IOC Report
scan1738761_rsalinas@wcctxlaw.com.pdf

loading gif

Files

File Path
Type
Category
Malicious
scan1738761_rsalinas@wcctxlaw.com.pdf
PDF document, version 1.7, 0 pages
initial sample
 malicious
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4f977b8b-ac9e-47d1-8337-334bf4f37bfe.tmp
JSON data
modified
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\50996a5c-3988-4f31-adf3-4f5776fed0b5.tmp
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5fe2e0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241029172615Z-171.bmp
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Certificate, Version=3
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
data
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
modified
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\MSIed661.LOG
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\0567f49f-b366-4233-a838-9470da337277.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\4237a250-3d5c-4ea1-a8a3-141b82e319cb.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\c498e6ca-eba9-427b-af82-32734c3100dd.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\d15ccf4e-78bf-441d-b51a-be60a816743f.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:26:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:26:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:26:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:26:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:26:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 177
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3
downloaded
Chrome Cache Entry: 178
ASCII text, with very long lines (47531)
downloaded
Chrome Cache Entry: 179
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 180
PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 181
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 182
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 183
PNG image data, 30 x 97, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 184
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1378
dropped
Chrome Cache Entry: 186
JPEG image data, baseline, precision 8, 1920x1080, components 3
downloaded
Chrome Cache Entry: 187
ASCII text
dropped
Chrome Cache Entry: 189
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
downloaded
Chrome Cache Entry: 190
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113378
downloaded
Chrome Cache Entry: 194
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 379
downloaded
Chrome Cache Entry: 196
GIF image data, version 89a, 352 x 3
downloaded
Chrome Cache Entry: 197
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 198
Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
downloaded
Chrome Cache Entry: 199
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
downloaded
Chrome Cache Entry: 202
ASCII text, with very long lines (994), with no line terminators
downloaded
Chrome Cache Entry: 206
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
downloaded
Chrome Cache Entry: 207
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 209
ASCII text, with very long lines (46599)
downloaded
Chrome Cache Entry: 211
PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 212
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
downloaded
Chrome Cache Entry: 214
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
There are 59 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://bluemarlinsmarine.com/?yentvuvm=39c8f539f9b611afdf985b6c03334d8462c205395920295750560b887b0d149e030ea724e7393dcf12e144a98533a2670105061f783748a4da430a424b2a7049&qrc=rsalinas%40wcctxlaw.com

Domains

Name
IP
Malicious
hgbllc.net
89.185.80.20
 malicious
challenges.cloudflare.com
104.18.94.41
sni1gl.wpc.omegacdn.net
152.199.21.175
www.google.com
142.250.184.228
bluemarlinsmarine.com
89.185.80.20
s-part-0039.t-0009.t-msedge.net
13.107.246.67
ib.anycast.adnxs.com
37.252.171.53
FRA-efz.ms-acdc.office.com
52.98.179.210
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
84.201.210.37
x1.i.lencr.org
unknown
r4.res.office365.com
unknown
aadcdn.msftauth.net
unknown
secure.adnxs.com
unknown
outlook.office365.com
unknown
There are 4 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
89.185.80.20
hgbllc.net
Russian Federation
malicious
52.98.179.210
FRA-efz.ms-acdc.office.com
United States
1.1.1.1
unknown
Australia
74.125.133.84
unknown
United States
172.217.16.206
unknown
United States
184.28.88.176
unknown
United States
13.107.246.67
s-part-0039.t-0009.t-msedge.net
United States
142.250.186.163
unknown
United States
104.18.94.41
challenges.cloudflare.com
United States
192.168.2.16
unknown
unknown
104.18.95.41
unknown
United States
2.23.197.184
unknown
European Union
93.184.221.240
unknown
European Union
20.190.160.17
unknown
United States
239.255.255.250
unknown
Reserved
142.250.185.131
unknown
United States
34.193.227.236
unknown
United States
142.250.184.228
www.google.com
United States
23.38.98.111
unknown
United States
172.217.18.110
unknown
United States
37.252.171.53
ib.anycast.adnxs.com
European Union
172.64.41.3
unknown
United States
There are 12 hidden IPs, click here to show them.