Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
25_May_2024_eSign.pdf
|
PDF document, version 1.4, 1 pages
|
initial sample
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\740d5b8c-cc1f-4a93-94ce-f78452bfeba8.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\800cdb10-a2d4-4d35-9dd5-f3647155a75a.tmp
|
JSON data
|
modified
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6c8119.TMP (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240527173010Z-163.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8,
version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 19
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSIb7287.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-27 13-30-08-477.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\1208e11b-9118-47a5-872e-4f711df699e6.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\202f9346-3e36-488a-84e7-c05b6d4fc6fd.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\9dbd0f3d-d4a4-44ed-85c2-cd9f39a55d58.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\bfbb9f80-b81b-4db8-a29a-0af0888c57e0.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 16:30:09 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 16:30:09 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 16:30:09 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 16:30:09 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 16:30:09 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 172
|
PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 173
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 174
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 175
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 176
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian,
direntries=1, software=Google], baseline, precision 8, 1652x929, components 3
|
downloaded
|
||
Chrome Cache Entry: 177
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 178
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 179
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 180
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 181
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 182
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 183
|
PNG image data, 128 x 128, 8-bit colormap, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 184
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 185
|
ASCII text
|
downloaded
|
||
Chrome Cache Entry: 186
|
PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 187
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 188
|
ASCII text, with very long lines (48316), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 189
|
PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 190
|
PNG image data, 506 x 303, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 191
|
PNG image data, 128 x 128, 8-bit colormap, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 192
|
PNG image data, 54 x 54, 8-bit colormap, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 193
|
HTML document, ASCII text, with very long lines (65446)
|
downloaded
|
||
Chrome Cache Entry: 194
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 195
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 196
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 197
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 198
|
ASCII text, with very long lines (24050)
|
downloaded
|
||
Chrome Cache Entry: 199
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 200
|
HTML document, ASCII text, with very long lines (13821)
|
dropped
|
||
Chrome Cache Entry: 201
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 202
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 203
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 204
|
PNG image data, 54 x 54, 8-bit colormap, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 205
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian,
direntries=1, software=Google], baseline, precision 8, 1652x929, components 3
|
dropped
|
||
Chrome Cache Entry: 206
|
ASCII text, with no line terminators
|
downloaded
|
There are 78 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\25_May_2024_eSign.pdf"
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1612
--field-trial-handle=1580,i,12606758722636301871,14801782710418106230,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.kooss.com/j7.php?url=https://m.exactag.com/ai.aspx?tc=d9047570bc40b07205bbd26a23a8d2e6b6b4f9&url=https://maplebearrabat.com/content/cauoaeox/jihu/YWNjb3VudHNyZWNlaXZhYmxlQGFjYWdsb2JhbC5jb20=
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2004,i,16712865110461069709,7719260107902575291,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://maplebearrabat.com/content/cauoaeox/jihu/YWNjb3VudHNyZWNlaXZhYmxlQGFjYWdsb2JhbC5jb20=
|
|||
https://cloudflare-ipfs.com/ipfs/bafybeiclrj2xwfwignqrmjudvrsa7bbuecqrpcfskjfc3jj7t57lq7oi2y
|
|||
https://maplebearrabat.com/favicon.ico
|
50.87.153.121
|
||
http://jquery.org/license
|
unknown
|
||
https://cloudflare-ipfs.com/cdn-cgi/phish-bypass?atok=CT7tcRP.LUBFLZgoIYhechJ50z8EjywmGLk7DrAEPUk-1716831012-0.0.1.1-%2Fipfs%2Fbafybeiclrj2xwfwignqrmjudvrsa7bbuecqrpcfskjfc3jj7t57lq7oi2y
|
104.17.96.13
|
||
https://ogs.google.com/widget/app/so?awwd=1
|
unknown
|
||
https://aea14i7zphg.wqqqqop.shop/static/media/bg_normal.png
|
104.21.96.107
|
||
https://aea14i7zphg.wqqqqop.shop/static/media/auth_number.png
|
104.21.96.107
|
||
http://sizzlejs.com/
|
unknown
|
||
https://www.google.com/intl/en/about/products
|
unknown
|
||
https://aea14i7zphg.wqqqqop.shop/static/media/godaddy-left.png
|
104.21.96.107
|
||
http://jsperf.com/getall-vs-sizzle/2
|
unknown
|
||
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
|
unknown
|
||
https://aea14i7zphg.wqqqqop.shop/static/media/2fa_authenticator.png
|
104.21.96.107
|
||
http://schema.org/WebPage
|
unknown
|
||
https://bugs.webkit.org/show_bug.cgi?id=29084
|
unknown
|
||
http://blindsignals.com/index.php/2009/07/jquery-delay/
|
unknown
|
||
http://bugs.jquery.com/ticket/12282#comment:15
|
unknown
|
||
http://dev.w3.org/csswg/cssom/#resolved-values
|
unknown
|
||
https://cloudflare-ipfs.com/favicon.ico
|
104.17.96.13
|
||
https://aea14i7zphg.wqqqqop.shop/static/media/call_2fa.png
|
104.21.96.107
|
||
https://aea14i7zphg.wqqqqop.shop/static/media/logo-off-1.png
|
104.21.96.107
|
||
https://apis.google.com
|
unknown
|
||
https://github.com/jquery/jquery/pull/764
|
unknown
|
||
https://cloudflare-ipfs.com/cdn-cgi/styles/cf.errors.css
|
104.17.96.13
|
||
https://chrome.cloudflare-dns.com
|
unknown
|
||
http://bugs.jquery.com/ticket/12359
|
unknown
|
||
https://aea14i7zphg.wqqqqop.shop/obufsssssssscaaatoion/
|
104.21.96.107
|
||
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
|
104.17.25.14
|
||
http://json.org/json2.js
|
unknown
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=649285
|
unknown
|
||
https://www.google.com/_/og/promos/
|
unknown
|
||
https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
|
152.199.23.37
|
||
https://aea14i7zphg.wqqqqop.shop/static/media/microsoft_logo.png/
|
104.21.96.107
|
||
https://cloudflare-ipfs.com/cdn-cgi/images/icon-exclamation.png?1376755637
|
104.17.96.13
|
||
http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
|
unknown
|
||
https://www.kooss.com/j7.php?url=https://m.exactag.com/ai.aspx?tc=d9047570bc40b07205bbd26a23a8d2e6b6b4f9&url=https://maplebearrabat.com/content/cauoaeox/jihu/YWNjb3VudHNyZWNlaXZhYmxlQGFjYWdsb2JhbC5jb20=
|
140.227.127.195
|
||
https://developer.mozilla.org/en-US/docs/CSS/display
|
unknown
|
||
https://cloudflare-ipfs.com/ipfs/bafybeiclrj2xwfwignqrmjudvrsa7bbuecqrpcfskjfc3jj7t57lq7oi2y#accountsreceivable@acaglobal.com
|
|||
https://code.jquery.com/jquery-1.9.1.js
|
151.101.194.137
|
||
https://ogs.google.com/widget/callout?prid=19037050
|
unknown
|
||
https://aea14i7zphg.wqqqqop.shop/static/media/message_think.png
|
104.21.96.107
|
||
https://developer.mozilla.org/en/Security/CSP)
|
unknown
|
||
https://pro.ip-api.com/json/?key=pD3jjrEbn4o2CQ1
|
51.77.64.70
|
||
http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
|
unknown
|
||
http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_A
|
unknown
|
||
https://aea14i7zphg.wqqqqop.shop/static/media/key_workshcool.png
|
104.21.96.107
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=491668
|
unknown
|
||
https://aea14i7zphg.wqqqqop.shop/static/media/person_office.png
|
104.21.96.107
|
||
https://www.google.com/
|
172.217.18.4
|
||
http://javascript.nwbox.com/IEContentLoaded/
|
unknown
|
||
http://jquery.com/
|
unknown
|
||
https://aea14i7zphg.wqqqqop.shop/static/media/person_workshcool.png
|
104.21.96.107
|
There are 43 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
cloudflare-ipfs.com
|
104.17.96.13
|
||
www.kooss.com
|
140.227.127.195
|
||
google.com
|
142.250.186.142
|
||
cs1100.wpc.omegacdn.net
|
152.199.23.37
|
||
maplebearrabat.com
|
50.87.153.121
|
||
code.jquery.com
|
151.101.194.137
|
||
cdnjs.cloudflare.com
|
104.17.25.14
|
||
pro.ip-api.com
|
51.77.64.70
|
||
aea14i7zphg.wqqqqop.shop
|
104.21.96.107
|
||
www.google.com
|
142.250.186.68
|
||
aadcdn.msftauth.net
|
unknown
|
There are 1 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.17.96.13
|
cloudflare-ipfs.com
|
United States
|
||
142.250.186.68
|
www.google.com
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
104.21.96.107
|
aea14i7zphg.wqqqqop.shop
|
United States
|
||
51.77.64.70
|
pro.ip-api.com
|
France
|
||
151.101.194.137
|
code.jquery.com
|
United States
|
||
172.217.18.4
|
unknown
|
United States
|
||
140.227.127.195
|
www.kooss.com
|
Japan
|
||
23.47.168.24
|
unknown
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
152.199.23.37
|
cs1100.wpc.omegacdn.net
|
United States
|
||
50.87.153.121
|
maplebearrabat.com
|
United States
|
||
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
There are 3 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sFileAncestors
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
bisSharedFile
|
There are 10 hidden registries, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://cloudflare-ipfs.com/ipfs/bafybeiclrj2xwfwignqrmjudvrsa7bbuecqrpcfskjfc3jj7t57lq7oi2y#accountsreceivable@acaglobal.com
|
||
https://cloudflare-ipfs.com/ipfs/bafybeiclrj2xwfwignqrmjudvrsa7bbuecqrpcfskjfc3jj7t57lq7oi2y
|
||
https://cloudflare-ipfs.com/ipfs/bafybeiclrj2xwfwignqrmjudvrsa7bbuecqrpcfskjfc3jj7t57lq7oi2y
|
||
https://maplebearrabat.com/content/cauoaeox/jihu/YWNjb3VudHNyZWNlaXZhYmxlQGFjYWdsb2JhbC5jb20=
|