IOC Report
Sales_Contract_Main_417053608_09.2024.pdf

loading gif

Files

File Path
Type
Category
Malicious
Sales_Contract_Main_417053608_09.2024.pdf
PDF document, version 1.4, 1 pages
initial sample
 malicious
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4d508b24-0db9-487a-81c7-7968b1595ae3.tmp
JSON data
modified
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5de829.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001131751Z-162.bmp
PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
modified
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Temp\MSIcd9e5.LOG
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 09-17-49-089.log
ASCII text, with very long lines (393)
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\2263a356-36b8-4b17-a26d-8b36742d9182.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\2dbb335d-2783-405c-a8f4-b4d7cbb5a71d.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\e4ec913b-8a4a-48f9-aeec-b3df788accc6.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\f53e7143-1d12-4e9c-9703-9b8a16928645.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 921996
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:18:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:18:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 216
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 217
GIF image data, version 89a, 511 x 451
downloaded
Chrome Cache Entry: 219
HTML document, ASCII text, with very long lines (301), with CRLF line terminators
dropped
Chrome Cache Entry: 220
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 222
ASCII text, with very long lines (47261)
dropped
Chrome Cache Entry: 223
HTML document, ASCII text, with very long lines (10455), with CRLF line terminators
downloaded
Chrome Cache Entry: 224
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 225
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 226
PNG image data, 66 x 45, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 228
PNG image data, 3396 x 1920, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 229
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 232
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 234
HTML document, ASCII text, with very long lines (358)
downloaded
Chrome Cache Entry: 236
GIF image data, version 89a, 209 x 170
downloaded
Chrome Cache Entry: 237
ASCII text, with very long lines (65447)
downloaded
There are 34 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://refreshbills.rtorres.com.mx/vd/
malicious
https://bqcjkdkt.melbourneschoolofmusic.com.au/

Domains

Name
IP
Malicious
refreshbills.rtorres.com.mx
108.179.194.43
 malicious
innovatrix.msk.su
188.114.97.3
code.jquery.com
151.101.194.137
challenges.cloudflare.com
104.18.95.41
www.google.com
216.58.206.68
googlehosted.l.googleusercontent.com
142.250.184.225
x1.i.lencr.org
unknown
blogger.googleusercontent.com
unknown

IPs

IP
Domain
Country
Malicious
108.179.194.43
refreshbills.rtorres.com.mx
United States
malicious
142.250.185.99
unknown
United States
192.185.12.194
unknown
United States
142.250.185.206
unknown
United States
142.250.186.170
unknown
United States
184.28.88.176
unknown
United States
104.18.94.41
unknown
United States
192.168.2.16
unknown
unknown
151.101.130.137
unknown
United States
162.159.61.3
unknown
United States
23.41.168.139
unknown
United States
142.250.184.225
googlehosted.l.googleusercontent.com
United States
151.101.194.137
code.jquery.com
United States
142.250.184.227
unknown
United States
142.250.185.65
unknown
United States
1.1.1.1
unknown
Australia
34.104.35.123
unknown
United States
74.125.133.84
unknown
United States
142.250.186.163
unknown
United States
104.18.95.41
challenges.cloudflare.com
United States
216.58.206.68
www.google.com
United States
216.58.206.46
unknown
United States
2.23.197.184
unknown
European Union
93.184.221.240
unknown
European Union
239.255.255.250
unknown
Reserved
188.114.97.3
innovatrix.msk.su
European Union
142.250.185.195
unknown
United States
34.193.227.236
unknown
United States
172.217.16.131
unknown
United States
There are 19 hidden IPs, click here to show them.