IOC Report
-Case-id-#w93g94yv.pdf

loading gif

Files

File Path
Type
Category
Malicious
-Case-id-#w93g94yv.pdf
initial sample
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\31c05d7a-1a9f-46c6-a559-8aa353036acf.tmp
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF616096.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b2c6a69f-a41b-47bb-9372-6337a4ef0ae3.tmp
JSON data
modified
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419131223Z-162.bmp
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
JSON data
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Temp\MSI54d3.LOG
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 15-12-22-066.log
ASCII text, with very long lines (393)
dropped
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\7b3aad06-0ef0-4f44-9b55-9fc64b243b09.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\89023863-4e44-4bed-9e27-01973633f2af.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\e16e919e-f355-44cc-bd26-ede9972a2f5a.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
dropped
C:\Users\user\AppData\Local\Temp\acrocef_low\f432ecc0-bdff-4699-b19f-76a03e990977.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
dropped
Chrome Cache Entry: 161
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 166
HTML document, ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 167
JSON data
downloaded
Chrome Cache Entry: 168
PNG image data, 96 x 47, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 170
HTML document, ASCII text, with very long lines (1048)
dropped
Chrome Cache Entry: 172
ASCII text, with very long lines (42414)
downloaded
Chrome Cache Entry: 173
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 175
PNG image data, 387 x 130, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 176
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 177
HTML document, ASCII text
downloaded
Chrome Cache Entry: 178
ASCII text, with very long lines (65461)
downloaded
Chrome Cache Entry: 179
ASCII text, with very long lines (3379)
downloaded
There are 28 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://assets-usa.mkt.dynamics.com/1444fd8c-9cfc-ee11-9f85-6045bd059025/digitalassets/standaloneforms/ef5ac49e-32fe-ee11-a1ff-000d3a3b0220#msdynmkt_trackingcontext=5de0cd1a-7e87-4cb9-9a6e-0d0eca10a498
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/d7jc9/0x4AAAAAAAXcPJib_gpDOvgv/auto/normal

Domains

Name
IP
Malicious
part-0013.t-0009.t-msedge.net
13.107.246.41
code.jquery.com
151.101.130.137
challenges.cloudflare.com
104.17.3.184
www.google.com
74.125.136.104
standardplurnbing.com
172.67.217.64
assets-usa.mkt.dynamics.com
unknown

IPs

IP
Domain
Country
Malicious
184.25.164.138
unknown
United States
13.107.246.41
part-0013.t-0009.t-msedge.net
United States
74.125.136.94
unknown
United States
1.1.1.1
unknown
Australia
74.125.136.104
www.google.com
United States
192.168.2.16
unknown
unknown
52.146.76.30
unknown
United States
142.250.105.100
unknown
United States
104.123.200.169
unknown
United States
151.101.130.137
code.jquery.com
United States
104.17.3.184
challenges.cloudflare.com
United States
162.159.61.3
unknown
United States
54.144.73.197
unknown
United States
239.255.255.250
unknown
Reserved
172.67.217.64
standardplurnbing.com
United States
104.17.2.184
unknown
United States
172.217.215.84
unknown
United States
There are 7 hidden IPs, click here to show them.