
page read and write
|
||
|
6C9000
|
unkown
|
page readonly
|
||
|
10154000
|
unkown
|
page write copy
|
||
|
DEF000
|
trusted library allocation
|
page read and write
|
||
|
3D93000
|
trusted library allocation
|
page read and write
|
||
|
10450000
|
direct allocation
|
page read and write
|
||
|
24E08A70000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
3EB7000
|
trusted library allocation
|
page read and write
|
||
|
E31000
|
trusted library allocation
|
page read and write
|
||
|
DE7000
|
trusted library allocation
|
page read and write
|
||
|
24E08CB0000
|
heap
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
533E000
|
trusted library allocation
|
page read and write
|
||
|
57F000
|
stack
|
page read and write
|
||
|
93A000
|
heap
|
page read and write
|
||
|
BFD000
|
stack
|
page read and write
|
||
|
101EB000
|
unkown
|
page execute and read and write
|
||
|
2FDA000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
4350000
|
trusted library allocation
|
page read and write
|
||
|
DD8000
|
trusted library allocation
|
page read and write
|
||
|
ED000
|
stack
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
52DB000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
E19000
|
trusted library allocation
|
page read and write
|
||
|
24E08CB5000
|
heap
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
DDC000
|
trusted library allocation
|
page read and write
|
||
|
E23000
|
trusted library allocation
|
page read and write
|
||
|
FFF000
|
stack
|
page read and write
|
||
|
10438000
|
direct allocation
|
page read and write
|
||
|
42CA000
|
trusted library allocation
|
page read and write
|
||
|
AA4000
|
remote allocation
|
page execute and read and write
|
||
|
5288000
|
trusted library allocation
|
page read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
4CA0000
|
heap
|
page read and write
|
||
|
E31000
|
trusted library allocation
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
10375000
|
direct allocation
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
1015D000
|
unkown
|
page read and write
|
||
|
DF3000
|
trusted library allocation
|
page read and write
|
||
|
19E000
|
stack
|
page read and write
|
||
|
361E000
|
stack
|
page read and write
|
||
|
101F8000
|
unkown
|
page execute and read and write
|
||
|
93E000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
632656E000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3E01000
|
trusted library allocation
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
3B4D000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
3F37000
|
trusted library allocation
|
page read and write
|
||
|
10449000
|
direct allocation
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
E63000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
10153000
|
unkown
|
page read and write
|
||
|
3B4E000
|
trusted library allocation
|
page read and write
|
||
|
29BE000
|
stack
|
page read and write
|
||
|
AA1000
|
remote allocation
|
page execute and read and write
|
||
|
10443000
|
direct allocation
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
10119000
|
unkown
|
page readonly
|
||
|
C00000
|
heap
|
page read and write
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
BE9000
|
heap
|
page read and write
|
||
|
276E000
|
unkown
|
page read and write
|
||
|
101DD000
|
unkown
|
page execute and write copy
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
61E000
|
unkown
|
page readonly
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
2FDA000
|
trusted library allocation
|
page read and write
|
||
|
2FDA000
|
trusted library allocation
|
page read and write
|
||
|
196000
|
stack
|
page read and write
|
||
|
E71000
|
trusted library allocation
|
page read and write
|
||
|
DED000
|
heap
|
page read and write
|
||
|
4EE6000
|
trusted library allocation
|
page read and write
|
||
|
101F000
|
stack
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
2A8C000
|
heap
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
42C0000
|
trusted library allocation
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
E56000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
61E000
|
unkown
|
page readonly
|
||
|
24E0A4E0000
|
heap
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
24E08A20000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
E45000
|
heap
|
page read and write
|
||
|
3FED000
|
trusted library allocation
|
page read and write
|
||
|
4DAC000
|
stack
|
page read and write
|
||
|
BFC000
|
stack
|
page read and write
|
||
|
E19000
|
trusted library allocation
|
page read and write
|
||
|
3BE8000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
24E08A30000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
DDC000
|
trusted library allocation
|
page read and write
|
||
|
5C2000
|
heap
|
page read and write
|
||
|
3E98000
|
trusted library allocation
|
page read and write
|
||
|
196000
|
stack
|
page read and write
|
||
|
272D000
|
stack
|
page read and write
|
||
|
103B5000
|
direct allocation
|
page read and write
|
||
|
24E08A80000
|
heap
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
1015D000
|
unkown
|
page read and write
|
||
|
2AA1000
|
heap
|
page read and write
|
||
|
638000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
3090000
|
trusted library allocation
|
page read and write
|
||
|
474A000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
345F000
|
stack
|
page read and write
|
||
|
2ADF000
|
stack
|
page read and write
|
||
|
E0C000
|
trusted library allocation
|
page read and write
|
||
|
E29000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
CAD000
|
stack
|
page read and write
|
||
|
DF6000
|
heap
|
page read and write
|
||
|
10228000
|
unkown
|
page execute and read and write
|
||
|
6B7000
|
unkown
|
page read and write
|
||
|
85E000
|
stack
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
7AA000
|
unkown
|
page readonly
|
||
|
DF3000
|
heap
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
CC8000
|
heap
|
page read and write
|
||
|
4EA8000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
4F3D000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
DFD000
|
heap
|
page read and write
|
||
|
63264EC000
|
stack
|
page read and write
|
||
|
10008000
|
unkown
|
page execute read
|
||
|
9C000
|
stack
|
page read and write
|
||
|
103BB000
|
direct allocation
|
page read and write
|
||
|
1013D000
|
unkown
|
page readonly
|
||
|
B30000
|
heap
|
page read and write
|
||
|
A89000
|
remote allocation
|
page execute and read and write
|
||
|
E11000
|
heap
|
page read and write
|
||
|
97F000
|
unkown
|
page write copy
|
||
|
930000
|
heap
|
page read and write
|
||
|
42FE000
|
trusted library allocation
|
page read and write
|
||
|
35CF000
|
stack
|
page read and write
|
||
|
4E93000
|
trusted library allocation
|
page read and write
|
||
|
3E07000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
54D000
|
stack
|
page read and write
|
||
|
10480000
|
direct allocation
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
10153000
|
unkown
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
E0C000
|
trusted library allocation
|
page read and write
|
||
|
E9E000
|
trusted library allocation
|
page read and write
|
||
|
529D000
|
trusted library allocation
|
page read and write
|
||
|
C7E000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
6C9000
|
unkown
|
page readonly
|
||
|
321E000
|
stack
|
page read and write
|
||
|
27AE000
|
stack
|
page read and write
|
||
|
76D000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
CD4000
|
heap
|
page read and write
|
||
|
2F61000
|
trusted library allocation
|
page read and write
|
||
|
11DF000
|
stack
|
page read and write
|
||
|
E05000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
758000
|
unkown
|
page readonly
|
||
|
4C9C000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
AA1000
|
remote allocation
|
page execute and read and write
|
||
|
101E0000
|
unkown
|
page execute and read and write
|
||
|
E1D000
|
trusted library allocation
|
page read and write
|
||
|
24E08A50000
|
heap
|
page read and write
|
||
|
39BE000
|
stack
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
E9E000
|
trusted library allocation
|
page read and write
|
||
|
3EEB000
|
trusted library allocation
|
page read and write
|
||
|
6B7000
|
unkown
|
page write copy
|
||
|
EDF000
|
stack
|
page read and write
|
||
|
777000
|
unkown
|
page readonly
|
||
|
9FC000
|
unkown
|
page readonly
|
||
|
F6F000
|
stack
|
page read and write
|
||
|
E11000
|
trusted library allocation
|
page read and write
|
||
|
331F000
|
stack
|
page read and write
|
||
|
DD8000
|
trusted library allocation
|
page read and write
|
||
|
CFF000
|
stack
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
106F000
|
stack
|
page read and write
|
||
|
6C9000
|
unkown
|
page readonly
|
||
|
763000
|
unkown
|
page readonly
|
||
|
2F61000
|
trusted library allocation
|
page read and write
|
||
|
E38000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
3C70000
|
trusted library allocation
|
page read and write
|
||
|
101EF000
|
unkown
|
page execute and write copy
|
||
|
E16000
|
trusted library allocation
|
page read and write
|
||
|
1015F000
|
unkown
|
page write copy
|
||
|
A30000
|
heap
|
page read and write
|
||
|
AD000
|
stack
|
page read and write
|
||
|
E19000
|
trusted library allocation
|
page read and write
|
||
|
385F000
|
stack
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
E0C000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
1039B000
|
direct allocation
|
page read and write
|
||
|
2D4F000
|
unkown
|
page read and write
|
||
|
980000
|
unkown
|
page read and write
|
||
|
10253000
|
unkown
|
page readonly
|
||
|
DE7000
|
trusted library allocation
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
10260000
|
direct allocation
|
page read and write
|
||
|
10153000
|
unkown
|
page read and write
|
||
|
980000
|
unkown
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
DDD000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
52A7000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
E05000
|
trusted library allocation
|
page read and write
|
||
|
63265EE000
|
stack
|
page read and write
|
||
|
E71000
|
trusted library allocation
|
page read and write
|
||
|
371B000
|
stack
|
page read and write
|
||
|
F9F000
|
stack
|
page read and write
|
||
|
103B1000
|
direct allocation
|
page read and write
|
||
|
2AA3000
|
heap
|
page read and write
|
||
|
10148000
|
unkown
|
page readonly
|
||
|
113F000
|
stack
|
page read and write
|
||
|
38BE000
|
stack
|
page read and write
|
||
|
10149000
|
unkown
|
page write copy
|
||
|
4EB2000
|
trusted library allocation
|
page read and write
|
||
|
10110000
|
unkown
|
page execute read
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
3F60000
|
trusted library allocation
|
page read and write
|
||
|
3EAD000
|
trusted library allocation
|
page read and write
|
||
|
24E08A78000
|
heap
|
page read and write
|
||
|
DFA000
|
trusted library allocation
|
page read and write
|
||
|
10162000
|
unkown
|
page readonly
|
There are 292 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://maveuve.github.io/frlpodf/marynewreleasefax.html
|
||
|
https://maveuve.github.io/frlpodf/marynewreleasefax.html
|
||
|
https://maveuve.github.io/frlpodf/marynewreleasefax.html
|
||
|
https://maveuve.github.io/frlpodf/marynewreleasefax.html
|
||
|
https://maveuve.github.io/frlpodf/marynewreleasefax.html
|
||
|
https://maveuve.github.io/frlpodf/marynewreleasefax.html
|