Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Sales_Contract_Main_417053608_09.2024.pdf
|
PDF document, version 1.4, 1 pages
|
initial sample
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4d508b24-0db9-487a-81c7-7968b1595ae3.tmp
|
JSON data
|
modified
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5de829.TMP (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001131751Z-162.bmp
|
PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8,
version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 19
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSIcd9e5.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 09-17-49-089.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\2263a356-36b8-4b17-a26d-8b36742d9182.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\2dbb335d-2783-405c-a8f4-b4d7cbb5a71d.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\e4ec913b-8a4a-48f9-aeec-b3df788accc6.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\f53e7143-1d12-4e9c-9703-9b8a16928645.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 921996
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:18:13 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:18:13 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
Chrome Cache Entry: 216
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 217
|
GIF image data, version 89a, 511 x 451
|
downloaded
|
||
Chrome Cache Entry: 219
|
HTML document, ASCII text, with very long lines (301), with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 220
|
ASCII text, with CRLF line terminators
|
dropped
|
||
Chrome Cache Entry: 222
|
ASCII text, with very long lines (47261)
|
dropped
|
||
Chrome Cache Entry: 223
|
HTML document, ASCII text, with very long lines (10455), with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 224
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 225
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 226
|
PNG image data, 66 x 45, 8-bit/color RGB, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 228
|
PNG image data, 3396 x 1920, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 229
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 232
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 234
|
HTML document, ASCII text, with very long lines (358)
|
downloaded
|
||
Chrome Cache Entry: 236
|
GIF image data, version 89a, 209 x 170
|
downloaded
|
||
Chrome Cache Entry: 237
|
ASCII text, with very long lines (65447)
|
downloaded
|
There are 34 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://refreshbills.rtorres.com.mx/vd/
|
|||
https://bqcjkdkt.melbourneschoolofmusic.com.au/
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
refreshbills.rtorres.com.mx
|
108.179.194.43
|
||
innovatrix.msk.su
|
188.114.97.3
|
||
code.jquery.com
|
151.101.194.137
|
||
challenges.cloudflare.com
|
104.18.95.41
|
||
www.google.com
|
216.58.206.68
|
||
googlehosted.l.googleusercontent.com
|
142.250.184.225
|
||
x1.i.lencr.org
|
unknown
|
||
blogger.googleusercontent.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
108.179.194.43
|
refreshbills.rtorres.com.mx
|
United States
|
||
142.250.185.99
|
unknown
|
United States
|
||
192.185.12.194
|
unknown
|
United States
|
||
142.250.185.206
|
unknown
|
United States
|
||
142.250.186.170
|
unknown
|
United States
|
||
184.28.88.176
|
unknown
|
United States
|
||
104.18.94.41
|
unknown
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
151.101.130.137
|
unknown
|
United States
|
||
162.159.61.3
|
unknown
|
United States
|
||
23.41.168.139
|
unknown
|
United States
|
||
142.250.184.225
|
googlehosted.l.googleusercontent.com
|
United States
|
||
151.101.194.137
|
code.jquery.com
|
United States
|
||
142.250.184.227
|
unknown
|
United States
|
||
142.250.185.65
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
34.104.35.123
|
unknown
|
United States
|
||
74.125.133.84
|
unknown
|
United States
|
||
142.250.186.163
|
unknown
|
United States
|
||
104.18.95.41
|
challenges.cloudflare.com
|
United States
|
||
216.58.206.68
|
www.google.com
|
United States
|
||
216.58.206.46
|
unknown
|
United States
|
||
2.23.197.184
|
unknown
|
European Union
|
||
93.184.221.240
|
unknown
|
European Union
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
188.114.97.3
|
innovatrix.msk.su
|
European Union
|
||
142.250.185.195
|
unknown
|
United States
|
||
34.193.227.236
|
unknown
|
United States
|
||
172.217.16.131
|
unknown
|
United States
|
There are 19 hidden IPs, click here to show them.