IOC Report
Resume_PaulBrew.pdf

loading gifFilesProcessesURLsDomainsIPsRegistryMemdumpsDOM1010010Label

Files

File Path
Type
Category
Malicious
Download
Resume_PaulBrew.pdf
PDF document, version 1.6, 0 pages
initial sample
 malicious
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6e360bc5-c709-43b0-829f-8f9741fc4c4a.tmp
JSON data
modified
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2025-03-26.log
ASCII text, with very long lines (336), with CRLF line terminators
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250326210442Z-224.bmp
PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Acrobat_Notification_Surface
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 11
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin
data
dropped
C:\Users\user\AppData\Local\Temp\MSI87c19.LOG
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader124.4.20272.6 2025-03-26 17-04-40-305.log
ASCII text, with very long lines (393)
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader124.4.20272.6.log
ASCII text, with very long lines (393), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\0b38775e-a653-446a-82b9-ea9a8ba59b67.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 130556
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\36c55ea4-47d0-497d-9b37-b0d39993b3f6.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\ae0d5c9e-4e87-4f0b-a54d-60a10c914ff5.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41808
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\b020b037-01bc-4d0b-b960-6758519a8884.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15506
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\ee6b6128-d43d-4c0e-9a5b-4c043ee59c13.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
dropped
Chrome Cache Entry: 167
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 168
Web Open Font Format (Version 2), TrueType, length 9344, version 1.0
downloaded
Chrome Cache Entry: 169
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 170
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 171
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 172
ASCII text, with very long lines (1572)
downloaded
Chrome Cache Entry: 173
HTML document, Unicode text, UTF-8 text, with very long lines (2164)
downloaded
Chrome Cache Entry: 174
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 175
Web Open Font Format (Version 2), TrueType, length 17576, version 1.0
downloaded
Chrome Cache Entry: 176
Web Open Font Format (Version 2), TrueType, length 7728, version 1.0
downloaded
Chrome Cache Entry: 177
ASCII text, with very long lines (65371)
downloaded
Chrome Cache Entry: 178
Web Open Font Format (Version 2), TrueType, length 8572, version 1.0
downloaded
Chrome Cache Entry: 179
PNG image data, 520 x 676, 4-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 180
PNG image data, 210 x 239, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 181
PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 182
Web Open Font Format (Version 2), TrueType, length 15368, version 1.0
downloaded
Chrome Cache Entry: 183
HTML document, ASCII text, with very long lines (399)
downloaded
Chrome Cache Entry: 184
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 185
PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 186
ASCII text
downloaded
Chrome Cache Entry: 187
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 188
Web Open Font Format (Version 2), TrueType, length 18668, version 1.0
downloaded
Chrome Cache Entry: 189
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 190
Web Open Font Format (Version 2), TrueType, length 11116, version 1.0
downloaded
Chrome Cache Entry: 191
ASCII text
downloaded
Chrome Cache Entry: 192
PNG image data, 520 x 676, 4-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 193
PNG image data, 200 x 38, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 194
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 195
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
downloaded
There are 65 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Resume_PaulBrew.pdf"
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1712 --field-trial-handle=1592,i,15319257295920843828,6072331317832979418,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8000
C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7632
C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,3087048889737537394,3794083359230199116,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2096 /prefetch:11
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kn0wbe4.compromisedblog.com/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09?cid=2454325818"
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://secured-login.net/assets/application-3ab7c63a41a8761925d45817a71fb79e0ef7208b59de505ac640c8a2a183ec19.js
44.198.42.239
https://chrome.cloudflare-dns.com
unknown
https://comments.adobe.
unknown
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css
104.17.25.14
https://kn0wbe4.compromisedblog.com/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09?cid=2454325818
44.196.92.142
https://secured-login.net/packs/js/vendor-69f70dd3792dc7287ac8.js
44.198.42.239
https://upload.wikimedia.org/wikipedia/commons/thumb/3/38/Icon_pdf_file.svg/210px-Icon_pdf_file.svg.
unknown
https://secured-login.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
44.198.42.239
https://secured-login.net/assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png
44.198.42.239
https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1743023067049&w=0&anoncknm=al_app_anon&NoResponseBody=true
20.189.173.28
https://static.jobscan.co/blog/uploads/Rectangle@2x-1-1-1.png
108.139.29.30
https://upload.wikimedia.org/wikipedia/commons/thumb/3/38/Icon_pdf_file.svg/210px-Icon_pdf_file.svg.png
208.80.154.240
https://secured-login.net/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css
44.198.42.239
http://c.pki.goog/r/r4.crl
142.251.32.99
https://secured-login.net/favicon.ico
44.198.42.239
http://c.pki.goog/r/r1.crl
142.251.32.99
https://kn0wbe4.compromisedblog.com/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEt
unknown
https://secured-login.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js
44.198.42.239
https://s3.amazonaws.com/helpimg/landing_pages/css/dd.css
52.217.193.32
https://cdn2.hubspot.net/hubfs/241394/html_file/files/img/KB4-logo.png
104.18.88.62
https://i.imgur.com/QRF01zv.png
151.101.44.193
https://comments.4xI
unknown
https://kn0wbe4.compromisedblog.com/XL2Rkd2RsdmIxWTNLTEh1NnVwWkc3a3VtcHpaRXM1b09pMDIzbTNZMk5CeEphZVV
unknown
https://secured-login.net/assets/landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f.css
44.198.42.239
http://getbootstrap.com)
unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://static.jobscan.co/blog/uploads/Rectangle
unknown
https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcH
unknown
http://c.pki.goog/r/gsr1.crl
142.251.32.99
https://secured-login.net/assets/modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js
44.198.42.239
https://kn0wbe4.compromisedblog.com/XMHZUY0NyOVZWWXFKZCtIK3NmZzBUSmJCaCtQOVJ6Tm11UzU3TFFLeEhkdzg0QlB
unknown
https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09
http://preview.training.knowbe4.com/XZ3FlZlZNOVhDMEN3Q2ZsUXJtQkI2Y2JURTg3NTdleWU3cEN2NUtvWFlQV1FiTjR
unknown
There are 23 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cdn2.hubspot.net
104.18.88.62
dttjrzjva8zho.cloudfront.net
108.139.29.30
s3.amazonaws.com
52.217.193.32
cdnjs.cloudflare.com
104.17.25.14
www.google.com
142.250.81.228
upload.wikimedia.org
208.80.154.240
secured-login.net
44.198.42.239
landing.training.knowbe4.com
44.196.92.142
ipv4.imgur.map.fastly.net
151.101.44.193
static.jobscan.co
unknown
i.imgur.com
unknown
kn0wbe4.compromisedblog.com
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.18.88.62
cdn2.hubspot.net
United States
108.139.29.114
unknown
United States
44.214.113.176
unknown
United States
192.168.2.24
unknown
unknown
52.217.193.32
s3.amazonaws.com
United States
44.196.92.142
landing.training.knowbe4.com
United States
208.80.154.240
upload.wikimedia.org
United States
151.101.44.193
ipv4.imgur.map.fastly.net
United States
104.18.91.62
unknown
United States
142.250.81.228
www.google.com
United States
108.139.29.30
dttjrzjva8zho.cloudfront.net
United States
44.198.42.239
secured-login.net
United States
104.17.25.14
cdnjs.cloudflare.com
United States
There are 3 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
aFS
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tDIText
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileName
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileSource
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sFileAncestors
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDI
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDate
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uFileSize
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uPageCount
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sAssetId
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
bisSharedFile
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
bFileHasGTHistory
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
aFS
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tDIText
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tFileName
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sFileAncestors
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDI
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDate
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uFileSize
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uPageCount
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
bisSharedFile
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
bFileHasGTHistory
HKEY_CURRENT_USER\Software\Adobe\Adobe Synchronizer\DC\Acrobat.com
tUniqueIdForEureka
There are 13 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
2DC77808000
heap
page read and write
2DC77808000
heap
page read and write
2DC777EA000
heap
page read and write
2DC759D0000
heap
page read and write
2A904FD000
stack
page read and write
2DC776C7000
heap
page read and write
2DC75853000
heap
page read and write
1DE3EBC9000
heap
page read and write
1DE3EBD4000
heap
page read and write
2DC7761E000
heap
page read and write
24E44230000
heap
page read and write
1C742F69000
heap
page read and write
2DC7763D000
heap
page read and write
2DC776C7000
heap
page read and write
1DE3EBB9000
heap
page read and write
1DE3EC0A000
heap
page read and write
2DC757C7000
heap
page read and write
2DC77808000
heap
page read and write
2DC777EA000
heap
page read and write
FA632FF000
stack
page read and write
2DC7763D000
heap
page read and write
1DE3EBAF000
heap
page read and write
2DC775FE000
heap
page read and write
1C742F1E000
heap
page read and write
2DC776E0000
unkown
page read and write
2DC777C2000
heap
page read and write
FA629FE000
stack
page read and write
2DC777C2000
heap
page read and write
2DC77638000
heap
page read and write
1DE3EC06000
heap
page read and write
2DC777DF000
heap
page read and write
2DC777EA000
heap
page read and write
1C742F84000
heap
page read and write
2DC775FE000
heap
page read and write
2DC777EA000
heap
page read and write
2DC777BF000
heap
page read and write
FA622FF000
stack
page read and write
2DC776C7000
heap
page read and write
2DC77629000
heap
page read and write
2DC777BE000
heap
page read and write
2DC775E4000
heap
page read and write
1C742F39000
heap
page read and write
2DC777F8000
heap
page read and write
2720000
heap
page read and write
1DE3EBB3000
heap
page read and write
2DC777C2000
heap
page read and write
2DC7763D000
heap
page read and write
1DE3EBCF000
heap
page read and write
2DC77623000
heap
page read and write
63001FE000
stack
page read and write
2DC777D2000
heap
page read and write
2DC775FE000
heap
page read and write
2DC77629000
heap
page read and write
FA631FE000
stack
page read and write
2DC759C0000
heap
page read and write
24E44170000
heap
page read and write
2DC75690000
heap
page read and write
2B8C000
stack
page read and write
2DC777D2000
heap
page read and write
264C000
stack
page read and write
1DE3EBDA000
heap
page read and write
1C742EA4000
heap
page read and write
2DC7763D000
heap
page read and write
FA62BFE000
stack
page read and write
2DC77629000
heap
page read and write
2DC776CC000
heap
page read and write
1DE3EBC2000
heap
page read and write
2DC757C7000
heap
page read and write
2DC77618000
heap
page read and write
1DE3EB30000
heap
page read and write
FA62FFD000
stack
page read and write
2DC77814000
heap
page read and write
2DC775EC000
heap
page read and write
1DE3EC0A000
heap
page read and write
2DC77808000
heap
page read and write
1C742F10000
heap
page read and write
1C742CD0000
heap
page read and write
1C742F7D000
heap
page read and write
FA62FED000
stack
page read and write
2DC775F1000
heap
page read and write
2A8FFFF000
stack
page read and write
2DC775F1000
heap
page read and write
2DCE000
stack
page read and write
2A8FBF9000
stack
page read and write
6106FFE000
stack
page read and write
2DC777EA000
heap
page read and write
2DC77808000
heap
page read and write
2DC7763D000
heap
page read and write
2DC776C7000
heap
page read and write
24E444A0000
heap
page read and write
1DE3EBA1000
heap
page read and write
1DE3EC06000
heap
page read and write
1C742F69000
heap
page read and write
2DC77808000
heap
page read and write
2DC77808000
heap
page read and write
2DC775D0000
heap
page read and write
2DC7765D000
heap
page read and write
2DC7765B000
heap
page read and write
1C742F69000
heap
page read and write
1C742F80000
heap
page read and write
1DE3EBE3000
heap
page read and write
2DC777EA000
heap
page read and write
1DE3EE60000
heap
page read and write
2DC7761F000
heap
page read and write
2DC77635000
heap
page read and write
2DC7763C000
heap
page read and write
2DC777EA000
heap
page read and write
2DC777EA000
heap
page read and write
1C742F2A000
heap
page read and write
2DC777EA000
heap
page read and write
1C742F28000
heap
page read and write
2DC77697000
heap
page read and write
2DC7763D000
heap
page read and write
1C742F16000
heap
page read and write
2DC777EA000
heap
page read and write
1DE3EC06000
heap
page read and write
1DE3EE64000
heap
page read and write
2DC777EA000
heap
page read and write
2DC77808000
heap
page read and write
2DC776C8000
heap
page read and write
2DC7765D000
heap
page read and write
2DC7765B000
heap
page read and write
2DC777F0000
heap
page read and write
2DC77618000
heap
page read and write
2DC7765D000
heap
page read and write
2DC777EA000
heap
page read and write
2DC777D2000
heap
page read and write
1C742F16000
heap
page read and write
2DC7761E000
heap
page read and write
1DE3EBC8000
heap
page read and write
2DC777EA000
heap
page read and write
2DC7761F000
heap
page read and write
2DC777D2000
heap
page read and write
2DC777B1000
heap
page read and write
282C000
stack
page read and write
2DC777D2000
heap
page read and write
6106EFE000
stack
page read and write
2DC77808000
heap
page read and write
1C742F94000
heap
page read and write
2DC776C7000
heap
page read and write
2DC7761E000
heap
page read and write
2DC777EA000
heap
page read and write
6106DFE000
stack
page read and write
1C742F2D000
heap
page read and write
1DE3EC0A000
heap
page read and write
1DE3EBBA000
heap
page read and write
2DC777D2000
heap
page read and write
2DC777EA000
heap
page read and write
1C742F21000
heap
page read and write
24E4430D000
heap
page read and write
26CE000
stack
page read and write
2DC7763D000
heap
page read and write
2DC777CF000
heap
page read and write
2DC75788000
heap
page read and write
1DE3EB97000
heap
page read and write
2DC77691000
heap
page read and write
2DC777C2000
heap
page read and write
2DC77635000
heap
page read and write
1C742F1E000
heap
page read and write
2DC777EA000
heap
page read and write
2DC75860000
heap
page read and write
2DC7581C000
heap
page read and write
2DC776CE000
heap
page read and write
2DC775ED000
heap
page read and write
2DC775EA000
heap
page read and write
FA61CFB000
stack
page read and write
2DC7767B000
heap
page read and write
1DE3EBAC000
heap
page read and write
FA625FE000
stack
page read and write
2DC77808000
heap
page read and write
1C742F94000
heap
page read and write
1DE3EB9F000
heap
page read and write
2DC777C2000
heap
page read and write
2DC777BF000
heap
page read and write
2DC7761E000
heap
page read and write
2DC7761E000
heap
page read and write
2DC77790000
heap
page read and write
2DC777F5000
heap
page read and write
2DC777C2000
heap
page read and write
2DC77618000
heap
page read and write
1C742F09000
heap
page read and write
1C742D90000
heap
page read and write
2DC77629000
heap
page read and write
2DC7763D000
heap
page read and write
1DE3EBF0000
heap
page read and write
2DC777EA000
heap
page read and write
1C742F0D000
heap
page read and write
2DC757AA000
heap
page read and write
2DC776C7000
heap
page read and write
6106AFE000
stack
page read and write
2A903FE000
stack
page read and write
2DC775FE000
heap
page read and write
2DC77695000
heap
page read and write
2A905FE000
stack
page read and write
63002FD000
stack
page read and write
2DC777EA000
heap
page read and write
1C742F1E000
heap
page read and write
2DC777D2000
heap
page read and write
FA628FF000
stack
page read and write
1C742F1D000
heap
page read and write
2A901FD000
stack
page read and write
1C742F53000
heap
page read and write
24E44258000
heap
page read and write
2DC77629000
heap
page read and write
2DC75760000
heap
page read and write
FA62DFE000
stack
page read and write
6106CFD000
stack
page read and write
1DE3EBE6000
heap
page read and write
2DC77808000
heap
page read and write
2B2E000
stack
page read and write
810000
heap
page read and write
FA61DFE000
stack
page read and write
1DE3EBD5000
heap
page read and write
2DC777C2000
heap
page read and write
2DC7765D000
heap
page read and write
2DC777DA000
heap
page read and write
24E44234000
heap
page read and write
6106BFE000
stack
page read and write
2DC77808000
heap
page read and write
2DC77808000
heap
page read and write
2DC7763D000
heap
page read and write
2DC77637000
heap
page read and write
2DC77808000
heap
page read and write
1DE3ED30000
heap
page read and write
2DC776C7000
heap
page read and write
1C743000000
heap
page read and write
C2E000
stack
page read and write
1C742F30000
heap
page read and write
2DC777EA000
heap
page read and write
2DC776C7000
heap
page read and write
2DC777EA000
heap
page read and write
61068F9000
stack
page read and write
2DC77808000
heap
page read and write
2DC777EA000
heap
page read and write
1DE3EC06000
heap
page read and write
2DC777C2000
heap
page read and write
2DC776C7000
heap
page read and write
2DC77808000
heap
page read and write
2DC775E7000
heap
page read and write
2DC77635000
heap
page read and write
2DC7761B000
heap
page read and write
2DC77808000
heap
page read and write
FA61CEC000
stack
page read and write
2DC77808000
heap
page read and write
1C742F94000
heap
page read and write
1C743034000
heap
page read and write
1DE3EC0A000
heap
page read and write
1DE3EBEE000
heap
page read and write
2DC77629000
heap
page read and write
292F000
stack
page read and write
2DC77618000
heap
page read and write
2DC7763D000
heap
page read and write
2DC77808000
heap
page read and write
E6F000
stack
page read and write
2DC7761D000
heap
page read and write
2DC77679000
heap
page read and write
24E44297000
heap
page read and write
2DC777EA000
heap
page read and write
1C742F52000
heap
page read and write
1C742F3B000
heap
page read and write
2DC75764000
heap
page read and write
2DC77808000
heap
page read and write
61071FE000
stack
page read and write
2DC77808000
heap
page read and write
3FC000
stack
page read and write
1DE3EBB5000
heap
page read and write
2DC75853000
heap
page read and write
2DC77635000
heap
page read and write
1DE3EC06000
heap
page read and write
24E444D4000
heap
page read and write
2DC77808000
heap
page read and write
2DC775FE000
heap
page read and write
2DC7765D000
heap
page read and write
FA626FE000
stack
page read and write
5C0000
heap
page read and write
2DC77808000
heap
page read and write
2DC77618000
heap
page read and write
2DC77808000
heap
page read and write
2DC77808000
heap
page read and write
2DC775FE000
heap
page read and write
2DC777EA000
heap
page read and write
1C742F85000
heap
page read and write
390000
heap
page read and write
2DC77808000
heap
page read and write
2DC77808000
heap
page read and write
1DE3EBA3000
heap
page read and write
1DE3EB58000
heap
page read and write
2DC77808000
heap
page read and write
1C742F94000
heap
page read and write
1C743030000
heap
page read and write
2A900FE000
stack
page read and write
FA630FE000
stack
page read and write
2DC7765D000
heap
page read and write
1DE3EB34000
heap
page read and write
24E44330000
heap
page read and write
2DC759C4000
heap
page read and write
2DC777D2000
heap
page read and write
2DC77808000
heap
page read and write
24E46130000
heap
page read and write
2C8D000
stack
page read and write
2DC7765D000
heap
page read and write
2DC7763D000
heap
page read and write
2DC776C7000
heap
page read and write
2DC7761E000
heap
page read and write
637FDFE000
stack
page read and write
2DC777EA000
heap
page read and write
1DE3EA00000
heap
page read and write
FA62EFC000
stack
page read and write
2DC7763D000
heap
page read and write
2DC777EA000
heap
page read and write
1C742F84000
heap
page read and write
2DC777EA000
heap
page read and write
FA627FC000
stack
page read and write
1C742F0C000
heap
page read and write
2DC777C2000
heap
page read and write
2DC776C7000
heap
page read and write
1DE3EBEF000
heap
page read and write
637F569000
stack
page read and write
1C742F6F000
heap
page read and write
1C742F69000
heap
page read and write
2DC77635000
heap
page read and write
2DC777C2000
heap
page read and write
1DE3EBBF000
heap
page read and write
1C742F1B000
heap
page read and write
9F4000
heap
page read and write
2DC777EA000
heap
page read and write
24E444D0000
heap
page read and write
2DC77808000
heap
page read and write
974000
heap
page read and write
2DC777EA000
heap
page read and write
2DC777EA000
heap
page read and write
2DC775FE000
heap
page read and write
2DC777EA000
heap
page read and write
2DC777A0000
heap
page read and write
2DC777C2000
heap
page read and write
2DC777C2000
heap
page read and write
D6E000
stack
page read and write
1C742F27000
heap
page read and write
2DC7763D000
heap
page read and write
2A902FE000
stack
page read and write
63000FE000
stack
page read and write
1C742F69000
heap
page read and write
2DC777EA000
heap
page read and write
268E000
stack
page read and write
1C742F85000
heap
page read and write
2DC77618000
heap
page read and write
1C742F0A000
heap
page read and write
1DE40A80000
heap
page read and write
1C742F30000
heap
page read and write
FA62EEB000
stack
page read and write
2DC77808000
heap
page read and write
2DC777C2000
heap
page read and write
FA62AFE000
stack
page read and write
2DC777C2000
heap
page read and write
2DC777AE000
heap
page read and write
1C742F84000
heap
page read and write
2DC776C7000
heap
page read and write
2DC775FE000
heap
page read and write
63004FF000
stack
page read and write
1C742F18000
heap
page read and write
1C742EA0000
heap
page read and write
1C742F30000
heap
page read and write
1DE3EBD7000
heap
page read and write
2DC777D2000
heap
page read and write
2DC776B5000
heap
page read and write
1C742F7F000
heap
page read and write
2DC7765B000
heap
page read and write
2DC7767B000
heap
page read and write
2DC7765D000
heap
page read and write
9F0000
heap
page read and write
2DC77618000
heap
page read and write
2DC77638000
heap
page read and write
1C742F28000
heap
page read and write
2DC777D2000
heap
page read and write
56D000
stack
page read and write
2DC77635000
heap
page read and write
2DC77667000
heap
page read and write
BEE000
stack
page read and write
2DC7763D000
heap
page read and write
2DC7767B000
heap
page read and write
2DC776C7000
heap
page read and write
2DC7765B000
heap
page read and write
1DE3EBAA000
heap
page read and write
61069FE000
stack
page read and write
2DC77618000
heap
page read and write
2DC77808000
heap
page read and write
2DC777EA000
heap
page read and write
970000
heap
page read and write
2DC77635000
heap
page read and write
D2F000
stack
page read and write
2DC777D2000
heap
page read and write
2DC77808000
heap
page read and write
1DE3EBCF000
heap
page read and write
2DC775F1000
heap
page read and write
2DC777EA000
heap
page read and write
2DC775ED000
heap
page read and write
2CCD000
stack
page read and write
2DC777D2000
heap
page read and write
2A8FEFE000
stack
page read and write
1DE3EBC4000
heap
page read and write
2DC7581C000
heap
page read and write
1DE3EBC4000
heap
page read and write
1DE3EBBA000
heap
page read and write
2DC775FE000
heap
page read and write
2DC776C7000
heap
page read and write
63003FE000
stack
page read and write
1DE3EAC0000
heap
page read and write
1C742F17000
heap
page read and write
2DC775F1000
heap
page read and write
2DC777EA000
heap
page read and write
270E000
stack
page read and write
2DC777D2000
heap
page read and write
1C742F94000
heap
page read and write
2DC77635000
heap
page read and write
2DC775F1000
heap
page read and write
2DC7761E000
heap
page read and write
1DE3EBA9000
heap
page read and write
2DC77635000
heap
page read and write
9BE000
stack
page read and write
2DC77808000
heap
page read and write
2DC7765C000
heap
page read and write
1DE3EC0A000
heap
page read and write
2A2E000
stack
page read and write
2DC77618000
heap
page read and write
There are 414 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://secured-login.net/pages/5b6e2d87961b/XM25kT0NsS3kvY0JUQmZyOU44VitIVjVISFJuN29CWXNuN3JlQ1lhcHFHZWIyWEtnZDJkTm1vbGdnUWNwaXA2L214R0FVejhMQ0RJd1BrVHVZYzVUdjlmemhrUTdjSUZYYXh0VElzaU10THRlMkV3N2tkaFJURExwOUd1ZGdUQ05FTU82bWFzSVFyeHlqTU11alpPa0tjSjhMZGFjMlQ5UGhCS1ZwcjlDbEFZS2N3NmVWMjRzcnp2SS0tZ3JVRE1vUm80Sm5Fc3dWSy0tQVY0ZmlNYk1LWHhQbGwra1hxcWVXQT09
 malicious