IOC Report
sample.pdf

loading gif

Files

File Path
Type
Category
Malicious
sample.pdf
PDF document, version 1.6
initial sample
malicious
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c26b9f10-bb80-4c30-aecc-de2dbc5cb30c.tmp
JSON data
modified
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241023150018Z-157.bmp
PC bitmap, Windows 3.x format, 152 x -152 x 32, cbSize 92470, bits offset 54
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
modified
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Temp\MSI76f6e.LOG
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-23 11-00-16-840.log
ASCII text, with very long lines (393)
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
ASCII text, with very long lines (393), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\ac6bb0c0-1350-4d17-823e-eb150cc69e82.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\b145b2f8-abc6-47bc-b470-7d78cbd49cbf.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\fda5fdcd-140e-48a3-a116-786cd42ad0b7.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\fe8f852d-adfa-4482-9dae-ef6266c71efa.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1222819494\Google.Widevine.CDM.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1222819494\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1222819494\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1222819494\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1939903556\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1939903556\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1939903556\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1939903556\ssl_error_assistant.pb
data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_378364928\Filtering Rules
data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_378364928\LICENSE.txt
ASCII text, with CRLF line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_378364928\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_378364928\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_378364928\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_711157596\LICENSE
ASCII text
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_711157596\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_711157596\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_711157596\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_711157596\sets.json
JSON data
dropped
Chrome Cache Entry: 227
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 228
PNG image data, 30 x 13, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 229
ASCII text, with very long lines (47531)
dropped
Chrome Cache Entry: 230
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 231
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 232
PNG image data, 67 x 94, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 233
PNG image data, 67 x 94, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 234
ASCII text, with very long lines (47531)
downloaded
Chrome Cache Entry: 235
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 236
PNG image data, 30 x 13, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 237
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 238
HTML document, ASCII text, with very long lines (4865)
downloaded
Chrome Cache Entry: 239
ASCII text, with very long lines (32065)
downloaded
Chrome Cache Entry: 240
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 241
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 242
ASCII text, with very long lines (6787), with no line terminators
downloaded
Chrome Cache Entry: 243
ASCII text, with very long lines (50758)
downloaded
Chrome Cache Entry: 244
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 245
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
There are 72 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\sample.pdf"
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1632,i,15400619885949734793,6609710694606935843,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://randomizeme.hardenberghins.top/"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=2012,i,11235863720089949835,865581098047365261,262144 /prefetch:8

URLs

Name
IP
Malicious
https://randomizeme.hardenberghins.top/2svg/p2ZYA6qMN9DRWoj
172.67.163.164
malicious
https://randomizeme.hardenberghins.top/js___/6719103b74629-64cef2ba7879e2698ed4ff1b0443b6f0
172.67.163.164
malicious
https://randomizeme.hardenberghins.top/cdn-cgi/challenge-platform/h/g/flow/ov1/1187924400:1729693659:S9IWJk3uQpGarunHxrnZXI-tK2V0rAwpSNZq--w9Jeg/8d729c6e4ba0466b/nLb6PtQsbdQkZSjBydcr__Tgcj7Q6FCn2YoaT88cYL4-1729695777-1.1.1.1-pF8WSFWTxsakDEe5s0p0KQnGBAmZoTxBmUzH7oXi5bdXfUGJlJckqVe8hSt9PBfi
172.67.163.164
malicious
https://randomizeme.hardenberghins.top/js_/6719103b74630-64cef2ba7879e2698ed4ff1b0443b6f0
172.67.163.164
malicious
https://wieistmeineip.de
unknown
https://mercadoshops.com.co
unknown
https://gliadomain.com
unknown
https://poalim.xyz
unknown
https://mercadolivre.com
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8d729c7df8abe83b/1729695783376/oS_cNgWSMGPmhOY
104.18.95.41
https://easylist.to/)
unknown
https://reshim.org
unknown
https://nourishingpursuits.com
unknown
https://medonet.pl
unknown
https://unotv.com
unknown
https://mercadoshops.com.br
unknown
https://joyreactor.cc
unknown
https://zdrowietvn.pl
unknown
https://johndeere.com
unknown
https://songstats.com
unknown
https://baomoi.com
unknown
https://supereva.it
unknown
https://elfinancierocr.com
unknown
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
https://bolasport.com
unknown
https://rws1nvtvt.com
unknown
https://desimartini.com
unknown
https://hearty.app
unknown
https://hearty.gift
unknown
https://mercadoshops.com
unknown
https://heartymail.com
unknown
https://nlc.hu
unknown
https://p106.net
unknown
https://radio2.be
unknown
https://finn.no
unknown
https://hc1.com
unknown
https://kompas.tv
unknown
https://mystudentdashboard.com
unknown
https://songshare.com
unknown
https://smaker.pl
unknown
https://mercadopago.com.mx
unknown
https://p24.hu
unknown
https://talkdeskqaid.com
unknown
https://24.hu
unknown
https://mercadopago.com.pe
unknown
https://cardsayings.net
unknown
https://text.com
unknown
https://mightytext.net
unknown
https://pudelek.pl
unknown
https://hazipatika.com
unknown
https://joyreactor.com
unknown
https://cookreactor.com
unknown
https://wildixin.com
unknown
https://eworkbookcloud.com
unknown
https://cognitiveai.ru
unknown
https://nacion.com
unknown
https://a.nel.cloudflare.com/report/v4?s=nqDhGj3iTkonuSRk6wqSgL06tspoa6%2BN%2FPLk%2Bz%2FsQNk8rI6%2BGSvbjoqocE5VCcUNYUCqaLLTEO8c8J7iworZ7L8i2qPTGAXSQ7vKscERucLtkJe6eJqadIZ274iEJI4otT2H5J51Ez4jhVRe52rMEpI%3D
35.190.80.1
https://chennien.com
unknown
https://drimer.travel
unknown
https://deccoria.pl
unknown
https://mercadopago.cl
unknown
https://talkdeskstgid.com
unknown
https://naukri.com
unknown
https://interia.pl
unknown
https://bonvivir.com
unknown
https://carcostadvisor.be
unknown
https://salemovetravel.com
unknown
https://sapo.io
unknown
https://wpext.pl
unknown
https://welt.de
unknown
https://a.nel.cloudflare.com/report/v4?s=FHzr5ZywqzuPMYLFqBuKx%2Bc8YdFqz70YpSLIYyDLCNtcRj2s6P%2BeT%2BaA%2FKgBN5cgbBlLea5oRidJJmxuoGWPISbCnVmEE9YVYiHhdmoD%2BSj9NyVGeDApZHR3f%2Fdy0GmW9CGDOT5xCSyPKAlqOtSiRi8%3D
35.190.80.1
https://poalim.site
unknown
https://drimer.io
unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://infoedgeindia.com
unknown
https://blackrockadvisorelite.it
unknown
https://cognitive-ai.ru
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8d72993ead4d0b86/1729695649054/0b1ba4139bdf46cba741abf2fd8cef171e094d3cf2afa00c4680be383108e21c/NiOVKxnt0JXSlPo
104.18.95.41
https://cafemedia.com
unknown
https://graziadaily.co.uk
unknown
https://thirdspace.org.au
unknown
https://mercadoshops.com.ar
unknown
https://smpn106jkt.sch.id
unknown
https://elpais.uy
unknown
https://landyrev.com
unknown
https://the42.ie
unknown
https://commentcamarche.com
unknown
https://tucarro.com.ve
unknown
https://rws3nvtvt.com
unknown
https://eleconomista.net
unknown
https://helpdesk.com
unknown
https://mercadolivre.com.br
unknown
https://clmbtech.com
unknown
https://standardsandpraiserepurpose.com
unknown
https://07c225f3.online
unknown
https://salemovefinancial.com
unknown
https://mercadopago.com.br
unknown
https://commentcamarche.net
unknown
https://a.nel.cloudflare.com/report/v4?s=DMMjaXKffsWHXEFMRd4O3yzLTAEg7sVErZ6V%2F38IJWsTqKslAwTKJeR32ScIsmjqoZuqDEyHi7WkFTfi1wiUzPaaS0A4oZ20%2B8dlo%2B9KgdqZn9Bg6VhtlDAud9h8tJEDBfMzglVK9TnBr%2BIWuRNTw9Y%3D
35.190.80.1
https://etfacademy.it
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
randomizeme.hardenberghins.top
172.67.163.164
malicious
a.nel.cloudflare.com
35.190.80.1
challenges.cloudflare.com
104.18.95.41
www.google.com
142.250.185.132
x1.i.lencr.org
unknown

IPs

IP
Domain
Country
Malicious
172.67.163.164
randomizeme.hardenberghins.top
United States
malicious
104.18.94.41
unknown
United States
142.250.185.132
www.google.com
United States
104.18.95.41
challenges.cloudflare.com
United States
192.168.2.4
unknown
unknown
239.255.255.250
unknown
Reserved
35.190.80.1
a.nel.cloudflare.com
United States
104.21.65.137
unknown
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
aFS
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tDIText
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileName
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
tFileSource
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sFileAncestors
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDI
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sDate
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uFileSize
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
uPageCount
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
sAssetId
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
bisSharedFile
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
aFS
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tDIText
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
tFileName
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDI
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
sDate
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uFileSize
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
uPageCount
There are 8 hidden registries, click here to show them.

DOM / HTML

URL
Malicious
https://randomizeme.hardenberghins.top/&redirect=84640705e015bceb1ff7eba4d1f34dfb5e1eafa9main&uid=f253efe302d32ab264a76e0ce65be7696719103a7446b
malicious
https://randomizeme.hardenberghins.top/
https://randomizeme.hardenberghins.top/
https://randomizeme.hardenberghins.top/
https://randomizeme.hardenberghins.top/
https://randomizeme.hardenberghins.top/
https://randomizeme.hardenberghins.top/
https://randomizeme.hardenberghins.top/&redirect=84640705e015bceb1ff7eba4d1f34dfb5e1eafa9main&uid=f253efe302d32ab264a76e0ce65be7696719103a7446b