Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Baylor.pdf
|
PDF document, version 1.4, 1 pages
|
initial sample
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\004d3410-3d7e-4b15-a75c-29185af2ea52.tmp
|
JSON data
|
modified
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240703155507Z-158.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 15
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7392
|
PostScript document text
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSI107a9.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91l2xtw8_1sef8d9_5pc.tmp
|
PDF document, version 1.6, 0 pages
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 11-55-05-225.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\010767be-cc54-4c20-87ff-ae41723bfd9b.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\39f6d9fa-e913-402e-9cac-f8a1df62bfc4.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\5fa979c0-d43f-48d4-a9ad-0f57f48b64d0.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\ba67f37f-a691-4407-8138-a8a8f6e85cf6.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
Chrome Cache Entry: 271
|
HTML document, ASCII text, with very long lines (1150)
|
downloaded
|
||
Chrome Cache Entry: 272
|
ASCII text, with very long lines (549)
|
downloaded
|
||
Chrome Cache Entry: 273
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 274
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 275
|
PNG image data, 54 x 54, 8-bit colormap, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 276
|
HTML document, ASCII text, with very long lines (1150)
|
dropped
|
||
Chrome Cache Entry: 277
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 278
|
PNG image data, 54 x 54, 8-bit colormap, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 279
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 280
|
ASCII text, with very long lines (24050)
|
downloaded
|
||
Chrome Cache Entry: 281
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 282
|
ASCII text, with very long lines (4747)
|
downloaded
|
||
Chrome Cache Entry: 283
|
HTML document, ASCII text, with very long lines (1150)
|
downloaded
|
||
Chrome Cache Entry: 284
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 285
|
Unicode text, UTF-8 text, with very long lines (65392), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 286
|
ASCII text, with very long lines (64983)
|
downloaded
|
||
Chrome Cache Entry: 287
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 288
|
HTML document, ASCII text, with very long lines (394)
|
downloaded
|
||
Chrome Cache Entry: 289
|
ASCII text, with very long lines (64667)
|
downloaded
|
There are 58 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Baylor.pdf"
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2076 --field-trial-handle=1556,i,3276697783917647603,3070842491392566807,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1992,i,4647754721772036237,11842864204794463739,262144
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1
|
|||
https://share-eu1.hsforms.com/favicon.ico
|
172.65.198.19
|
||
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1)
|
unknown
|
||
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1#main
|
|||
https://js-eu1.hs-banner.com/v2
|
unknown
|
||
https://www.cloudflare.com/learning/access-management/phishing-attack/
|
unknown
|
||
https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=144978769&utk=aaacea36d982e582317f0d8bd0e23759
|
172.65.192.122
|
||
http://www.hubspot.com
|
unknown
|
||
https://forms-eu1.hsforms.com/embed/v3/form/144978769/21faa587-510f-4b17-841b-2574a1f0dbe4/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
|
172.65.232.43
|
||
https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022206557&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.3.1720022131923&cc=15
|
172.65.240.166
|
||
https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=cde0f426-55b7-481b-b7ea-ddaa418f0dec&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&t=Form&cts=1720022132322&vi=aaacea36d982e582317f0d8bd0e23759&nc=true&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.1.1720022131923&cc=15
|
172.65.240.166
|
||
https://js-eu1.hs-banner.com/v2/144978769/banner.js
|
172.65.202.201
|
||
https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v3-DEFINITION_SUCCESS&count=1
|
172.65.232.43
|
||
https://js-eu1.hs-analytics.net/analytics/1720022100000/144978769.js
|
172.65.238.60
|
||
https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=9ab50da6-ebc2-4400-bfc0-a5c353a8d768&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022206756&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.3.1720022131923&cc=15
|
172.65.240.166
|
||
https://static.hsappstatic.net/forms-submission-pages/static-1.4545/bundles/share-legacy.js
|
104.17.176.91
|
||
https://forms-eu1.hsforms.com/submissions/v3/public/submit/formsnext/multipart/144978769/21faa587-510f-4b17-841b-2574a1f0dbe4/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
|
172.65.232.43
|
||
https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v3-RENDER_SUCCESS&count=1
|
172.65.232.43
|
||
https://js-eu1.hscollectedforms.net/collectedforms.js
|
172.65.192.122
|
||
about:blank
|
|||
https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&t=Form&cts=1720022131934&vi=aaacea36d982e582317f0d8bd0e23759&nc=true&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.1.1720022131923&cc=15
|
172.65.240.166
|
||
https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=144978769&utk=
|
172.65.192.122
|
||
https://forms-eu1.hsforms.com/embed/v3/form/144978769/21faa587-510f-4b17-841b-2574a1f0dbe4/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387&hutk=aaacea36d982e582317f0d8bd0e23759
|
172.65.232.43
|
||
https://20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev/favicon.ico
|
188.114.97.3
|
||
https://local.hsappstatic.net/forms-embed/static/bundles/project-v3.js
|
unknown
|
||
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
https://js-eu1.hs-scripts.com/144978769.js
|
172.65.208.22
|
||
https://js-eu1.hsforms.net/forms/embed/v3.js
|
172.65.255.172
|
||
http://hubs.ly/H0702_H0
|
unknown
|
||
https://20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev/?__hstc=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&__hssc=251652889.3.1720022131923&__hsfp=471034161&submissionGuid=a93e3b54-ade7-47aa-b44a-301aca36fbe6
|
|||
https://20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637
|
188.114.97.3
|
||
https://track-eu1.hubspot.com/__ptq.gif?k=18&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=9ab50da6-ebc2-4400-bfc0-a5c353a8d768&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022280614&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.3.1720022131923&cc=15
|
172.65.240.166
|
||
https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=f63a60f1-bcc4-4521-b9c8-93ab76e2ac6d&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022143559&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.2.1720022131923&cc=15
|
172.65.240.166
|
||
https://js.hsformsqa.net/success-green.svg);width:130px;height:201px;padding-top:28px;margin:0
|
unknown
|
||
https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=9ab50da6-ebc2-4400-bfc0-a5c353a8d768&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022206734&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.3.1720022131923&cc=15
|
172.65.240.166
|
||
https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022142436&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.2.1720022131923&cc=15
|
172.65.240.166
|
||
https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1
|
172.65.232.43
|
||
https://20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev/cdn-cgi/styles/cf.errors.css
|
188.114.97.3
|
||
https://docs.doc2rprevn.buzz?username=
|
unknown
|
||
https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=cde0f426-55b7-481b-b7ea-ddaa418f0dec&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&t=Form&cts=1720022132348&vi=aaacea36d982e582317f0d8bd0e23759&nc=true&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.1.1720022131923&cc=15
|
172.65.240.166
|
||
https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=21faa587-510f-4b17-841b-2574a1f0dbe4&fci=f63a60f1-bcc4-4521-b9c8-93ab76e2ac6d&ft=0&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=471034161&v=1.1&a=144978769&ccu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1&pu=https%3A%2F%2Fshare-eu1.hsforms.com%2F1Ifqlh1EPSxeEGyV0ofDb5A2ebec1%23main&t=Form&cts=1720022143541&vi=aaacea36d982e582317f0d8bd0e23759&nc=false&u=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&b=251652889.2.1720022131923&cc=15
|
172.65.240.166
|
There are 31 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
share-eu1.hsforms.com
|
unknown
|
||
3eeb7d48131e40729c87ea3a6955657f.pacloudflare.com
|
172.65.198.19
|
||
4b32bb64ce554875ae3f8836479c89d4.pacloudflare.com
|
172.65.232.43
|
||
15e49451d4884c2582b2c780d1077dd0.pacloudflare.com
|
172.65.192.122
|
||
static.hsappstatic.net
|
104.17.176.91
|
||
20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev
|
188.114.97.3
|
||
7c7b02d4bc3d48dd81a7c7738d4de1ab.pacloudflare.com
|
172.65.202.201
|
||
e5de3d23065c4748b155c28e6fa36f3e.pacloudflare.com
|
172.65.240.166
|
||
www.google.com
|
142.250.185.164
|
||
44e2b8ccc74e48939e2e27783a94a157.pacloudflare.com
|
172.65.255.172
|
||
18ea70d2d9a945cfb97d818ba71817dc.pacloudflare.com
|
172.65.238.60
|
||
2acdb9b66bb242618283aadb21ede6c1.pacloudflare.com
|
172.65.208.22
|
||
track-eu1.hubspot.com
|
unknown
|
||
forms-eu1.hscollectedforms.net
|
unknown
|
||
js-eu1.hsforms.net
|
unknown
|
||
js-eu1.hs-banner.com
|
unknown
|
||
js-eu1.hs-analytics.net
|
unknown
|
||
forms-eu1.hsforms.com
|
unknown
|
||
js-eu1.hs-scripts.com
|
unknown
|
||
js-eu1.hscollectedforms.net
|
unknown
|
There are 10 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.168.2.7
|
unknown
|
unknown
|
||
192.168.2.4
|
unknown
|
unknown
|
||
172.65.255.172
|
44e2b8ccc74e48939e2e27783a94a157.pacloudflare.com
|
United States
|
||
172.65.198.19
|
3eeb7d48131e40729c87ea3a6955657f.pacloudflare.com
|
United States
|
||
172.65.240.166
|
e5de3d23065c4748b155c28e6fa36f3e.pacloudflare.com
|
United States
|
||
172.65.202.201
|
7c7b02d4bc3d48dd81a7c7738d4de1ab.pacloudflare.com
|
United States
|
||
142.250.185.164
|
www.google.com
|
United States
|
||
172.65.238.60
|
18ea70d2d9a945cfb97d818ba71817dc.pacloudflare.com
|
United States
|
||
104.17.176.91
|
static.hsappstatic.net
|
United States
|
||
172.65.232.43
|
4b32bb64ce554875ae3f8836479c89d4.pacloudflare.com
|
United States
|
||
172.65.192.122
|
15e49451d4884c2582b2c780d1077dd0.pacloudflare.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
188.114.97.3
|
20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev
|
European Union
|
||
172.65.208.22
|
2acdb9b66bb242618283aadb21ede6c1.pacloudflare.com
|
United States
|
There are 4 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
There are 8 hidden registries, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1
|
||
https://20240207fil787858989597857823784289239doc47837878233893pdf.pages.dev/?__hstc=251652889.aaacea36d982e582317f0d8bd0e23759.1720022131923.1720022131923.1720022131923.1&__hssc=251652889.3.1720022131923&__hsfp=471034161&submissionGuid=a93e3b54-ade7-47aa-b44a-301aca36fbe6
|
||
about:blank
|
||
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1
|
||
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1#main
|
||
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1#main
|
||
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1#main
|
||
https://share-eu1.hsforms.com/1Ifqlh1EPSxeEGyV0ofDb5A2ebec1#main
|