Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
sample.pdf
|
PDF document, version 1.6
|
initial sample
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c26b9f10-bb80-4c30-aecc-de2dbc5cb30c.tmp
|
JSON data
|
modified
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241023150018Z-157.bmp
|
PC bitmap, Windows 3.x format, 152 x -152 x 32, cbSize 92470, bits offset 54
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 15
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSI76f6e.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-23 11-00-16-840.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\ac6bb0c0-1350-4d17-823e-eb150cc69e82.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\b145b2f8-abc6-47bc-b470-7d78cbd49cbf.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\fda5fdcd-140e-48a3-a116-786cd42ad0b7.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\fe8f852d-adfa-4482-9dae-ef6266c71efa.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1222819494\Google.Widevine.CDM.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1222819494\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1222819494\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1222819494\manifest.json
|
JSON data
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1939903556\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1939903556\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1939903556\manifest.json
|
JSON data
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_1939903556\ssl_error_assistant.pb
|
data
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_378364928\Filtering Rules
|
data
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_378364928\LICENSE.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_378364928\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_378364928\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_378364928\manifest.json
|
JSON data
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_711157596\LICENSE
|
ASCII text
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_711157596\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_711157596\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_711157596\manifest.json
|
JSON data
|
dropped
|
||
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7232_711157596\sets.json
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 227
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 228
|
PNG image data, 30 x 13, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 229
|
ASCII text, with very long lines (47531)
|
dropped
|
||
Chrome Cache Entry: 230
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
Chrome Cache Entry: 231
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 232
|
PNG image data, 67 x 94, 8-bit/color RGB, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 233
|
PNG image data, 67 x 94, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 234
|
ASCII text, with very long lines (47531)
|
downloaded
|
||
Chrome Cache Entry: 235
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 236
|
PNG image data, 30 x 13, 8-bit/color RGB, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 237
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 238
|
HTML document, ASCII text, with very long lines (4865)
|
downloaded
|
||
Chrome Cache Entry: 239
|
ASCII text, with very long lines (32065)
|
downloaded
|
||
Chrome Cache Entry: 240
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 241
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 242
|
ASCII text, with very long lines (6787), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 243
|
ASCII text, with very long lines (50758)
|
downloaded
|
||
Chrome Cache Entry: 244
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 245
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
There are 72 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\sample.pdf"
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2100 --field-trial-handle=1632,i,15400619885949734793,6609710694606935843,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://randomizeme.hardenberghins.top/"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=2012,i,11235863720089949835,865581098047365261,262144
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://randomizeme.hardenberghins.top/2svg/p2ZYA6qMN9DRWoj
|
172.67.163.164
|
||
https://randomizeme.hardenberghins.top/js___/6719103b74629-64cef2ba7879e2698ed4ff1b0443b6f0
|
172.67.163.164
|
||
https://randomizeme.hardenberghins.top/cdn-cgi/challenge-platform/h/g/flow/ov1/1187924400:1729693659:S9IWJk3uQpGarunHxrnZXI-tK2V0rAwpSNZq--w9Jeg/8d729c6e4ba0466b/nLb6PtQsbdQkZSjBydcr__Tgcj7Q6FCn2YoaT88cYL4-1729695777-1.1.1.1-pF8WSFWTxsakDEe5s0p0KQnGBAmZoTxBmUzH7oXi5bdXfUGJlJckqVe8hSt9PBfi
|
172.67.163.164
|
||
https://randomizeme.hardenberghins.top/js_/6719103b74630-64cef2ba7879e2698ed4ff1b0443b6f0
|
172.67.163.164
|
||
https://wieistmeineip.de
|
unknown
|
||
https://mercadoshops.com.co
|
unknown
|
||
https://gliadomain.com
|
unknown
|
||
https://poalim.xyz
|
unknown
|
||
https://mercadolivre.com
|
unknown
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8d729c7df8abe83b/1729695783376/oS_cNgWSMGPmhOY
|
104.18.95.41
|
||
https://easylist.to/)
|
unknown
|
||
https://reshim.org
|
unknown
|
||
https://nourishingpursuits.com
|
unknown
|
||
https://medonet.pl
|
unknown
|
||
https://unotv.com
|
unknown
|
||
https://mercadoshops.com.br
|
unknown
|
||
https://joyreactor.cc
|
unknown
|
||
https://zdrowietvn.pl
|
unknown
|
||
https://johndeere.com
|
unknown
|
||
https://songstats.com
|
unknown
|
||
https://baomoi.com
|
unknown
|
||
https://supereva.it
|
unknown
|
||
https://elfinancierocr.com
|
unknown
|
||
https://github.com/twbs/bootstrap/graphs/contributors)
|
unknown
|
||
https://bolasport.com
|
unknown
|
||
https://rws1nvtvt.com
|
unknown
|
||
https://desimartini.com
|
unknown
|
||
https://hearty.app
|
unknown
|
||
https://hearty.gift
|
unknown
|
||
https://mercadoshops.com
|
unknown
|
||
https://heartymail.com
|
unknown
|
||
https://nlc.hu
|
unknown
|
||
https://p106.net
|
unknown
|
||
https://radio2.be
|
unknown
|
||
https://finn.no
|
unknown
|
||
https://hc1.com
|
unknown
|
||
https://kompas.tv
|
unknown
|
||
https://mystudentdashboard.com
|
unknown
|
||
https://songshare.com
|
unknown
|
||
https://smaker.pl
|
unknown
|
||
https://mercadopago.com.mx
|
unknown
|
||
https://p24.hu
|
unknown
|
||
https://talkdeskqaid.com
|
unknown
|
||
https://24.hu
|
unknown
|
||
https://mercadopago.com.pe
|
unknown
|
||
https://cardsayings.net
|
unknown
|
||
https://text.com
|
unknown
|
||
https://mightytext.net
|
unknown
|
||
https://pudelek.pl
|
unknown
|
||
https://hazipatika.com
|
unknown
|
||
https://joyreactor.com
|
unknown
|
||
https://cookreactor.com
|
unknown
|
||
https://wildixin.com
|
unknown
|
||
https://eworkbookcloud.com
|
unknown
|
||
https://cognitiveai.ru
|
unknown
|
||
https://nacion.com
|
unknown
|
||
https://a.nel.cloudflare.com/report/v4?s=nqDhGj3iTkonuSRk6wqSgL06tspoa6%2BN%2FPLk%2Bz%2FsQNk8rI6%2BGSvbjoqocE5VCcUNYUCqaLLTEO8c8J7iworZ7L8i2qPTGAXSQ7vKscERucLtkJe6eJqadIZ274iEJI4otT2H5J51Ez4jhVRe52rMEpI%3D
|
35.190.80.1
|
||
https://chennien.com
|
unknown
|
||
https://drimer.travel
|
unknown
|
||
https://deccoria.pl
|
unknown
|
||
https://mercadopago.cl
|
unknown
|
||
https://talkdeskstgid.com
|
unknown
|
||
https://naukri.com
|
unknown
|
||
https://interia.pl
|
unknown
|
||
https://bonvivir.com
|
unknown
|
||
https://carcostadvisor.be
|
unknown
|
||
https://salemovetravel.com
|
unknown
|
||
https://sapo.io
|
unknown
|
||
https://wpext.pl
|
unknown
|
||
https://welt.de
|
unknown
|
||
https://a.nel.cloudflare.com/report/v4?s=FHzr5ZywqzuPMYLFqBuKx%2Bc8YdFqz70YpSLIYyDLCNtcRj2s6P%2BeT%2BaA%2FKgBN5cgbBlLea5oRidJJmxuoGWPISbCnVmEE9YVYiHhdmoD%2BSj9NyVGeDApZHR3f%2Fdy0GmW9CGDOT5xCSyPKAlqOtSiRi8%3D
|
35.190.80.1
|
||
https://poalim.site
|
unknown
|
||
https://drimer.io
|
unknown
|
||
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
https://infoedgeindia.com
|
unknown
|
||
https://blackrockadvisorelite.it
|
unknown
|
||
https://cognitive-ai.ru
|
unknown
|
||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8d72993ead4d0b86/1729695649054/0b1ba4139bdf46cba741abf2fd8cef171e094d3cf2afa00c4680be383108e21c/NiOVKxnt0JXSlPo
|
104.18.95.41
|
||
https://cafemedia.com
|
unknown
|
||
https://graziadaily.co.uk
|
unknown
|
||
https://thirdspace.org.au
|
unknown
|
||
https://mercadoshops.com.ar
|
unknown
|
||
https://smpn106jkt.sch.id
|
unknown
|
||
https://elpais.uy
|
unknown
|
||
https://landyrev.com
|
unknown
|
||
https://the42.ie
|
unknown
|
||
https://commentcamarche.com
|
unknown
|
||
https://tucarro.com.ve
|
unknown
|
||
https://rws3nvtvt.com
|
unknown
|
||
https://eleconomista.net
|
unknown
|
||
https://helpdesk.com
|
unknown
|
||
https://mercadolivre.com.br
|
unknown
|
||
https://clmbtech.com
|
unknown
|
||
https://standardsandpraiserepurpose.com
|
unknown
|
||
https://07c225f3.online
|
unknown
|
||
https://salemovefinancial.com
|
unknown
|
||
https://mercadopago.com.br
|
unknown
|
||
https://commentcamarche.net
|
unknown
|
||
https://a.nel.cloudflare.com/report/v4?s=DMMjaXKffsWHXEFMRd4O3yzLTAEg7sVErZ6V%2F38IJWsTqKslAwTKJeR32ScIsmjqoZuqDEyHi7WkFTfi1wiUzPaaS0A4oZ20%2B8dlo%2B9KgdqZn9Bg6VhtlDAud9h8tJEDBfMzglVK9TnBr%2BIWuRNTw9Y%3D
|
35.190.80.1
|
||
https://etfacademy.it
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
randomizeme.hardenberghins.top
|
172.67.163.164
|
||
a.nel.cloudflare.com
|
35.190.80.1
|
||
challenges.cloudflare.com
|
104.18.95.41
|
||
www.google.com
|
142.250.185.132
|
||
x1.i.lencr.org
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
172.67.163.164
|
randomizeme.hardenberghins.top
|
United States
|
||
104.18.94.41
|
unknown
|
United States
|
||
142.250.185.132
|
www.google.com
|
United States
|
||
104.18.95.41
|
challenges.cloudflare.com
|
United States
|
||
192.168.2.4
|
unknown
|
unknown
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
104.21.65.137
|
unknown
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
There are 8 hidden registries, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://randomizeme.hardenberghins.top/&redirect=84640705e015bceb1ff7eba4d1f34dfb5e1eafa9main&uid=f253efe302d32ab264a76e0ce65be7696719103a7446b
|
||
https://randomizeme.hardenberghins.top/
|
||
https://randomizeme.hardenberghins.top/
|
||
https://randomizeme.hardenberghins.top/
|
||
https://randomizeme.hardenberghins.top/
|
||
https://randomizeme.hardenberghins.top/
|
||
https://randomizeme.hardenberghins.top/
|
||
https://randomizeme.hardenberghins.top/&redirect=84640705e015bceb1ff7eba4d1f34dfb5e1eafa9main&uid=f253efe302d32ab264a76e0ce65be7696719103a7446b
|