Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Riskware.Pdfxd.1445.707.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Riskware.Pdfxd.1445.707.exe"
|
 |
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://apis.pdfxd.com/account/v3/passport/loginRPCRT4
|
unknown
|
||
|
http://report.pdfxd.com/v1/logs
|
unknown
|
||
|
https://dev.pdfxd.com/third/wx/qrcode/login/noticehttps://dev.pdfxd.com/third/wx/qrcode/loginhttps:/
|
unknown
|
||
|
https://passport.pdfxd.com/coupon_pic
|
unknown
|
||
|
https://apis.pdfxd.com/account/v1/api/auth/code
|
unknown
|
||
|
https://apis.pdfxd.com/account/v1/api/user/bind/list
|
unknown
|
||
|
https://passport.pdfxd.com/bind_phone_pic
|
unknown
|
||
|
https://apis.pdfxd.com/account/v1/api/forgetpwd/step/second?
|
unknown
|
||
|
https://apis.pdfxd.com/third/wx/qrcode/login#
|
unknown
|
||
|
https://apis.pdfxd.com/account/v1/api/passport/logout
|
unknown
|
||
|
https://apis.pdfxd.com/third/anonymous
|
unknown
|
||
|
https://passport.pdfxd.com/pay_pic
|
unknown
|
||
|
https://apis.pdfxd.com/customer/dump/uploadB
|
unknown
|
||
|
http://report.pdfxd.com/v1/log?product=imageshow&version=1.2.3.8×tamp=1730137026&sign=8c9ca8f6c
|
unknown
|
||
|
https://apis.pdfxd.com/account/v1/api/registert
|
unknown
|
||
|
https://apis.pdfxd.com/app/cloud
|
unknown
|
||
|
https://apis.pdfxd.com/account/v3/mobile/login
|
unknown
|
||
|
https://passport.pdfxd.com/pic-interests
|
unknown
|
||
|
http://report.pdfxd.com/v1/log?product=imageshow&version=1.2.3.8×tamp=1730137026&sign=8c9ca8f6cf36d8135001e1e08ebb1e21
|
123.56.218.178
|
||
|
https://passport.pdfxd.com/login_pic
|
unknown
|
||
|
https://dev.pdfxd.com/account/v1/api/forgetpwd/step/submit?
|
unknown
|
||
|
https://apis.pdfxd.com/account/v1/api/user/bind
|
unknown
|
||
|
https://apis.pdfxd.com/third/qq/login/connect5
|
unknown
|
||
|
http://report.pdfxd.com/v1/log?product=imageshow
|
unknown
|
||
|
https://apis.pdfxd.com/account/v1/api/forgetpwd/step/submit?
|
unknown
|
||
|
https://apis.pdfxd.com/third/wx/qrcode/login/noticel
|
unknown
|
||
|
https://apis.pdfxd.com/cloud/v1/api/upgradep#
|
unknown
|
||
|
http://api.pdfxd.com/pdf-service/v1/reportSwa94oarrFLiR6DxVTXxgsP5In8oeidPtimestamp%I64dsend_date%s?
|
unknown
|
||
|
https://apis.pdfxd.com/account/v3/passport/login/bind%
|
unknown
|
||
|
https://apis.pdfxd.com/customer/support
|
unknown
|
||
|
https://apis.pdfxd.com/customer/cloud/active
|
unknown
|
||
|
http://report.pdfxd.com/v1/log
|
unknown
|
||
|
https://apis.pdfxd.com/third/phone/sms/codep#
|
unknown
|
||
|
https://apis.pdfxd.com/account/v1/api/forgetpwd/step/first?
|
unknown
|
||
|
https://pic.pdfxd.com/protocol.html
|
unknown
|
||
|
https://apis.pdfxd.com/account/v1/api/user/info/
|
unknown
|
There are 26 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
report.pdfxd.com
|
123.56.218.178
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
123.56.218.178
|
report.pdfxd.com
|
China
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\XDImageShow
|
DGI
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\XDImageShow.exe
|
Mid
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3E47000
|
heap
|
page read and write
|
||
|
6580000
|
trusted library section
|
page read and write
|
||
|
3EB5000
|
heap
|
page read and write
|
||
|
6A1E000
|
trusted library allocation
|
page read and write
|
||
|
6590000
|
trusted library section
|
page read and write
|
||
|
4080000
|
heap
|
page read and write
|
||
|
64E0000
|
heap
|
page read and write
|
||
|
3B5B000
|
stack
|
page read and write
|
||
|
410E000
|
stack
|
page read and write
|
||
|
6A25000
|
trusted library allocation
|
page read and write
|
||
|
418B000
|
heap
|
page read and write
|
||
|
23CD000
|
unkown
|
page readonly
|
||
|
5A2F000
|
stack
|
page read and write
|
||
|
80CE000
|
stack
|
page read and write
|
||
|
6A5F000
|
trusted library allocation
|
page read and write
|
||
|
60FF000
|
stack
|
page read and write
|
||
|
3E9C000
|
heap
|
page read and write
|
||
|
3EC5000
|
heap
|
page read and write
|
||
|
3ECF000
|
heap
|
page read and write
|
||
|
19CD000
|
unkown
|
page readonly
|
||
|
3E40000
|
heap
|
page read and write
|
||
|
2DCD000
|
unkown
|
page readonly
|
||
|
FB4000
|
unkown
|
page write copy
|
||
|
6C41000
|
heap
|
page read and write
|
||
|
6A1B000
|
trusted library allocation
|
page read and write
|
||
|
64BC000
|
trusted library allocation
|
page read and write
|
||
|
FB4000
|
unkown
|
page read and write
|
||
|
5AB3000
|
heap
|
page read and write
|
||
|
5FFF000
|
stack
|
page read and write
|
||
|
5EFF000
|
stack
|
page read and write
|
||
|
23CD000
|
unkown
|
page readonly
|
||
|
6A40000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
unkown
|
page readonly
|
||
|
681D000
|
stack
|
page read and write
|
||
|
418E000
|
heap
|
page read and write
|
||
|
19CD000
|
unkown
|
page readonly
|
||
|
6C40000
|
heap
|
page read and write
|
||
|
F8C000
|
unkown
|
page readonly
|
||
|
3BC0000
|
heap
|
page read and write
|
||
|
695C000
|
stack
|
page read and write
|
||
|
3E99000
|
heap
|
page read and write
|
||
|
61FF000
|
stack
|
page read and write
|
||
|
81CE000
|
stack
|
page read and write
|
||
|
418B000
|
heap
|
page read and write
|
||
|
418D000
|
heap
|
page read and write
|
||
|
EB1000
|
unkown
|
page execute read
|
||
|
647D000
|
stack
|
page read and write
|
||
|
EB1000
|
unkown
|
page execute read
|
||
|
23CD000
|
unkown
|
page readonly
|
||
|
6A90000
|
trusted library allocation
|
page read and write
|
||
|
418D000
|
heap
|
page read and write
|
||
|
623C000
|
stack
|
page read and write
|
||
|
FC9000
|
unkown
|
page read and write
|
||
|
4185000
|
heap
|
page read and write
|
||
|
6C4B000
|
heap
|
page read and write
|
||
|
418B000
|
heap
|
page read and write
|
||
|
19CD000
|
unkown
|
page readonly
|
||
|
3CE0000
|
heap
|
page read and write
|
||
|
FCD000
|
unkown
|
page readonly
|
||
|
5AB0000
|
heap
|
page read and write
|
||
|
3B59000
|
stack
|
page read and write
|
||
|
EB0000
|
unkown
|
page readonly
|
||
|
6C4A000
|
heap
|
page read and write
|
||
|
FB5000
|
unkown
|
page write copy
|
||
|
40CE000
|
stack
|
page read and write
|
||
|
5AAE000
|
stack
|
page read and write
|
||
|
8590000
|
trusted library allocation
|
page read and write
|
||
|
64A0000
|
trusted library allocation
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
5A6E000
|
stack
|
page read and write
|
||
|
9086000
|
heap
|
page read and write
|
||
|
6C4B000
|
heap
|
page read and write
|
||
|
6C3F000
|
stack
|
page read and write
|
||
|
4180000
|
heap
|
page read and write
|
||
|
3EB6000
|
heap
|
page read and write
|
||
|
418E000
|
heap
|
page read and write
|
||
|
671E000
|
stack
|
page read and write
|
||
|
3A57000
|
stack
|
page read and write
|
||
|
3ECF000
|
heap
|
page read and write
|
||
|
3EB5000
|
heap
|
page read and write
|
||
|
633C000
|
stack
|
page read and write
|
||
|
418E000
|
heap
|
page read and write
|
||
|
685D000
|
stack
|
page read and write
|
||
|
2DCD000
|
unkown
|
page readonly
|
||
|
6A28000
|
trusted library allocation
|
page read and write
|
||
|
927E000
|
heap
|
page read and write
|
||
|
637B000
|
stack
|
page read and write
|
||
|
418E000
|
heap
|
page read and write
|
||
|
918E000
|
heap
|
page read and write
|
||
|
6570000
|
trusted library section
|
page read and write
|
||
|
F8C000
|
unkown
|
page readonly
|
||
|
FCD000
|
unkown
|
page readonly
|
||
|
3D00000
|
heap
|
page read and write
|
||
|
FB7000
|
unkown
|
page read and write
|
||
|
6A21000
|
trusted library allocation
|
page read and write
|
||
|
418B000
|
heap
|
page read and write
|
||
|
414E000
|
stack
|
page read and write
|
||
|
418B000
|
heap
|
page read and write
|
||
|
6C4B000
|
heap
|
page read and write
|
||
|
9176000
|
heap
|
page read and write
|
||
|
418B000
|
heap
|
page read and write
|
||
|
FCD000
|
unkown
|
page readonly
|
There are 92 hidden memdumps, click here to show them.