Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DocuSign_Contract_Agreement-16.pdf
|
PDF document, version 1.4, 1 pages
|
initial sample
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1650e3ed-40d7-4f1f-a762-25bfeb20be81.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240328124408Z-190.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 15
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3484
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.3484
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI672ba.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 13-44-05-835.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\4e37bfd8-a5b5-40a2-a9a9-7d6b189563d8.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\a86018d7-7f78-4d6e-b429-117886d19a20.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\ab856e99-93c8-44cf-a473-f88601cee70b.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\bec7943b-097d-4f1e-9733-7a6ed8c58817.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
Chrome Cache Entry: 180
|
HTML document, ASCII text, with very long lines (358)
|
downloaded
|
||
|
Chrome Cache Entry: 181
|
ASCII text, with very long lines (39928)
|
downloaded
|
||
|
Chrome Cache Entry: 182
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 183
|
HTML document, ASCII text, with very long lines (3255), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 184
|
PNG image data, 74 x 25, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 185
|
PNG image data, 70 x 85, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 186
|
PNG image data, 70 x 85, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 187
|
PNG image data, 74 x 25, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 188
|
HTML document, ASCII text, with very long lines (3255), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 189
|
HTML document, ASCII text, with very long lines (3255), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 190
|
PNG image data, 80 x 63, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 191
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 192
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 193
|
ASCII text, with very long lines (39928)
|
downloaded
|
||
|
Chrome Cache Entry: 194
|
PNG image data, 80 x 63, 8-bit/color RGB, non-interlaced
|
downloaded
|
There are 53 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\DocuSign_Contract_Agreement-16.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2096 --field-trial-handle=1600,i,16310512825041262056,14325028802841498775,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eyol.link/r?url=//Flynashville?energycomercio?com?br/omluabie/omowunmis/Flynashville/YWNjQGZseW5hc2h2aWxsZS5jb20=
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1904,i,7120603273242482031,15472148502167169191,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://f9bf13b5.4a615cd5784c6728c81efea2.workers.dev/favicon.ico
|
104.21.46.150
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=86b7b5d08d98818c
|
104.17.2.184
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/86b7b9cacb2f07fe/1711630018721/c8985559f7b9cef171c4c4a7522cde8d51fca4657b38f327ad53eb223ba797b3/el1Ea_bBNGXudAa
|
104.17.3.184
|
||
|
https://eyol.link/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=86b7b5c68dcc38ac
|
104.21.23.97
|
||
|
https://flynashville.energycomercio.com.br/omluabie/omowunmis/Flynashville/YWNjQGZseW5hc2h2aWxsZS5jb20=
|
|||
|
https://eyol.link/cdn-cgi/challenge-platform/h/g/flow/ov1/934853828:1711627842:PHJVmflvF9KYeZxJzSNylxlFOj4itgc6vsHhqcmZnVg/86b7b5badcbd28c2/37d7ff71572e391
|
104.21.23.97
|
||
|
https://challenges.cloudflare.com/turnstile/v0/g/dc6b543c1346/api.js?onload=onloadTurnstileCallback
|
104.17.2.184
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/86b7b90bff0e7fff/1711629986192/bNVGmSXV1-WaKSx
|
104.17.3.184
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/86b7b5d08d98818c/1711629856406/30f15ccaeaf1f9b7047ba49c682982e0911a05bfa9cc973e824e4850398373af/XQJNNVTf4hxS0MN
|
104.17.2.184
|
||
|
https://eyol.link/cdn-cgi/challenge-platform/h/g/flow/ov1/102732284:1711627795:st4alLyBvWi3nOqiLEE3WMVKGb89ztJ1rX5r_WHvR3I/86b7b902ac215b58/8678987e6ddb9a9
|
104.21.23.97
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/611771973:1711628056:IXCdZbLHW5Ub4imu5nj0NuoqC-q-e-gmelozgPPWyXQ/86b7b9cacb2f07fe/2821c0ccd337fdb
|
104.17.3.184
|
||
|
https://eyol.link/cdn-cgi/challenge-platform/h/g/flow/ov1/2001882571:1711627881:mV43kD5CKEvT8e5YA0bF_6QTqaIVnW9bb7w-isNdRAo/86b7b5c68dcc38ac/ebc69f1db2c80c7
|
104.21.23.97
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/86b7b90bff0e7fff/1711629986198/0423f8335c4a904d22449f27da611e69422822d96f9ea9cfcf2a5d78fb29aa30/CHPlEJp-H-2ct7M
|
104.17.3.184
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/86b7b9cacb2f07fe/1711630018723/9WJ6A469k6OBWDg
|
104.17.3.184
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/kkq7m/0x4AAAAAAAVvaXop_pldVh4W/auto/normal
|
|||
|
https://eyol.link/favicon.ico
|
104.21.23.97
|
||
|
https://flynashville.energycomercio.com.br/favicon.ico
|
192.185.214.195
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=86b7b9cacb2f07fe
|
104.17.3.184
|
||
|
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
|
104.17.2.184
|
||
|
http://gmpg.org/xfn/11
|
unknown
|
||
|
https://eyol.link/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=86b7b5badcbd28c2
|
104.21.23.97
|
||
|
https://eyol.link/r?url=//Flynashville%E3%80%82energycomercio%E3%80%82com%E3%80%82br/omluabie/omowunmis/Flynashville/YWNjQGZseW5hc2h2aWxsZS5jb20=
|
|||
|
https://eyol.link/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=86b7b902ac215b58
|
104.21.23.97
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=86b7b90bff0e7fff
|
104.17.3.184
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/227516417:1711627909:Ik5KHUkUkIMB8JFRfIZA9C7wVQS3vc0D0xdbRWdpadA/86b7b5d08d98818c/e7b2c806349ec4f
|
104.17.2.184
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
|
104.17.2.184
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/86b7b5d08d98818c/1711629856412/9BlLHZTJ3oNSL4V
|
104.17.2.184
|
||
|
https://f9bf13b5.4a615cd5784c6728c81efea2.workers.dev/?qrc=acc@flynashville.com
|
|||
|
https://a.nel.cloudflare.com/report/v4?s=qA2S5fmTqq2EGQJCo4MjrQjXtslh5fa2%2BatiO2%2F%2BReBjJhcTtEWp3h0JsPcY2rRc8V7ZTd8N2pUZ%2FRVnpH%2BvY2dV%2B99q7ZH3Ss3B%2Bp3FZGcNnhvx5NGx%2BKqzews%3D
|
35.190.80.1
|
||
|
https://a.nel.cloudflare.com/report/v4?s=%2FOrOj2l9WMYg%2FOGscDU%2B2kFigzDooPxALS5GzLI%2Bsl1b7M%2FKz1KhH5RfY3HwbxF8hF6ZNTWR90pQpMcoruqqog8ycSpQCsmoopjnRRaeoupbAjPmEi9pwwLU84g%3D
|
35.190.80.1
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/v4sw6/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
|
|||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2118960339:1711628077:_pvrdV8O4aXlav9SinDxjbvKLM4ReBjfdbioDR6jrSw/86b7b90bff0e7fff/a78712ae3e24da0
|
104.17.3.184
|
||
|
https://a.nel.cloudflare.com/report/v4?s=p0biNa1PBra9ygB3XJX%2BQl1zKeLJLUcuf%2BwiZeZvLuvvcZ7rXs%2BkokMwWy2M4vXejo%2FsfRnnyvVT6nabn8GhT6LBiQkWPf3ldsQMB46zAAK6q8YnDuLoG0oqo1s%3D
|
35.190.80.1
|
||
|
http://code.jquery.com/jquery-3.3.1.min.js
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jd0lg/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
eyol.link
|
104.21.23.97
|
||
|
a.nel.cloudflare.com
|
35.190.80.1
|
||
|
challenges.cloudflare.com
|
104.17.2.184
|
||
|
www.google.com
|
172.253.115.106
|
||
|
f9bf13b5.4a615cd5784c6728c81efea2.workers.dev
|
104.21.46.150
|
||
|
flynashville.energycomercio.com.br
|
192.185.214.195
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.210.42
|
unknown
|
United States
|
||
|
104.72.156.136
|
unknown
|
United States
|
||
|
104.21.23.97
|
eyol.link
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
172.253.122.147
|
unknown
|
United States
|
||
|
104.17.3.184
|
unknown
|
United States
|
||
|
172.67.140.54
|
unknown
|
United States
|
||
|
172.253.115.106
|
www.google.com
|
United States
|
||
|
192.185.214.195
|
flynashville.energycomercio.com.br
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
|
104.17.2.184
|
challenges.cloudflare.com
|
United States
|
||
|
104.21.46.150
|
f9bf13b5.4a615cd5784c6728c81efea2.workers.dev
|
United States
|
There are 3 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
There are 8 hidden registries, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://eyol.link/r?url=//Flynashville%E3%80%82energycomercio%E3%80%82com%E3%80%82br/omluabie/omowunmis/Flynashville/YWNjQGZseW5hc2h2aWxsZS5jb20=
|
||
|
https://eyol.link/r?url=//Flynashville%E3%80%82energycomercio%E3%80%82com%E3%80%82br/omluabie/omowunmis/Flynashville/YWNjQGZseW5hc2h2aWxsZS5jb20=
|
||
|
https://eyol.link/r?url=//Flynashville%E3%80%82energycomercio%E3%80%82com%E3%80%82br/omluabie/omowunmis/Flynashville/YWNjQGZseW5hc2h2aWxsZS5jb20=
|
||
|
https://eyol.link/r?url=//Flynashville%E3%80%82energycomercio%E3%80%82com%E3%80%82br/omluabie/omowunmis/Flynashville/YWNjQGZseW5hc2h2aWxsZS5jb20=
|
||
|
https://eyol.link/r?url=//Flynashville%E3%80%82energycomercio%E3%80%82com%E3%80%82br/omluabie/omowunmis/Flynashville/YWNjQGZseW5hc2h2aWxsZS5jb20=
|
||
|
https://eyol.link/r?url=//Flynashville%E3%80%82energycomercio%E3%80%82com%E3%80%82br/omluabie/omowunmis/Flynashville/YWNjQGZseW5hc2h2aWxsZS5jb20=
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/v4sw6/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/v4sw6/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jd0lg/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/jd0lg/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
|
||
|
https://flynashville.energycomercio.com.br/omluabie/omowunmis/Flynashville/YWNjQGZseW5hc2h2aWxsZS5jb20=
|
||
|
https://f9bf13b5.4a615cd5784c6728c81efea2.workers.dev/?qrc=acc@flynashville.com
|
||
|
https://f9bf13b5.4a615cd5784c6728c81efea2.workers.dev/?qrc=acc@flynashville.com
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/kkq7m/0x4AAAAAAAVvaXop_pldVh4W/auto/normal
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/kkq7m/0x4AAAAAAAVvaXop_pldVh4W/auto/normal
|
There are 5 hidden doms, click here to show them.