Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
DocuSign_Payapp#5_Pay_Requests.pdf
|
PDF document, version 1.4, 1 pages
|
initial sample
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\af91835e-fdc6-4238-b572-f41d693acf08.tmp
|
JSON data
|
modified
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426201737Z-192.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 11
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 23
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSI3eed1.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 22-17-34-896.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\4adc6533-3eb7-45bf-8260-c22c075a72e2.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\5422d204-6a77-49e6-9d23-d695592ff518.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\6e305fda-988e-4690-a300-abb1da93725c.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\8a261583-5ac7-41fe-a3ff-3a2535e87da2.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\a7b402cf-c062-4cd2-9fbd-4644c848e093.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:18:14 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:18:14 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:18:14 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:18:14 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:18:14 2024, atime=Mon Oct 2 20:46:57
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 181
|
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 182
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision
8, 50x28, components 3
|
dropped
|
||
Chrome Cache Entry: 183
|
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 184
|
ASCII text, with very long lines (64612)
|
downloaded
|
||
Chrome Cache Entry: 185
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
downloaded
|
||
Chrome Cache Entry: 186
|
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 187
|
Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 188
|
PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 189
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 190
|
ASCII text, with very long lines (994), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 191
|
ASCII text, with very long lines (43896)
|
downloaded
|
||
Chrome Cache Entry: 192
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 193
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 194
|
ASCII text, with very long lines (61177)
|
downloaded
|
||
Chrome Cache Entry: 195
|
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
|
dropped
|
||
Chrome Cache Entry: 196
|
JPEG image data, baseline, precision 8, 1920x1080, components 3
|
downloaded
|
||
Chrome Cache Entry: 197
|
ASCII text, with very long lines (64616)
|
downloaded
|
||
Chrome Cache Entry: 198
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 199
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision
8, 50x28, components 3
|
downloaded
|
||
Chrome Cache Entry: 200
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 201
|
HTML document, ASCII text, with very long lines (2326), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 202
|
JPEG image data, baseline, precision 8, 1920x1080, components 3
|
dropped
|
||
Chrome Cache Entry: 203
|
Unicode text, UTF-8 text, with very long lines (32153)
|
downloaded
|
||
Chrome Cache Entry: 204
|
ASCII text, with very long lines (45563)
|
downloaded
|
||
Chrome Cache Entry: 205
|
PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 206
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 207
|
PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
|
downloaded
|
There are 75 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\DocuSign_Payapp#5_Pay_Requests.pdf"
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1624
--field-trial-handle=1548,i,17368980991378574226,11935322208934243998,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://email.wantyourfeedback.com/ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF5XZwY-2B6xtEf4K-2F0OUqW9J0ZCgtiHnuKPgwO57BN4nbMytPQKOXIsVPbDdaBFDQtTyzoa5R25WwanU8fj5yZvqu-2B0aEG-2FQ4kSONuVxLFMM-2FqYS1MSJTaXLSNFuW4lt9FGNOi682M0ACrKV4PH6f0bRGoXVwDSky-2BmaGT29AW5EV3RuTchu-2Boru3Y4Wm16cjugy6y-2F2BOZGZgPXLOR-2FFuMVOmBKDWyrgq2GUQxylBbCGXaTxKLNXuzOh1ksEsgdWOGQpbxMyYTcDgeZTrmeDmO727fKFS9y56TUe-2B-2BoBxWffpolwRAl10klJE3e621FXqSu7J-2BoO4HtcqciqN2yEmVQDTZeOiI4bgA5aknYFJoRzj5hZU63gJGvvMRh8Tqehj6cDyF9iHzG2g-2ByPvGjv9-2BY2hfcC7pMyfhaUZcB007mefDydRUmf5iRpMEgHR9Sg2XT7F31nGyAVtnPUHLCd-2F0y5N0zs-2B-2B-2FZf3TppEDBz4F3-2F6x2TfixqzzHPJHmGaDqIEsVqDag0p1CiLubdh-2BQ9ZwrdhYiMWvARGXRC5xDGIds3LiaJ35XcsroyLybhVsqMnQF-2FGK3qBYg4qiYPmbojMT2hi6OKOruTks5dTxn7bWIIh9iyVhgVqKl911azwSXtdb0Tm9w-2Bm4xTESGeIWacX5XwsvgSZkTgnF2q1XheonEnppza3CcFNYhOKVzSKP-2BlzMVWdhorzfsmpCaugAN1ynPRWwMr3nCm27Kqi2LjVKPmnvGtSA-2BdPJFkoDN2x0HWjiJX4bj-2B5Qie7gT7SHJ30pvX8eXFRnjOdpRN2wQ-3D-3DLEZO_-2B9RHaNlJTuT8Wl45M2xpmvRCZtWd0m9fTP74dNraSGfMgLd3R9QIuzEYL9XI7ldyhHZWVscd7CKMBwn5KQO96mWzbN7-2F2q4GodMF-2Bp-2F1fPX3Lf0iglsshTS0TOMR7hthNJ2CQy9yjw1G5cYyoERctW7e1GyPFYDp6vYSDyV5A4-2BJeBVPfbAvVUxlDOpG6mXhHdLD4qO-2FeBdvvviJNlAFYkkSI7OxVaZQWre8K8FmsEFfFn3tBRDg2y1QkCQbkio5uQVBqj7YZNB-2BirBQxaWLq7mOy73heMnBdF8oJlaD0rwTWaaKAWVo4aiElmNs-2F03diU6TJ2RAZcvQxWsKaj6LQDKVxlH8MellZqpFF9oT00ELhes2kznJXgLyrqkuGkALM5d3zJow1npVj8EdzY-2B-2BnchbUD2q62tvI8AE-2B7kpMhX-2Br64oZOfhYphysBoCXInqXvm9-2F0Vvha-2FctJroCDCPBx2zfhffD0NbMi-2BZ1k3FbKz2fLKoH4Nx7qkPYmAD08JG
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1760,i,4409796165917685690,4155670508853813645,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://bdfdbdf.pivitai.net/owa/prefetch.aspx
|
|||
https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true
|
|||
http://github.com/jquery/globalize
|
unknown
|
||
https://login.windows.net
|
unknown
|
||
https://yukrtg.pivitai.net/shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js
|
172.67.223.170
|
||
https://yukrtg.pivitai.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
|
172.67.223.170
|
||
https://wreg.pivitai.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js
|
172.67.223.170
|
||
https://dfgrt.pivitai.net/favicon.ico
|
172.67.223.170
|
||
https://login.chinacloudapi.cn
|
unknown
|
||
http://knockoutjs.com/
|
unknown
|
||
https://login-us.microsoftonline.com
|
unknown
|
||
https://ujty.pivitai.net
|
unknown
|
||
https://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D
|
104.21.93.58
|
||
https://github.com/douglascrockford/JSON-js
|
unknown
|
||
https://yukrtg.pivitai.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
|
172.67.223.170
|
||
https://login.windows-ppe.net
|
unknown
|
||
https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH
|
|||
https://yukrtg.pivitai.net/shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
|
172.67.223.170
|
||
http://email.wantyourfeedback.com/ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF
|
unknown
|
||
https://yukrtg.pivitai.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg
|
172.67.223.170
|
||
https://login.microsoftonline.us
|
unknown
|
||
http://www.opensource.org/licenses/mit-license.php)
|
unknown
|
||
https://dwqef.pivitai.net/Me.htm?v=3
|
172.67.223.170
|
||
https://dyjt.pivitai.net/wlFGCNZO
|
104.21.32.98
|
||
https://yukrtg.pivitai.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
|
172.67.223.170
|
||
https://dfgrt.pivitai.net
|
unknown
|
||
https://device.dfgrt.pivitai.net
|
unknown
|
||
https://yukrtg.pivitai.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
|
172.67.223.170
|
||
http://feross.org
|
unknown
|
||
https://bdfdbdf.pivitai.net/owa/
|
104.21.32.98
|
||
https://wreg.pivitai.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
|
172.67.223.170
|
||
https://yukrtg.pivitai.net/shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png
|
172.67.223.170
|
||
https://login.microsoftonline.de
|
unknown
|
||
https://login.partner.microsoftonline.cn
|
unknown
|
||
https://logincert.microsoftonline.com
|
unknown
|
||
https://yukrtg.pivitai.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js
|
172.67.223.170
|
||
https://yukrtg.pivitai.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js
|
172.67.223.170
|
There are 27 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
dfgrt.pivitai.net
|
172.67.223.170
|
||
part-0013.t-0009.t-msedge.net
|
13.107.246.41
|
||
a.nel.cloudflare.com
|
35.190.80.1
|
||
cs1100.wpc.omegacdn.net
|
152.199.4.44
|
||
yukrtg.pivitai.net
|
172.67.223.170
|
||
www.google.com
|
142.250.217.164
|
||
dyjt.pivitai.net
|
104.21.32.98
|
||
wreg.pivitai.net
|
172.67.223.170
|
||
bdfdbdf.pivitai.net
|
104.21.32.98
|
||
dwqef.pivitai.net
|
172.67.223.170
|
||
identity.nel.measure.office.net
|
unknown
|
||
r4.res.office365.com
|
unknown
|
||
aadcdn.msftauth.net
|
unknown
|
There are 3 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.168.2.17
|
unknown
|
unknown
|
||
152.199.4.44
|
cs1100.wpc.omegacdn.net
|
United States
|
||
104.94.108.142
|
unknown
|
United States
|
||
104.21.32.98
|
dyjt.pivitai.net
|
United States
|
||
142.250.217.164
|
www.google.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
104.21.93.58
|
unknown
|
United States
|
||
172.67.223.170
|
dfgrt.pivitai.net
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sFileAncestors
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
bisSharedFile
|
There are 8 hidden registries, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH
|
||
https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true
|
||
https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true
|
||
https://bdfdbdf.pivitai.net/owa/prefetch.aspx
|
||
https://bdfdbdf.pivitai.net/owa/prefetch.aspx
|
||
https://bdfdbdf.pivitai.net/owa/prefetch.aspx
|