Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
A5614659154_Bestellung_GATX Rail Germany GmbH.pdf
|
PDF document, version 1.5
|
initial sample
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\86335096-110e-41c8-9e29-328a0b1be05b.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF646ea1.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a90e0722-3345-46b9-9f9a-39f94ebe4b6a.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db
|
SQLite 3.x database, last written using SQLite version 3040000, writer version 2, read version 2, file counter 1, database
pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-04-25.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 8, cookie 0x3, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425085501Z-628.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8,
version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 23, cookie 0x11, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 27, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 27
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI3631d.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9o4fwf2_1shcmuf_568.tmp
|
PDF document, version 1.6, 0 pages
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 10-54-59-086.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\0a718396-4951-4cc1-aa20-b12415042d8f.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\69cd2980-0c28-4682-8629-cf20c6cbaa2f.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\b75c750e-6335-445f-ab9f-67537ff32787.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\bd9adc05-9b9c-460e-a79e-ea38ffbd4bc6.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\ff0013fb-f506-4c93-9e7e-051527d0f7ff.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
|
ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 07:56:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 07:56:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 07:56:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 07:56:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 07:56:34 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 187
|
ASCII text, with very long lines (1090)
|
downloaded
|
||
|
Chrome Cache Entry: 188
|
ASCII text, with very long lines (2856), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 189
|
C++ source, ASCII text, with very long lines (4808)
|
downloaded
|
||
|
Chrome Cache Entry: 190
|
HTML document, ASCII text, with very long lines (627), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 192
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x400, components
3
|
dropped
|
||
|
Chrome Cache Entry: 193
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x120, components
3
|
downloaded
|
||
|
Chrome Cache Entry: 194
|
assembler source, ASCII text, with very long lines (1395)
|
downloaded
|
||
|
Chrome Cache Entry: 195
|
Java source, ASCII text, with very long lines (1070)
|
downloaded
|
||
|
Chrome Cache Entry: 196
|
Java source, ASCII text, with very long lines (675)
|
downloaded
|
||
|
Chrome Cache Entry: 197
|
ASCII text, with very long lines (1350)
|
downloaded
|
||
|
Chrome Cache Entry: 198
|
Java source, ASCII text, with very long lines (5071)
|
downloaded
|
||
|
Chrome Cache Entry: 199
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x400, components
3
|
dropped
|
||
|
Chrome Cache Entry: 201
|
Java source, ASCII text, with very long lines (8028)
|
downloaded
|
||
|
Chrome Cache Entry: 202
|
OpenType font data
|
downloaded
|
||
|
Chrome Cache Entry: 203
|
OpenType font data
|
downloaded
|
||
|
Chrome Cache Entry: 204
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 205
|
HTML document, ASCII text, with very long lines (65499)
|
downloaded
|
||
|
Chrome Cache Entry: 206
|
Unicode text, UTF-8 text, with very long lines (2645)
|
downloaded
|
||
|
Chrome Cache Entry: 207
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 209
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 211
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 212
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 214
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 216
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
||
|
Chrome Cache Entry: 217
|
OpenType font data
|
downloaded
|
||
|
Chrome Cache Entry: 219
|
Unicode text, UTF-8 text, with very long lines (12432)
|
downloaded
|
||
|
Chrome Cache Entry: 222
|
ASCII text, with very long lines (5945)
|
downloaded
|
||
|
Chrome Cache Entry: 224
|
ASCII text, with very long lines (65499)
|
downloaded
|
||
|
Chrome Cache Entry: 226
|
ASCII text, with very long lines (10843)
|
downloaded
|
||
|
Chrome Cache Entry: 227
|
RIFF (little-endian) data, Web/P image, VP8 encoding, 2560x480, Suserng: [none]x[none], YUV color, decoders should clamp
|
dropped
|
||
|
Chrome Cache Entry: 228
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 229
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 230
|
ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 231
|
OpenType font data
|
downloaded
|
||
|
Chrome Cache Entry: 232
|
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x400, components
3
|
dropped
|
||
|
Chrome Cache Entry: 233
|
ASCII text, with very long lines (8533)
|
downloaded
|
||
|
Chrome Cache Entry: 234
|
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x400, Suserng: [none]x[none], YUV color, decoders should clamp
|
downloaded
|
There are 84 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.aurubis.com/aeb
|
15.197.184.163
|
||
|
about:blank
|
|||
|
http://www.aurubis.com/en/downloads/aurubis-business-partner-code-of-conduct
|
15.197.184.163
|
||
|
https://www.aurubis.com/en/downloads
|
|||
|
https://www.aurubis.com/en/downloads/aurubis-business-partner-code-of-conduct
|
|||
|
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
142.251.15.104
|
||
|
consentcdn.cookiebot.com
|
unknown
|
||
|
imgsct.cookiebot.com
|
unknown
|
||
|
consent.cookiebot.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.1.26.135
|
unknown
|
United States
|
||
|
142.250.105.97
|
unknown
|
United States
|
||
|
23.54.200.159
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
172.253.124.102
|
unknown
|
United States
|
||
|
23.218.93.115
|
unknown
|
United States
|
||
|
173.194.219.95
|
unknown
|
United States
|
||
|
162.159.61.3
|
unknown
|
United States
|
||
|
23.216.72.131
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
52.5.13.197
|
unknown
|
United States
|
||
|
3.33.185.245
|
unknown
|
United States
|
||
|
142.251.15.94
|
unknown
|
United States
|
||
|
23.79.18.210
|
unknown
|
United States
|
||
|
15.197.184.163
|
unknown
|
United States
|
||
|
108.177.122.84
|
unknown
|
United States
|
||
|
142.251.15.104
|
www.google.com
|
United States
|
There are 7 hidden IPs, click here to show them.