Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DOC-20241129-WA0000.pdf
|
PDF document, version 1.7, 1 pages
|
initial sample
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4430f8.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c1f875c7-25f5-4b09-8311-e262e171de1b.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f008b8b2-2887-4a76-95e7-eefea445f4f7.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241203073929Z-154.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 15
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7428
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7428
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI3f1eb.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-03 02-39-27-860.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\2ef21209-3e71-4459-80d8-7533b811531e.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\4d889dd2-1140-4d6b-b57a-be751537aaf2.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\ce9a3e46-5850-40b3-a046-b9ad71e66afd.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\d16c9440-1985-43f4-9213-94e7eebfb02b.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
Chrome Cache Entry: 207
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
|
Chrome Cache Entry: 208
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 209
|
ASCII text, with very long lines (2310)
|
dropped
|
||
|
Chrome Cache Entry: 210
|
PNG image data, 64 x 2594, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 211
|
ASCII text, with very long lines (3835)
|
downloaded
|
||
|
Chrome Cache Entry: 212
|
ASCII text, with very long lines (658)
|
downloaded
|
||
|
Chrome Cache Entry: 213
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
|
Chrome Cache Entry: 214
|
PNG image data, 120 x 40, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 215
|
PNG image data, 14 x 14, 4-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 216
|
ASCII text, with very long lines (658)
|
dropped
|
||
|
Chrome Cache Entry: 217
|
PNG image data, 279 x 198, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 218
|
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 219
|
assembler source, Unicode text, UTF-8 text, with very long lines (1244)
|
downloaded
|
||
|
Chrome Cache Entry: 220
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
|
Chrome Cache Entry: 221
|
ASCII text, with very long lines (40701)
|
downloaded
|
||
|
Chrome Cache Entry: 222
|
PNG image data, 279 x 198, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 223
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
|
Chrome Cache Entry: 224
|
PNG image data, 120 x 40, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 225
|
HTML document, ASCII text, with very long lines (1238)
|
dropped
|
||
|
Chrome Cache Entry: 226
|
PNG image data, 279 x 198, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 227
|
ASCII text, with very long lines (1112)
|
downloaded
|
||
|
Chrome Cache Entry: 228
|
ASCII text, with very long lines (566)
|
dropped
|
||
|
Chrome Cache Entry: 229
|
PNG image data, 25 x 425, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 230
|
PNG image data, 25 x 425, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 231
|
PNG image data, 627 x 838, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 232
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 233
|
ASCII text, with very long lines (2343)
|
dropped
|
||
|
Chrome Cache Entry: 234
|
HTML document, ASCII text, with very long lines (1238)
|
downloaded
|
||
|
Chrome Cache Entry: 235
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 236
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 237
|
PNG image data, 26 x 22, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 238
|
ASCII text
|
dropped
|
||
|
Chrome Cache Entry: 239
|
PNG image data, 280 x 198, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 240
|
ASCII text, with very long lines (914)
|
downloaded
|
||
|
Chrome Cache Entry: 241
|
PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 242
|
PNG image data, 64 x 2594, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 243
|
ASCII text, with very long lines (3835)
|
dropped
|
||
|
Chrome Cache Entry: 244
|
PNG image data, 280 x 198, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 245
|
PNG image data, 26 x 22, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 246
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
|
Chrome Cache Entry: 247
|
ASCII text, with very long lines (2557)
|
downloaded
|
||
|
Chrome Cache Entry: 248
|
PNG image data, 14 x 14, 8-bit colormap, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 249
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
|
Chrome Cache Entry: 250
|
PNG image data, 279 x 198, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 251
|
ASCII text, with very long lines (2310)
|
downloaded
|
||
|
Chrome Cache Entry: 252
|
PNG image data, 627 x 838, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 253
|
ASCII text, with very long lines (566)
|
downloaded
|
||
|
Chrome Cache Entry: 254
|
ASCII text, with very long lines (525)
|
downloaded
|
||
|
Chrome Cache Entry: 255
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 256
|
ASCII text, with very long lines (2343)
|
downloaded
|
||
|
Chrome Cache Entry: 257
|
ASCII text, with very long lines (2557)
|
dropped
|
||
|
Chrome Cache Entry: 258
|
PNG image data, 14 x 14, 4-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 259
|
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 260
|
PNG image data, 14 x 14, 8-bit colormap, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 261
|
ASCII text, with very long lines (525)
|
dropped
|
||
|
Chrome Cache Entry: 262
|
PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 84 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\DOC-20241129-WA0000.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2100 --field-trial-handle=1628,i,11023821597432620103,477905439045643704,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://v3.camscanner.com/user/download"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2612 --field-trial-handle=1988,i,1455008652623116648,7632047898953434036,262144
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://logio.intsig.net/logapi/cc.gif?appid=cfa18362e0db6752228ff7dbd870f220&ui=&pn=camscanner&pv=5.19.0&ci=674eb5c9dbb07&rf=&lc=en-us&ul=https%3A%2F%2Fv3.camscanner.com%2Fuser%2Flogin&sr=1280*984&vp=1280*907&t=1733211736693&d=&pi=user_login
|
106.75.241.211
|
||
|
https://stats.g.doubleclick.net/g/collect
|
unknown
|
||
|
https://static.intsig.net/camscanner/js/compressed/user_download_4f3289e472d1c66c997419cce6f32c13.js
|
163.171.138.116
|
||
|
https://static.intsig.net/camscanner/images/player_point.png
|
163.171.138.116
|
||
|
https://logio-sandbox.intsig.net/logapi/cc.gif
|
unknown
|
||
|
https://api.geetest.com/gettype.php?gt=cf5e989ebb1a64b6527afa24edb471f0&callback=geetest_1733211742639
|
43.175.162.41
|
||
|
https://fclog.baidu.com/log/ocpcagl?type=behavior&emd=euc
|
unknown
|
||
|
https://logio.intsig.net/logapi/cc.gif
|
unknown
|
||
|
https://static.intsig.net/camscanner/images/logo.png
|
163.171.138.116
|
||
|
https://ampcid.google.com/v1/publisher:getClientId
|
unknown
|
||
|
https://hm.baidu.com/hm.gif?hca=D42C9DA12B223BE6&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&ep=129513%2C129512&et=3&ja=0&ln=en-us&lo=0&rnd=1022544231&si=241fc2b57dcd68cae10387c6dc48c2eb&v=1.3.2&lv=1&sn=7459&r=0&ww=1280&u=https%3A%2F%2Fv3.camscanner.com%2Fuser%2Fdownload
|
14.215.182.140
|
||
|
https://static.intsig.net/camscanner/css/compressed/user_download_3016ff84e24d2b99c197b90e45facf73.css
|
163.171.138.116
|
||
|
https://hmcdn.baidu.com/static
|
unknown
|
||
|
https://static.intsig.net/camscanner/images/user/download_intro3.png
|
163.171.138.116
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.youtube.com/iframe_api
|
unknown
|
||
|
https://static.intsig.net/camscanner/images/login_sprite_n.png?123
|
163.171.138.116
|
||
|
https://static.intsig.net/camscanner/images/icon_warn.png?123
|
163.171.138.116
|
||
|
https://static.intsig.net/camscanner/js/compressed/log_fffdf077db7060299eb6de66a8a38bfc.js
|
163.171.138.116
|
||
|
http://tongji.baidu.com/hm-web/welcome/ico
|
unknown
|
||
|
https://hm.baidu.com/hm.gif?hca=D42C9DA12B223BE6&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&et=0&ja=0&ln=en-us&lo=0&rnd=1630640773&si=241fc2b57dcd68cae10387c6dc48c2eb&v=1.3.2&lv=1&sn=7459&r=0&ww=1280&u=https%3A%2F%2Fv3.camscanner.com%2Fuser%2Fdownload&tt=CamScanner%20Download%20%7C%20Android%2FiPhone%2FiPad%2FWinPhone%20-%20Turn%20your%20phone%20and%20tablet%20into%20scanner%20for%20intelligent%20document%20management.
|
14.215.182.140
|
||
|
https://static.intsig.net/camscanner/images/ic_qr_code_landing.png
|
163.171.138.116
|
||
|
https://logio.intsig.net/logapi/cc.gif?appid=cfa18362e0db6752228ff7dbd870f220&ui=&pn=camscanner&pv=5.19.0&ci=674eb5c9dbb07&rf=&lc=en-us&ul=https%3A%2F%2Fv3.camscanner.com%2Fuser%2Fdownload&sr=1280*984&vp=1280*907&t=1733211730689&d=%7B%22time%22%3A129489%7D&pi=user_download&ti=residence_time
|
106.75.241.211
|
||
|
https://logio.intsig.net/logapi/cc.gif?appid=cfa18362e0db6752228ff7dbd870f220&ui=&pn=camscanner&pv=5.19.0&ci=674eb5c9dbb07&rf=&lc=en-us&ul=https%3A%2F%2Fv3.camscanner.com%2Fuser%2Fdownload&sr=1280*984&vp=1280*907&t=1733211601201&d=&pi=user_download
|
106.75.241.211
|
||
|
https://static.intsig.net/camscanner/images/user/download_intro2.png
|
163.171.138.116
|
||
|
https://stats.g.doubleclick.net/j/collect
|
unknown
|
||
|
https://static.intsig.net/camscanner/images/player_point_select.png
|
163.171.138.116
|
||
|
https://static.intsig.net/camscanner/js/compressed/common_footer_c9a8d7fea87ae2e84221feee882709c0.js
|
163.171.138.116
|
||
|
http://appworld.blackberry.com/webstore/content/13707/?lang=
|
unknown
|
||
|
https://hm.baidu.com/hm.js?241fc2b57dcd68cae10387c6dc48c2eb
|
14.215.182.140
|
||
|
http://x1.i.lencr.org/
|
unknown
|
||
|
https://static.intsig.net/camscanner/js/compressed/user_login_fbacb354539f856fd06866a147a5dd08.js
|
163.171.138.116
|
||
|
https://v3.camscanner.com/user/download
|
|||
|
https://goutong.baidu.com/site/
|
unknown
|
||
|
https://static.intsig.net/camscanner/images/user/download_intro1.png
|
163.171.138.116
|
||
|
http://zhushou.360.cn/script/360mobilemgrdownload.js
|
unknown
|
||
|
https://static.intsig.net/camscanner/js/compressed/common_header_77d8c1fa3f5d8b55efa0985c9fd2e4f8.js
|
163.171.138.116
|
||
|
https://hmcdn.baidu.com/static/tongji/plugins/
|
unknown
|
||
|
https://tagassistant.google.com/
|
unknown
|
||
|
https://static.intsig.net/camscanner/css/compressed/common_81c74ecb46d384fa21d5b313acfd1ed8.css
|
163.171.138.116
|
||
|
https://hm.baidu.com/hm.gif?hca=D42C9DA12B223BE6&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&et=0&ja=0&ln=en-us&lo=0<=1733211604&rnd=925438725&si=241fc2b57dcd68cae10387c6dc48c2eb&su=https%3A%2F%2Fv3.camscanner.com%2Fuser%2Fdownload&v=1.3.2&lv=2&sn=7594&r=0&ww=1280&u=https%3A%2F%2Fv3.camscanner.com%2Fuser%2Flogin&tt=CamScanner%20Sign%20in%20%7C%20Access%2C%20sync%20and%20manage%20all%20your%20documents%20at%20www.camscanner.com
|
14.215.182.140
|
||
|
https://cct.google/taggy/agent.js
|
unknown
|
||
|
https://v3.camscanner.com/user/login
|
|||
|
https://www.google.com/ads/ga-audiences
|
unknown
|
||
|
https://www.google.%/ads/ga-audiences
|
unknown
|
||
|
https://td.doubleclick.net
|
unknown
|
||
|
https://www.merchant-center-analytics.goog
|
unknown
|
||
|
https://static.intsig.net/camscanner/images/user/download_sprite.png?20200120
|
163.171.138.116
|
||
|
https://static.intsig.net/camscanner/images/doc_sprite.png
|
163.171.138.116
|
||
|
https://static.intsig.net/camscanner/css/compressed/user_login_b1b6f0e00a30852b4e9c1fd99cebfdf7.css
|
163.171.138.116
|
||
|
https://adservice.google.com/pagead/regclk?
|
unknown
|
||
|
https://api.geetest.com/get.php?gt=cf5e989ebb1a64b6527afa24edb471f0&challenge=0df790d469e6990e644dd7cf72b02212&lang=en-us&pt=0&client_type=web&w=XMHsiD(os2t7ME6H))JxYgViPbYU(BF9YrsSotjQCL(98EJZ7d)Y5EL)mqN)KjrcmHjhYEwe5de)fTD9A1yGN3arO01F5ki8jzAvf)hgIw(X4BFaBE49FE3TEQODBfj100KBWd)5HFtZwGAwjOqquJz)XCwPWeYd1cufiBLbWwzqj1RxZK4079sV)uU4pPMW6Crq5iUP)AhCFuoBmclzZCmvpewpOQBl9czoY5JZd8j2ZZjISLnTKZrhmTa9dVtlEL9wTfCYazhW0aaVMSZYGTJDjksf5GUtixj3TdVpaxQ5hp25KlOhyX6gqMHigeqxUQShMLgy32OQj0Dgx9SXnvFFMICVwArBGEcQKUXtpzSVjxJAsbWMqfyd)67w2kuDQz9UIEUExQ0hJ7maOHjYur3X1gnISA6OOWVoFqW9IMwck1NS8Gi8pk3o1QMWl3Ozu5bPl7DfwVAEjooX0RcQ8NlOo4VyzdSLx4YKtq5VDcUSeRswOgI39r)JT3iWmNEO3n7PnxmhkakwXabfU7U2jANq)D)zC5WiqixicJ9hnpHPfOEn(cN5A4UHZ1mYjB33QDtuqkWbtVn0xl6sPVZOOvZowuj2uOcmYRrqMZq6)vQ7((GhaJKI0GIRSd7Hl1pNsOr9r(ubrXL)dtNsVzFcw74Quw5oKU81WpFewecMBjtjyRdMdwvn5CrSMCeD63immCC6h5sr)W82W8Ht(Q0nvGS)HdIHmy5xIM3FFdzBvNxhPZKVSQFT82dHMikjiHU0CIm52kmH5RETq0(y)SG(lm6R(YEwoBf7rFz(lUpcfQLtqv8toHoM86iGGDtRRJlyVUY9gNzqKLXrkMW2DonpKmow25pKoIwqTAj1o(msAtukJ2BPIAyTq1QI8kFGvVRCvros0oQ1H(RmRJOJPUUZHaoZh(ifGZwdXHaPRFQkZ2vL(WdV2g86ibR)zH8UA04emfNNd)IA8iEa3kDdghIuyxQ1raxrHNY680dG7ZAWTnkF42q2GxwN0SkIjgm8XimKbslQ8V3NgUgTR7wyWvGKKWE2wlTR8sLLgThI908oQQ1H5e2oElV8k8kUuENerKUz5NLiomLyAQrkFM3XewH2nlmJANy0gpDunHiT71MlkCxMEsgwhkZJ6clhvZSveb8u4gSIzrWWgHktGNGjtxom75yVb4OtPzTMVBZ56XCklmg.a4e9cf347e4a815aeb52c5bda834e23eb5e8cccfeeec62e975cd238bd0087ee1a80f97488507c5ddb2ac65678bec2e3daed0176d6ef91b9b4b593854ecc1d540296cfebeafd508d619a9470ce17ff14d69b0ba90f748fb900a47df6830bc6d0da0298bf2ba34fc246ae0bc4b01dd08350c1a020657afadc0797a9600567a8cfb&callback=geetest_1733211750831
|
43.175.162.41
|
There are 42 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sh2-logio.intsig.net
|
106.75.241.211
|
||
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
static.intsig.net.cdnga.net
|
163.171.138.116
|
||
|
www.google.com
|
142.250.181.100
|
||
|
hm.e.shifen.com
|
14.215.182.140
|
||
|
api.geetest.com.eo.dnse2.com
|
43.175.162.41
|
||
|
x1.i.lencr.org
|
unknown
|
||
|
logio.intsig.net
|
unknown
|
||
|
hm.baidu.com
|
unknown
|
||
|
static.intsig.net
|
unknown
|
||
|
api.geetest.com
|
unknown
|
||
|
static.geetest.com
|
unknown
|
||
|
v3.camscanner.com
|
unknown
|
There are 3 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
14.215.182.140
|
hm.e.shifen.com
|
China
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
52.6.155.20
|
unknown
|
United States
|
||
|
106.75.241.211
|
sh2-logio.intsig.net
|
China
|
||
|
43.175.162.41
|
api.geetest.com.eo.dnse2.com
|
Japan
|
||
|
142.250.181.100
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
163.171.138.116
|
static.intsig.net.cdnga.net
|
European Union
|
||
|
104.77.220.172
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
bisSharedFile
|
There are 10 hidden registries, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://v3.camscanner.com/user/download
|
||
|
https://v3.camscanner.com/user/download
|
||
|
https://v3.camscanner.com/user/login
|
||
|
https://v3.camscanner.com/user/login
|