IOC Report
Baylor.pdf

loading gif

Files

File Path
Type
Category
Malicious
Baylor.pdf
PDF document, version 1.4, 1 pages
initial sample
 malicious
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\004d3410-3d7e-4b15-a75c-29185af2ea52.tmp
JSON data
modified
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240703155507Z-158.bmp
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
modified
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7392
PostScript document text
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
PostScript document text
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat
data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Temp\MSI107a9.LOG
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91l2xtw8_1sef8d9_5pc.tmp
PDF document, version 1.6, 0 pages
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 11-55-05-225.log
ASCII text, with very long lines (393)
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
ASCII text, with very long lines (393), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\010767be-cc54-4c20-87ff-ae41723bfd9b.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\39f6d9fa-e913-402e-9cac-f8a1df62bfc4.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\5fa979c0-d43f-48d4-a9ad-0f57f48b64d0.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\ba67f37f-a691-4407-8138-a8a8f6e85cf6.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
dropped
Chrome Cache Entry: 271
HTML document, ASCII text, with very long lines (1150)
downloaded
Chrome Cache Entry: 272
ASCII text, with very long lines (549)
downloaded
Chrome Cache Entry: 273
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 274
JSON data
dropped
Chrome Cache Entry: 275
PNG image data, 54 x 54, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 276
HTML document, ASCII text, with very long lines (1150)
dropped
Chrome Cache Entry: 277
JSON data
dropped
Chrome Cache Entry: 278
PNG image data, 54 x 54, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 279
JSON data
downloaded
Chrome Cache Entry: 280
ASCII text, with very long lines (24050)
downloaded
Chrome Cache Entry: 281
JSON data
downloaded
Chrome Cache Entry: 282
ASCII text, with very long lines (4747)
downloaded
Chrome Cache Entry: 283
HTML document, ASCII text, with very long lines (1150)
downloaded
Chrome Cache Entry: 284
HTML document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 285
Unicode text, UTF-8 text, with very long lines (65392), with no line terminators
downloaded
Chrome Cache Entry: 286
ASCII text, with very long lines (64983)
downloaded
Chrome Cache Entry: 287
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 288
HTML document, ASCII text, with very long lines (394)
downloaded
Chrome Cache Entry: 289
ASCII text, with very long lines (64667)
downloaded
There are 58 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Baylor.pdf"
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1556,i,3276697783917647603,3070842491392566807,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1992,i,4647754721772036237,11842864204794463739,262144 /prefetch:8

URLs

Name
IP
Malicious
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1
malicious
https://share-eu1.hsforms.com/favicon.ico
172.65.198.19
 malicious
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1)
unknown
 malicious
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1#main
malicious
https://js-eu1.hs-banner.com/v2
unknown
https://www.cloudflare.com/learning/access-management/phishing-attack/
unknown
https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=144978769&utk=aaacea36d982e582317f0d8bd0e23759
172.65.192.122
http://www.hubspot.com
unknown
https://forms-eu1.hsforms.com/embed/v3/form/144978769/21faa587-510f-4b17-841b-2574a1f0dbe4/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
172.65.232.43
https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022206557&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.3.1720022131923&cc=15
172.65.240.166
https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=cde0f426-55b7-481b-b7ea-ddaa418f0dec&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&t=Form&cts=1720022132322&vi=aaacea36d982e582317f0d8bd0e23759&nc=true&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.1.1720022131923&cc=15
172.65.240.166
https://js-eu1.hs-banner.com/v2/144978769/banner.js
172.65.202.201
https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v3-DEFINITION_SUCCESS&count=1
172.65.232.43
https://js-eu1.hs-analytics.net/analytics/1720022100000/144978769.js
172.65.238.60
https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=9ab50da6-ebc2-4400-bfc0-a5c353a8d768&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022206756&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.3.1720022131923&cc=15
172.65.240.166
https://static.hsappstatic.net/forms-submission-pages/static-1.4545/bundles/share-legacy.js
104.17.176.91
https://forms-eu1.hsforms.com/submissions/v3/public/submit/formsnext/multipart/144978769/21faa587-510f-4b17-841b-2574a1f0dbe4/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
172.65.232.43
https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v3-RENDER_SUCCESS&count=1
172.65.232.43
https://js-eu1.hscollectedforms.net/collectedforms.js
172.65.192.122
about:blank
https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&t=Form&cts=1720022131934&vi=aaacea36d982e582317f0d8bd0e23759&nc=true&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.1.1720022131923&cc=15
172.65.240.166
https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=144978769&utk=
172.65.192.122
https://forms-eu1.hsforms.com/embed/v3/form/144978769/21faa587-510f-4b17-841b-2574a1f0dbe4/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387&hutk=aaacea36d982e582317f0d8bd0e23759
172.65.232.43
https://20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev/favicon.ico
188.114.97.3
https://local.hsappstatic.net/forms-embed/static/bundles/project-v3.js
unknown
https://www.cloudflare.com/5xx-error-landing
unknown
https://js-eu1.hs-scripts.com/144978769.js
172.65.208.22
https://js-eu1.hsforms.net/forms/embed/v3.js
172.65.255.172
http://hubs.ly/H0702_H0
unknown
https://20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev/?__hstc=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&__hssc=251652889.3.1720022131923&__hsfp=471034161&submissionGuid=a93e3b54-ade7-47aa-b44a-301aca36fbe6
https://20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637
188.114.97.3
https://track-eu1.hubspot.com/__ptq.gif?k=18&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=9ab50da6-ebc2-4400-bfc0-a5c353a8d768&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022280614&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.3.1720022131923&cc=15
172.65.240.166
https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=f63a60f1-bcc4-4521-b9c8-93ab76e2ac6d&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022143559&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.2.1720022131923&cc=15
172.65.240.166
https://js.hsformsqa.net/success-green.svg);width:130px;height:201px;padding-top:28px;margin:0
unknown
https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=9ab50da6-ebc2-4400-bfc0-a5c353a8d768&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022206734&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.3.1720022131923&cc=15
172.65.240.166
https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022142436&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.2.1720022131923&cc=15
172.65.240.166
https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1
172.65.232.43
https://20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev/cdn-cgi/styles/cf.errors.css
188.114.97.3
https://docs.doc2rprevn.buzz?username=
unknown
https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=cde0f426-55b7-481b-b7ea-ddaa418f0dec&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&t=Form&cts=1720022132348&vi=aaacea36d982e582317f0d8bd0e23759&nc=true&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.1.1720022131923&cc=15
172.65.240.166
https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=f63a60f1-bcc4-4521-b9c8-93ab76e2ac6d&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022143541&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.2.1720022131923&cc=15
172.65.240.166
There are 31 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
share-eu1.hsforms.com
unknown
 malicious
3eeb7d48131e40729c87ea3a6955657f.pacloudflare.com
172.65.198.19
4b32bb64ce554875ae3f8836479c89d4.pacloudflare.com
172.65.232.43
15e49451d4884c2582b2c780d1077dd0.pacloudflare.com
172.65.192.122
static.hsappstatic.net
104.17.176.91
20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev
188.114.97.3
7c7b02d4bc3d48dd81a7c7738d4de1ab.pacloudflare.com
172.65.202.201
e5de3d23065c4748b155c28e6fa36f3e.pacloudflare.com
172.65.240.166
www.google.com
142.250.185.164
44e2b8ccc74e48939e2e27783a94a157.pacloudflare.com
172.65.255.172
18ea70d2d9a945cfb97d818ba71817dc.pacloudflare.com
172.65.238.60
2acdb9b66bb242618283aadb21ede6c1.pacloudflare.com
172.65.208.22
track-eu1.hubspot.com
unknown
forms-eu1.hscollectedforms.net
unknown
js-eu1.hsforms.net
unknown
js-eu1.hs-banner.com
unknown
js-eu1.hs-analytics.net
unknown
forms-eu1.hsforms.com
unknown
js-eu1.hs-scripts.com
unknown
js-eu1.hscollectedforms.net
unknown
There are 10 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.7
unknown
unknown
192.168.2.4
unknown
unknown
172.65.255.172
44e2b8ccc74e48939e2e27783a94a157.pacloudflare.com
United States
172.65.198.19
3eeb7d48131e40729c87ea3a6955657f.pacloudflare.com
United States
172.65.240.166
e5de3d23065c4748b155c28e6fa36f3e.pacloudflare.com
United States
172.65.202.201
7c7b02d4bc3d48dd81a7c7738d4de1ab.pacloudflare.com
United States
142.250.185.164
www.google.com
United States
172.65.238.60
18ea70d2d9a945cfb97d818ba71817dc.pacloudflare.com
United States
104.17.176.91
static.hsappstatic.net
United States
172.65.232.43
4b32bb64ce554875ae3f8836479c89d4.pacloudflare.com
United States
172.65.192.122
15e49451d4884c2582b2c780d1077dd0.pacloudflare.com
United States
239.255.255.250
unknown
Reserved
188.114.97.3
20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev
European Union
172.65.208.22
2acdb9b66bb242618283aadb21ede6c1.pacloudflare.com
United States
There are 4 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
aFS
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tDIText
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileName
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileSource
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sFileAncestors
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDI
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDate
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uFileSize
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uPageCount
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sAssetId
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
bisSharedFile
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
aFS
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tDIText
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tFileName
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDI
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDate
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uFileSize
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uPageCount
There are 8 hidden registries, click here to show them.

DOM / HTML

URL
Malicious
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1
 malicious
https://20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev/?__hstc=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&__hssc=251652889.3.1720022131923&__hsfp=471034161&submissionGuid=a93e3b54-ade7-47aa-b44a-301aca36fbe6
 malicious
about:blank
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1#main
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1#main
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1#main
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1#main