Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
ABSA NOTIFICATION(.......pdf
|
PDF document, version 1.4, 1 pages
|
initial sample
|
||
C:\Users\user\Downloads\2aeeebe1-258b-4f2d-976b-74484013452b.tmp
|
HTML document, ASCII text, with very long lines (755)
|
dropped
|
||
C:\Users\user\Downloads\datatransfer-pro-jlpfs-wing-transfer-newalx7.html (copy)
|
HTML document, ASCII text, with very long lines (755)
|
dropped
|
||
C:\Users\user\Downloads\datatransfer-pro-jlpfs-wing-transfer-newalx7.html.crdownload (copy)
|
HTML document, ASCII text, with very long lines (755)
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8a9c2a19-38c1-4868-a40d-6f0ada60b828.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240703072830Z-160.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8,
version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
modified
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 19
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSIf44fa.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 03-28-28-526.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 06:28:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 06:28:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 06:28:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 06:28:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 06:28:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
There are 32 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
file:///C:/Users/user/Downloads/datatransfer-pro-jlpfs-wing-transfer-newalx7.html
|
|||
https://wingtransfer.com/transfers/public-download/U2FsdGVkX19jVnYJ7SjqRThQUO0yOzsYpy0pYjYdlnY2CUXoPor21LdnFvofrtxHTvhMpF4KoZzNeKyWFV0tEzsYTdcwQXitVcGryIHpzNXaYTiHTp4iWJdqdlFsJqvKley5GrrmEmV7UThGTSeo1Sbfcz8ndOryG9fBz1hNR2Q4xMl3JkMXN9QyFyc2wc4BCfTE9aK28qtqRRKgwdO7rs5aX58oBojRXuMBpJsIXcte9OnjtwLZOyrFXzB94fIPor21Ldw85yHabV6vDaJJOtVEaRuKLLNUmB5hU6A8kaXwIO4Oa3VYwlmB14gvk9ejdDdGGsPor21LdZbaS0zZqydOYHBird7W6QryDN8SiomRBPtaVJETYFUXIPor21LdXKVuqxMl3JkmPor21LdD9NjmqUFn7t2JK46PNoUr
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
api.datatransferpro.com
|
167.86.118.58
|
||
send-emailjs.us-west-2.elasticbeanstalk.com
|
35.83.61.114
|
||
l2.io
|
195.80.159.133
|
||
www.google.com
|
142.250.186.68
|
||
cdn.jsdelivr.net
|
unknown
|
||
api.wingtransfer.com
|
unknown
|
||
api.emailjs.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
2.18.96.131
|
unknown
|
European Union
|
||
142.250.186.68
|
www.google.com
|
United States
|
||
142.250.186.46
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
104.18.187.31
|
unknown
|
United States
|
||
35.83.61.114
|
send-emailjs.us-west-2.elasticbeanstalk.com
|
United States
|
||
142.250.186.163
|
unknown
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
3.233.129.217
|
unknown
|
United States
|
||
89.117.55.168
|
unknown
|
Lithuania
|
||
167.86.118.58
|
api.datatransferpro.com
|
Germany
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.185.142
|
unknown
|
United States
|
||
195.80.159.133
|
l2.io
|
France
|
||
23.43.252.185
|
unknown
|
United States
|
||
142.250.186.110
|
unknown
|
United States
|
||
199.232.210.172
|
unknown
|
United States
|
||
172.64.41.3
|
unknown
|
United States
|
||
142.250.74.195
|
unknown
|
United States
|
||
142.250.186.104
|
unknown
|
United States
|
||
2.16.202.123
|
unknown
|
European Union
|
||
66.102.1.84
|
unknown
|
United States
|
||
142.250.184.202
|
unknown
|
United States
|
There are 13 hidden IPs, click here to show them.