Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
-Case-id-#w93g94yv.pdf
|
initial sample
|
|||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\31c05d7a-1a9f-46c6-a559-8aa353036acf.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF616096.TMP (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b2c6a69f-a41b-47bb-9372-6337a4ef0ae3.tmp
|
JSON data
|
modified
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419131223Z-162.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8,
version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 19
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSI54d3.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 15-12-22-066.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\7b3aad06-0ef0-4f44-9b55-9fc64b243b09.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\89023863-4e44-4bed-9e27-01973633f2af.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\e16e919e-f355-44cc-bd26-ede9972a2f5a.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\f432ecc0-bdff-4699-b19f-76a03e990977.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
Chrome Cache Entry: 161
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 166
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
||
Chrome Cache Entry: 167
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 168
|
PNG image data, 96 x 47, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
Chrome Cache Entry: 170
|
HTML document, ASCII text, with very long lines (1048)
|
dropped
|
||
Chrome Cache Entry: 172
|
ASCII text, with very long lines (42414)
|
downloaded
|
||
Chrome Cache Entry: 173
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 175
|
PNG image data, 387 x 130, 8-bit colormap, non-interlaced
|
dropped
|
||
Chrome Cache Entry: 176
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
Chrome Cache Entry: 177
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 178
|
ASCII text, with very long lines (65461)
|
downloaded
|
||
Chrome Cache Entry: 179
|
ASCII text, with very long lines (3379)
|
downloaded
|
There are 28 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://assets-usa.mkt.dynamics.com/1444fd8c-9cfc-ee11-9f85-6045bd059025/digitalassets/standaloneforms/ef5ac49e-32fe-ee11-a1ff-000d3a3b0220#msdynmkt_trackingcontext=5de0cd1a-7e87-4cb9-9a6e-0d0eca10a498
|
|||
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/d7jc9/0x4AAAAAAAXcPJib_gpDOvgv/auto/normal
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
part-0013.t-0009.t-msedge.net
|
13.107.246.41
|
||
code.jquery.com
|
151.101.130.137
|
||
challenges.cloudflare.com
|
104.17.3.184
|
||
www.google.com
|
74.125.136.104
|
||
standardplurnbing.com
|
172.67.217.64
|
||
assets-usa.mkt.dynamics.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
184.25.164.138
|
unknown
|
United States
|
||
13.107.246.41
|
part-0013.t-0009.t-msedge.net
|
United States
|
||
74.125.136.94
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
74.125.136.104
|
www.google.com
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
52.146.76.30
|
unknown
|
United States
|
||
142.250.105.100
|
unknown
|
United States
|
||
104.123.200.169
|
unknown
|
United States
|
||
151.101.130.137
|
code.jquery.com
|
United States
|
||
104.17.3.184
|
challenges.cloudflare.com
|
United States
|
||
162.159.61.3
|
unknown
|
United States
|
||
54.144.73.197
|
unknown
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
172.67.217.64
|
standardplurnbing.com
|
United States
|
||
104.17.2.184
|
unknown
|
United States
|
||
172.217.215.84
|
unknown
|
United States
|
There are 7 hidden IPs, click here to show them.