Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf

Overview

General Information

Sample URL:https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf
Analysis ID:1447262
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected non-DNS traffic on DNS port
Drops files with a non-matching file extension (content does not match file extension)
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2008,i,5372829012406818501,3102701673576048389,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 4052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • Acrobat.exe (PID: 5440 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 4228 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5804 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1544,i,10501683577450689515,1584079827842287916,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdfHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.5:49710 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.5:49709 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.5:49718 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.5:49717 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.5:53324 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.5:58578 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficDNS traffic detected: DNS query: www.asafm.army.mil
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.9.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58590 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58588
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58587
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58583
Source: unknownNetwork traffic detected: HTTP traffic on port 58587 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58588 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58590
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 58583 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: classification engineClassification label: clean1.win@41/52@7/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-24 11-46-38-366.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2008,i,5372829012406818501,3102701673576048389,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf"
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1544,i,10501683577450689515,1584079827842287916,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2008,i,5372829012406818501,3102701673576048389,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1544,i,10501683577450689515,1584079827842287916,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfgJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 223
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 223Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447262 URL: https://www.asafm.army.mil/... Startdate: 24/05/2024 Architecture: WINDOWS Score: 1 22 chrome.cloudflare-dns.com 2->22 7 chrome.exe 20 2->7         started        10 Acrobat.exe 20 60 2->10         started        12 chrome.exe 2->12         started        process3 dnsIp4 26 192.168.2.4 unknown unknown 7->26 28 192.168.2.5, 443, 49703, 49709 unknown unknown 7->28 30 239.255.255.250 unknown Reserved 7->30 14 chrome.exe 7->14         started        17 AcroCEF.exe 106 10->17         started        process5 dnsIp6 32 www.google.com 172.217.18.4, 443, 49713, 58583 GOOGLEUS United States 14->32 34 www.asafm.army.mil 14->34 19 AcroCEF.exe 17->19         started        process7 dnsIp8 24 chrome.cloudflare-dns.com 172.64.41.3, 443, 51307, 58587 CLOUDFLARENETUS United States 19->24

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://chrome.cloudflare-dns.com/dns-query0%URL Reputationsafe
file:///C:/Users/user/Downloads/downloaded.pdf0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalse
    		unknown
    www.google.com
    		172.217.18.4
    		truefalse
      		unknown
      fp2e7a.wpc.phicdn.net
      		192.229.221.95
      		truefalse
        		unknown
        www.asafm.army.mil
        		unknown
        		unknownfalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://chrome.cloudflare-dns.com/dns-queryfalse
          • URL Reputation: safe
          		unknown
          https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdffalse
            		unknown
            file:///C:/Users/user/Downloads/downloaded.pdffalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            172.217.18.4
            		www.google.comUnited States
            		15169GOOGLEUSfalse
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            172.64.41.3
            		chrome.cloudflare-dns.comUnited States
            		13335CLOUDFLARENETUSfalse

            Private

            IP
            192.168.2.4
            192.168.2.5

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1447262
            Start date and time:2024-05-24 17:44:24 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 4m 32s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:13
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean1.win@41/52@7/5
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.184.238, 64.233.184.84, 34.104.35.123, 23.204.24.144, 40.68.123.157, 95.101.54.121, 95.101.54.120, 95.101.54.113, 95.101.54.128, 95.101.54.195, 192.229.221.95, 13.85.23.206, 13.95.31.18, 52.165.165.26, 142.250.185.67, 184.28.88.176, 107.22.247.231, 18.207.85.246, 54.144.73.197, 34.193.227.236, 172.217.23.110, 2.16.241.15, 2.16.241.13, 2.16.164.121, 2.16.164.131, 2.16.164.105, 2.16.164.120, 2.16.164.129, 2.16.164.107, 2.16.164.122, 2.16.164.114, 2.16.164.113, 2.16.164.64, 2.16.164.59, 2.16.164.24, 2.16.164.51, 2.16.164.17, 2.16.164.33, 2.16.164.16, 2.16.164.35, 142.251.40.131, 142.250.80.67, 23.200.196.138
            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, www.asafm.army.mil.edgekey.net, clientservices.googleapis.com, a767.dspw65.akamai.net, e17131.dscb.akamaiedge.net, acroipm2.adobe.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, www.gstatic.com, wu-b-net.trafficmanager.net, apps.identrust.com, glb.sls.prod.dcat.dsp.trafficmanager.net, clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtOpenFile calls found.
            • Report size getting too big, too many NtSetInformationFile calls found.
            • VT rate limit hit for: https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf

            Simulations

            Behavior and APIs

            TimeTypeDescription
            11:46:48API Interceptor1x Sleep call for process: AcroCEF.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.229469898085802
            Encrypted:false
            SSDEEP:6:DT5TU+lL+q2P92nKuAl9OmbnIFUt86T5TU8z1Zmw+6T5TU8lLVkwO92nKuAl9Omt:D5Lyv4HAahFUt865DZ/+65DlR5LHAaSJ
            MD5:A709555187502D29E99CF5FE6B23A08C
            SHA1:292699E9AEDFD770EED146DB43FC92204DEA165C
            SHA-256:A7B1847C3B2E0A4068C56C66D3A06D6B53379BC8B2D54F8414C10E6EE4546AEA
            SHA-512:01BC61E10089A9D42C1B991FD33A667A69B0CCAE7763DE646E9785EBB6397549E283838CEA489229B3852518274AF7E51F43E9C360901A5D269465F34533C7EB
            Malicious:false
            Reputation:low
            Preview:2024/05/24-11:46:36.151 c38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/24-11:46:36.153 c38 Recovering log #3.2024/05/24-11:46:36.153 c38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.229469898085802
            Encrypted:false
            SSDEEP:6:DT5TU+lL+q2P92nKuAl9OmbnIFUt86T5TU8z1Zmw+6T5TU8lLVkwO92nKuAl9Omt:D5Lyv4HAahFUt865DZ/+65DlR5LHAaSJ
            MD5:A709555187502D29E99CF5FE6B23A08C
            SHA1:292699E9AEDFD770EED146DB43FC92204DEA165C
            SHA-256:A7B1847C3B2E0A4068C56C66D3A06D6B53379BC8B2D54F8414C10E6EE4546AEA
            SHA-512:01BC61E10089A9D42C1B991FD33A667A69B0CCAE7763DE646E9785EBB6397549E283838CEA489229B3852518274AF7E51F43E9C360901A5D269465F34533C7EB
            Malicious:false
            Reputation:low
            Preview:2024/05/24-11:46:36.151 c38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/24-11:46:36.153 c38 Recovering log #3.2024/05/24-11:46:36.153 c38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):338
            Entropy (8bit):5.204174051281625
            Encrypted:false
            SSDEEP:6:DT5TUiKq2P92nKuAl9Ombzo2jMGIFUt86T5TUIZmw+6T5TUQkwO92nKuAl9Ombzz:D5Av4HAa8uFUt865Z/+65z5LHAa8RJ
            MD5:90B64C354D4FEF05DB30C66D5C81661B
            SHA1:CFB2E20B211AB1A7812586AF8D050C47FCC88ADD
            SHA-256:AF3228D7F3F0C6DC80F49E6C82351E0D02717C3FCF8D805D97EEB8C41F196E77
            SHA-512:1CF2AB6B9FA1569761149968C083E4133AA8524C432D9B0EDDB965918877923CD01438B1F9FD35FD07F091ADA888709CD0C06F1CD134BAD2FEA6FC3598F62FD7
            Malicious:false
            Reputation:low
            Preview:2024/05/24-11:46:36.199 17f0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/24-11:46:36.201 17f0 Recovering log #3.2024/05/24-11:46:36.201 17f0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):338
            Entropy (8bit):5.204174051281625
            Encrypted:false
            SSDEEP:6:DT5TUiKq2P92nKuAl9Ombzo2jMGIFUt86T5TUIZmw+6T5TUQkwO92nKuAl9Ombzz:D5Av4HAa8uFUt865Z/+65z5LHAa8RJ
            MD5:90B64C354D4FEF05DB30C66D5C81661B
            SHA1:CFB2E20B211AB1A7812586AF8D050C47FCC88ADD
            SHA-256:AF3228D7F3F0C6DC80F49E6C82351E0D02717C3FCF8D805D97EEB8C41F196E77
            SHA-512:1CF2AB6B9FA1569761149968C083E4133AA8524C432D9B0EDDB965918877923CD01438B1F9FD35FD07F091ADA888709CD0C06F1CD134BAD2FEA6FC3598F62FD7
            Malicious:false
            Reputation:low
            Preview:2024/05/24-11:46:36.199 17f0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/24-11:46:36.201 17f0 Recovering log #3.2024/05/24-11:46:36.201 17f0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):4099
            Entropy (8bit):5.2413557484907765
            Encrypted:false
            SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUNYgLNp:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLw
            MD5:5DDBFDD9EEC4C183F1DFE94C56C9762E
            SHA1:4D9A39F654FC122DCB0435BE2985E43B94D63E0F
            SHA-256:BAECFD6DB5CED0FCD53E8436AF701E777C1832BD2E92892F4E2ED256C34F62F4
            SHA-512:4DEB4E424746433DFA68305C799C5D6783F52D615F84BE32BEFEFB4F2259CA577D2E8682EC546A10FBD3688EA32EABACAB7780CE1E9C8B9721830FCEC96F71F4
            Malicious:false
            Reputation:low
            Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):326
            Entropy (8bit):5.226874846789706
            Encrypted:false
            SSDEEP:6:DT5TUeawVOq2P92nKuAl9OmbzNMxIFUt86T5TUe8vZZmw+6T5TUerXkwO92nKuAo:D5DOv4HAa8jFUt865s/+65n5LHAa84J
            MD5:6DCD029D454D6C8835283DAA4EE494B8
            SHA1:76A5E6D8EAB6853510029345661413ABA05D0B02
            SHA-256:7B01F3CED080229372251EEA6AA6BD9BBB87C615DF0AF64DF6FB8E2D2EF691F1
            SHA-512:384F2D14960908DE2016E77AA4ACB96991BE24636CBB32EC4DF82AFEE3864FE0E91466A6F8CF2F45EFAEABD99767E4656A32A35F0BD4FF6F5A3D978208E3C4AF
            Malicious:false
            Reputation:low
            Preview:2024/05/24-11:46:36.526 17f0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/24-11:46:36.527 17f0 Recovering log #3.2024/05/24-11:46:36.528 17f0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):326
            Entropy (8bit):5.226874846789706
            Encrypted:false
            SSDEEP:6:DT5TUeawVOq2P92nKuAl9OmbzNMxIFUt86T5TUe8vZZmw+6T5TUerXkwO92nKuAo:D5DOv4HAa8jFUt865s/+65n5LHAa84J
            MD5:6DCD029D454D6C8835283DAA4EE494B8
            SHA1:76A5E6D8EAB6853510029345661413ABA05D0B02
            SHA-256:7B01F3CED080229372251EEA6AA6BD9BBB87C615DF0AF64DF6FB8E2D2EF691F1
            SHA-512:384F2D14960908DE2016E77AA4ACB96991BE24636CBB32EC4DF82AFEE3864FE0E91466A6F8CF2F45EFAEABD99767E4656A32A35F0BD4FF6F5A3D978208E3C4AF
            Malicious:false
            Reputation:low
            Preview:2024/05/24-11:46:36.526 17f0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/24-11:46:36.527 17f0 Recovering log #3.2024/05/24-11:46:36.528 17f0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240524154640Z-185.bmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PC bitmap, Windows 3.x format, 164 x -126 x 32, cbSize 82710, bits offset 54
            Category:dropped
            Size (bytes):82710
            Entropy (8bit):1.1521894466357347
            Encrypted:false
            SSDEEP:192:M/0vXVkOiSHjKyMPYzkgzOUdhrUZ2rUK1FqVwllT6GgU4cKCuh:M/0PVNiSHjKy+8y8wZ2X1oVYlTQcKCuh
            MD5:5F695CB90CDEE4CA19AC5BF77E7053E2
            SHA1:54983531B4F232AF27D983268AF3C5BAB3BAA428
            SHA-256:FD13A106DF7B8C543C6A4581714C1E445C6A7062905DB827BAC820D01A32EC26
            SHA-512:28117B458B6CACB2DFD7A243C4372460411A98940F17C6061681CF11881222FF861FE9ADCFBF43835F0E73319CEA28BF4AAF50444BC7D846E7BBCA0EF1348087
            Malicious:false
            Reputation:low
            Preview:BM.C......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):893
            Entropy (8bit):7.366016576663508
            Encrypted:false
            SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
            MD5:D4AE187B4574036C2D76B6DF8A8C1A30
            SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
            SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
            SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
            Malicious:false
            Reputation:low
            Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):252
            Entropy (8bit):3.0185313792061232
            Encrypted:false
            SSDEEP:3:kkFklVR/kVXfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kKqRslxliBAIdQZV7I7kc3
            MD5:625070911F4BF7EAAEE88E491D4F6DFB
            SHA1:EDFFFAFAFA6308105862EE6CCAD119C465C352BE
            SHA-256:D84535ACB74E2B9A12F68491118F28C0FA61DCDAAB7693DC221CF6217F461AE4
            SHA-512:45142CD67D8C3B0DEF4CB2BF6BD67A20F4DFFD800FC4F4BC5CBDF942119A11FFD0376E9EBD0EBBBBEAC39468D1A5859ED97C293EB74B2FCCBC401CA3EB478506
            Malicious:false
            Reputation:low
            Preview:p...... ....`....}.....(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):295
            Entropy (8bit):5.322532179480769
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJM3g98kUwPeUkwRe9:YvXKXYafZLSYpW7gGMbLUkee9
            MD5:AA3F8F2612FFCF4FD3154FC5C837EF09
            SHA1:595782EC7DF343D664523394E433C9AB9A215B5B
            SHA-256:FBE7B03AE6BA681D9BAAB2266A33628C64493946DA41CC0CB340AFFDD8E1F1E5
            SHA-512:4AA270CE274504DE4B9191F09B25A6EDB7F565DD8E515ED918D18BCF40718874D17F71094E8E52069234F8824A07061ED218707EABE0BE98E0C3C9DFC9BAF4C3
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.258958874126939
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfBoTfXpnrPeUkwRe9:YvXKXYafZLSYpW7gGWTfXcUkee9
            MD5:23B4465EB4509C6004B33C1B04553862
            SHA1:9B1500BA760ADD2BBDCEA28843E45CDFD9FAD27C
            SHA-256:2314ED95704A50722B1E79ED8DD3637D4AF13904CC05F5EB0392543A032BA487
            SHA-512:C1EBAC7591BE20973D7D9B85A35E655AFBF6D2919C718350750DCD5ED32E73F9FAE604649DD3F6E401277140CE537BE779F761A71C31A3F07DE15FC549B3F7D4
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.238485057200971
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfBD2G6UpnrPeUkwRe9:YvXKXYafZLSYpW7gGR22cUkee9
            MD5:36A11B61730754C1B8D202DC254725F4
            SHA1:AC3261A881C94E742D2D3CBE411925EC9B5CC400
            SHA-256:EB8B242CA1ADBD450C23BC160574F13018C7C9F82342C2C1CD71B4CE43BDEB96
            SHA-512:A6C190FFD49ACE2A3F7EE093A722C3D96375DFC0835F6957AF34B31148BC9EBE0D15EA8965C4B84EF9B869E7AAB60A74A8D57086D761B91C2600C2F268C82F8E
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):285
            Entropy (8bit):5.299992383210619
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfPmwrPeUkwRe9:YvXKXYafZLSYpW7gGH56Ukee9
            MD5:D2F79E73BDDC94F32775BDCD4BCBFDE0
            SHA1:B6799F20B8B23D424D42D36EA5D7886C2BB1FA31
            SHA-256:FFC1B52C37D43B744F9A21EBFB020F407811D8E5FADAA53960C08FA221770A8F
            SHA-512:77783CBBCACA1F69B11BC83C3CC50050EED4988C049CB7D8BB861DA2C84D6667023F37F4046B947CC513312E9BC4B7B78DB2780286C437EF4F02FE0ED3453428
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.255946391105743
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfJWCtMdPeUkwRe9:YvXKXYafZLSYpW7gGBS8Ukee9
            MD5:BA5F58732FC015799E7D55CDC1B53577
            SHA1:ED75DF979612AB59F4BFE7ED9688D58D0111C0DF
            SHA-256:199559536794B00A98B42F511EA0A8155D8F6AFD0E25CBD7E3616531BB497BFC
            SHA-512:CF9030EF14C656EFD773EAB69FD6EF52B1A542765A1157D61F4E0E29EACA03FEBA43B779A5CE60AFE5CDD947F6251EA7DEBAE7E51DAB0DAC2CCEF810DD60CFCD
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.242635757461539
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJf8dPeUkwRe9:YvXKXYafZLSYpW7gGU8Ukee9
            MD5:F6F72CE1E9D0107F87FBF4B25F41ACF8
            SHA1:68B4A6F9808DB09055559D5B142265644AEBF1BC
            SHA-256:85E2C1629A616ABABD77BCA9A3360EEB536F6F12B2AC01EFA3BA713A3010632E
            SHA-512:D6BF987DFD22E29EBC88982E219C53F95CB0DA238715F847269D8558A134102DB9C7D9117E99F22E2126B0D601BAFD391A7FE96CED4678A735AC5D7A7B2D0E9D
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.243954529254294
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfQ1rPeUkwRe9:YvXKXYafZLSYpW7gGY16Ukee9
            MD5:2EA9FF7F1ACD13818084590D5AF9B121
            SHA1:EB6582E8241CF079783A1CE2A0C64398C6637D88
            SHA-256:D99A5C19322B0CCA99BC8A1AB8ADE8E6BCBDE238DAEC76EEB8BF69EB86DC2187
            SHA-512:946BE5D1D064C3C18B975A9E7AF6B83D72219F7B7B49FAD06CA4D22FCFC2B8203CA2913FC6BA4596BAAAB5D0B75FC9288944352D6FE89584B31B0F9401AFA5B8
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.2626527788630995
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfFldPeUkwRe9:YvXKXYafZLSYpW7gGz8Ukee9
            MD5:1AF8F0582C0DE9C863A85DBA8116411D
            SHA1:5F0C416B1FAF39C6EA735F35FB9B7FAD1C453B2D
            SHA-256:F082828181EF344EE62E77928CAE7F15C393B8A7C718628C3CD03449A669E882
            SHA-512:0C5C1EA8646B1397FAEE8CC90A05D900FF6FA60A810D3DCBA33275125337B739CB4F8AEBADAD79CF0B0B5A458D77C0693B19EFEFB965C53A65318CB90E128888
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1372
            Entropy (8bit):5.737108104903754
            Encrypted:false
            SSDEEP:24:Yv6XTR3iYKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNY:YvSSYEgigrNt0wSJn+ns8cvFJ2
            MD5:9036E7BE41BF82AC016BD8F867455E22
            SHA1:EC6D0A6DF6A2398B7F6B92DFC8CB7E68D0CE8A9C
            SHA-256:B1BF4F7BEF5FC9638C5E6E9E545280F833C1F95A9EA25C9637A924923C08A03D
            SHA-512:CE5F951A6C83FE28CF18FF3D97E172B38DAAD1C78CEF51D843C5E309558BA7CCE201C57950A5929E4D586900F3CCE588D3CAA16DA6ABA29AE8E389FAA5D85101
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.2495675558879435
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfYdPeUkwRe9:YvXKXYafZLSYpW7gGg8Ukee9
            MD5:CDB276983D035FC7544F4FC69B78E7F5
            SHA1:3AF6BF452C2110A39495AAF7A6C8F8B539E365B6
            SHA-256:55946C65C535FA77382FB2DCBDD5814215C472CB9CC492CA1C3DB8A772104E05
            SHA-512:CE5766482D5F3D7798A11F4829267EF19DDFD1CDE5A0977D0653F4BB79B9E5FE21FED0237526DB4957C09AF8EE5949D793BE7D4DDE35B6F10D80E47F4B8585ED
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1395
            Entropy (8bit):5.772305763977881
            Encrypted:false
            SSDEEP:24:Yv6XTR3i3rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNw:YvSS3HgDv3W2aYQfgB5OUupHrQ9FJK
            MD5:AD0B29668B1F1847EA4A46AFDEAF4BFC
            SHA1:22BE3FED05624E47CF2F3C1B07C53880694AFB53
            SHA-256:781FC067AB3012F51B68A2BB0B17F149B3365A3B2252B3909027ECEC51641321
            SHA-512:493D0516B7E1118BCDA7071AA010114A29685C9115D30633C9E1D8D31D89DA71B8D2C76B509874B91C83662D17C45E0657F4798F5212369A05CFE16F8BD932F7
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.2334612682979715
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfbPtdPeUkwRe9:YvXKXYafZLSYpW7gGDV8Ukee9
            MD5:A233D2EDEFE8790C7903A44709DE36C3
            SHA1:E5465482D80C5354A46EFA97678878203540E38E
            SHA-256:CD277228C18308CE5C52803F5A0949A901EB28D26E6E2B240E21F0DBF2989E2A
            SHA-512:ED3BE27FA1269F3C163498E624FB5FA50D682F4AAC8C5398CD0C2846042A044F6C4EC54425158936620A5D56F4ED2C13DDD171D6B6A7F0004100AFEB0E40CDE8
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):287
            Entropy (8bit):5.234732292828529
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJf21rPeUkwRe9:YvXKXYafZLSYpW7gG+16Ukee9
            MD5:62E9E602EC4436A6A209D73DED52FBEF
            SHA1:2AAE7CB47C863F77188F18ECB4CEB0B10D86F988
            SHA-256:471157CB696DEAE5F96632D234BF9D68F397D221B20E671BBF2E4889FBC45092
            SHA-512:00595E216EC6D868141B21F9A58B8F1C043DAE5006B870D81FEF734EEFF00AEC11EC5DCD73E1E48DC5AAE99DE729CACB57038D6E87E307866B32CB6A28F1B13A
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.256943021731258
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfbpatdPeUkwRe9:YvXKXYafZLSYpW7gGVat8Ukee9
            MD5:4A37597717558CDBC83F020CEAEAD201
            SHA1:F4AD7619D3E7BF71458F51EC2450EA5E52E6AB8B
            SHA-256:1B351F1FEFD7FF221581E34AB705159CA41A58A6B46EF71AEBEFB6609AB4B7BC
            SHA-512:AC765F7593813914EAE233E2448FE4E1CDB045A0ED3F211DE711F296685AC5FC301CF3E1F2A2C3EF11FAEF6C5853ED2197C12C440CEF89B66A6C90EF53A21566
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):286
            Entropy (8bit):5.209420085246915
            Encrypted:false
            SSDEEP:6:YEQXJ2HXHERNIiVuZLpR+FIbRI6XVW7+0Y0lxoAvJfshHHrPeUkwRe9:YvXKXYafZLSYpW7gGUUUkee9
            MD5:0B0E0C048BE03C154D2C44B9EE43E87C
            SHA1:F4DE4CB830C9376EA0A7699C274E3033B09507C0
            SHA-256:2ABE33DF53640C34E2F8D229164DD27D4C7558A24967CA80B8264AE57C4BA868
            SHA-512:C5C62AEA72499750F2A5781A5A9EB3874EA452DC9C1FC5274FC797B40D50100EA39A9F525C23301FB8E1628F7752D886F14EB41E5607FEC1FFDF2B719EF33ACA
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):782
            Entropy (8bit):5.3557423520180105
            Encrypted:false
            SSDEEP:12:YvXKXYafZLSYpW7gGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWM:Yv6XTR3iW168CgEXX5kcIfANh9
            MD5:717BD2D7FFE34882B3F74042940AB2ED
            SHA1:9FDF3C2CBF54189818C11DB012024B2B95EC1018
            SHA-256:062265691236E1F918448596D2C950E499204C691100BD9D36E3309379EAADE6
            SHA-512:2CC643CA3A9B32B3A3C581000342F842FC1BCC57E74FA01766B79DDB7B8753F1BE2CBAE87C659781ADF085195AB3EA998662FB8847CCBA899906571E91DD4E9F
            Malicious:false
            Reputation:low
            Preview:{"analyticsData":{"responseGUID":"0a480eb8-4ead-4e0d-a1e5-5849c9368f55","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1716745198161,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1716565603191}}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):4
            Entropy (8bit):0.8112781244591328
            Encrypted:false
            SSDEEP:3:e:e
            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
            Malicious:false
            Reputation:low
            Preview:....

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2814
            Entropy (8bit):5.139908245804581
            Encrypted:false
            SSDEEP:48:Yi5thcKa9jnkfBBV6fkI479lPP67mNX9E:/5Xna9DEQMI479FyyDE
            MD5:8F262C8878F53002F3C11A8878D889FF
            SHA1:4B580A1BEBBA82C1599D1F78003DED033C6A7E8E
            SHA-256:D4D92E6A0F3F91C4708248027F1C7ACFE1D2767F9BA0C04D48B23F1059C41D04
            SHA-512:46F0B358220D0452F9AE55BC5F47123A6A346D0F759AEF45A9F440D51EEB81822CE990E0797D7388BFF9647BA15AD6A92054385AABC52AC07A21D2CE6F0789E1
            Malicious:false
            Reputation:low
            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"a60f6c68b95deb487559f88a58579a7c","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1716565602000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"acabfb2c92c80a949783fb708752b6cb","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1716565602000},{"id":"Edit_InApp_Aug2020","info":{"dg":"b8f8d4a040f6d5cc51a99fb8d5cdf665","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1716565602000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"013993c87377bd971fcc9748fb6a4e45","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1716565602000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"1eda7ce0d39d7d4bf02a79586535d078","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1716565602000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"ba629d2ccc0b860716b67f51c11e5f08","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1716565602000},

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
            Category:dropped
            Size (bytes):12288
            Entropy (8bit):0.9836365624140849
            Encrypted:false
            SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpU34zJwtNBwtNbRZ6bRZ4H3F:TVl2GL7ms6ggOVpJzutYtp6Po
            MD5:452E97349950E369D571F77314BC2DF6
            SHA1:6E086B5EEEAA0BBC1CB80CE06082119F0DCDE248
            SHA-256:F3E442E49EF4E209CB5099464BEC155A3C08E8371025954A255BD6BB5BDEBE57
            SHA-512:7623D39CBE3A22C0ABBB2671174A6B8AE93168EDC86406C20A052A1655BF04B0771B2AB9FEBEFDE0108755DA7E213387FFBF349CF0844E52046074779F336A73
            Malicious:false
            Reputation:low
            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):1.3379996702818238
            Encrypted:false
            SSDEEP:24:7+tMAD1RZKHs/Ds/SpU3PzJwtNBwtNbRZ6bRZWf1RZKAqLBx/XYKQvGJF7urss:7MMGgOVpSzutYtp6PM1qll2GL7mss
            MD5:33C33AD1B9EE6037A9F25E0D06FB7AB1
            SHA1:BEF20CE03EBE2852580D4A969FDD273ABB69F51A
            SHA-256:FE55FE5BB30FB56CD195B4028B64B710F20F7FFF4AE35B1D4B595DFE85C32CE8
            SHA-512:8A2404B1CAADDAB34C92CF82760172717E99FFA1BFB1E75B0DD1BF7908E4A90150230286DD10A0828E34EE75098CFE4379D9E9DF27E734A5A07E24F81C7C67C8
            Malicious:false
            Reputation:low
            Preview:.... .c......=S.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\MSId2a86.LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):246
            Entropy (8bit):3.5258803161342094
            Encrypted:false
            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c6LNlH:Qw946cPbiOxDlbYnuRKH+N9
            MD5:5A06C81676BD1FE1151F1ECED62B44AB
            SHA1:F5C7ECDF1E1A0CE099158F1FB15795F976F6E7BD
            SHA-256:14984B1402FDBA7D2C8DF98B4FB5859435B3576B73C60CF8FED671A528AFDC59
            SHA-512:BD7FFDC365F2BE051ED719DBDE66B2EFBAF697C6D67609291966807B97AAD2B71599D8F4A4C1B5A8FBC9AD4F4C95951248F5E4F3AAA9D8A9E5C42AA52C418F2E
            Malicious:false
            Reputation:low
            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.5./.2.0.2.4. . .1.1.:.4.6.:.4.3. .=.=.=.....

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-24 11-46-38-366.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393)
            Category:dropped
            Size (bytes):16525
            Entropy (8bit):5.376360055978702
            Encrypted:false
            SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
            MD5:1336667A75083BF81E2632FABAA88B67
            SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
            SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
            SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
            Malicious:false
            Reputation:low
            Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393), with CRLF line terminators
            Category:dropped
            Size (bytes):15114
            Entropy (8bit):5.373620158314672
            Encrypted:false
            SSDEEP:384:NEANYk5OtteujV5Qrb7UuDiCRLmw+UlJXMWi0Q0BkTj1PK3Iw3dh696H+ZL6JI4H:qU3
            MD5:D23162D57ADB66F6BF811BA5291899EC
            SHA1:5F699057FFDC39FEF5F6C61B8D29A36A662324D6
            SHA-256:895B59B1882F92A186A6F76005F81D638BC499D0F601C49516F120F431157369
            SHA-512:C7F8250034B77C271C34A1574BEFA60046153CB771DAF76820DDA4C9AE646267DF7994887052BF8186154D998C42151A740E9587263F357D6C3B7AB455508150
            Malicious:false
            Reputation:low
            Preview:SessionID=ff195ed5-6a03-403b-afa9-e2af89d93d3f.1716565598378 Timestamp=2024-05-24T11:46:38:378-0400 ThreadID=4632 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=ff195ed5-6a03-403b-afa9-e2af89d93d3f.1716565598378 Timestamp=2024-05-24T11:46:38:379-0400 ThreadID=4632 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=ff195ed5-6a03-403b-afa9-e2af89d93d3f.1716565598378 Timestamp=2024-05-24T11:46:38:379-0400 ThreadID=4632 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=ff195ed5-6a03-403b-afa9-e2af89d93d3f.1716565598378 Timestamp=2024-05-24T11:46:38:379-0400 ThreadID=4632 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=ff195ed5-6a03-403b-afa9-e2af89d93d3f.1716565598378 Timestamp=2024-05-24T11:46:38:379-0400 ThreadID=4632 Component=ngl-lib_NglAppLib Description="SetConf

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):29752
            Entropy (8bit):5.398812052077034
            Encrypted:false
            SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbp:N
            MD5:4C74B15B4B647EF188E3D625F2A4CD9D
            SHA1:C3C135192013772CDC0E7E57D896C64F18A8758E
            SHA-256:60FF97DDC429D60F63CD2CFFA30A71FE39D2B726EEA53FB07974015ADFE90A7D
            SHA-512:0C48D961C5E52E02269285129D9ABA18CF19631FEEECCBFB145C9C4BAA5E4FB592CE60F93283C8FDFD92D2D1C90BFDA864302BEAB4E26C185B2CF13E2F31185D
            Malicious:false
            Reputation:low
            Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

            C:\Users\user\AppData\Local\Temp\acrocef_low\0113b654-2894-443c-8fee-b64c930edfed.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
            Category:dropped
            Size (bytes):1419751
            Entropy (8bit):7.976496077007677
            Encrypted:false
            SSDEEP:24576:/ewYIGNPgOWL07oYGZRydpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:WwZGDWLxYGZRy3mlind9i4ufFXpAXkru
            MD5:E74D5582DDC404CA71E55438495CFFE8
            SHA1:6B7EBA431D176AF86122744D4732EB79203C64D2
            SHA-256:9543D2405322E147F939F7710F066FA8F83827EB5733CC627F409C6A5BBCA123
            SHA-512:A9231BCD1CDB077AC3B3249233276BEF7A34943D8BD81FD0E496453054E8B863FEA6775A7C62C8B4DE32F9B35B385AEE92E55441628EC7E83009DCA41380C2BB
            Malicious:false
            Reputation:low
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\acrocef_low\6f0ad34a-074e-4c5e-8eb0-db1fe98107c8.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
            Category:dropped
            Size (bytes):386528
            Entropy (8bit):7.9736851559892425
            Encrypted:false
            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
            MD5:5C48B0AD2FEF800949466AE872E1F1E2
            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
            Malicious:false
            Reputation:low
            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

            C:\Users\user\AppData\Local\Temp\acrocef_low\6fde46e4-6340-42cd-a270-b741457a1393.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
            Category:dropped
            Size (bytes):1407294
            Entropy (8bit):7.97605879016224
            Encrypted:false
            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
            MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
            SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
            SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
            SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
            Malicious:false
            Reputation:low
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\acrocef_low\a1ad44e2-d8fd-4c42-a6f2-9d738fa04f73.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
            Category:dropped
            Size (bytes):758601
            Entropy (8bit):7.98639316555857
            Encrypted:false
            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
            MD5:3A49135134665364308390AC398006F1
            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
            Malicious:false
            Reputation:low
            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 14:45:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.986546679155999
            Encrypted:false
            SSDEEP:48:8aqdOPTuHgeH8idAKZdA19ehwiZUklqehgy+3:8OHF3y
            MD5:C28568E7D965D2058530286794C9A30B
            SHA1:5C0C4DAD24B67CDD7CABF290523EFFCDE473E753
            SHA-256:B95DDB1641FB53B6B31D10E6E0A76DB47D0B7D6787EE5792A96D72CD20429363
            SHA-512:508A4F2C7940FFB500DCDBB14D195C3E4EE4BD28CA008D52E63A3D66D00347DF99E212D77128E3FF0DE6FBFB4813C6D64105013A0A014E200189F80589936643
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....#..`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.}....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.OI.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 14:45:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):3.998232615594948
            Encrypted:false
            SSDEEP:48:8X5dOPTuHgeH8idAKZdA1weh/iZUkAQkqehny+2:8IHf9QKy
            MD5:9C05302B157713E3FC3970D2E2F99CA5
            SHA1:1C31148C468B152F24610E8ADB0C7CB0137D4FDD
            SHA-256:9A6A51E024E84FACD56CFFF3E919C8B0C5DD576EB70C492B6EC98F9C5E68A8CD
            SHA-512:EA98B99B29B8F7A6971FF53B30A03AF69EFAD37C3C1BA33CB1A106AD9CCDCE073F031DF2ADE1B8D79A5DD4F7CB054C7F9CA2E1B3BBB8F70A65B10861CA287A12
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....m..`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.}....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.OI.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2693
            Entropy (8bit):4.010494077190633
            Encrypted:false
            SSDEEP:48:8x5dOPTuHgsH8idAKZdA14tseh7sFiZUkmgqeh7sBy+BX:8x4Htnzy
            MD5:1782E480D75C365702BC5EAA9C70D556
            SHA1:1B25DFF178EEAB5319E71CBABA56F8E8CCA8F244
            SHA-256:CE074EC23936D63714D5D3939EC6BBEBFC6BFBCF0FD0BDD760575BBA7C11C0D3
            SHA-512:7EA3B1B82FBA0DB28FD53F338E288F63C9629F34927DCB3C5B1E6B76CFFD19E7F79A93FE4DFBAF40EBA68A60861AAD38B4E7F361B9E9F4275874EA079D97C407
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.}....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.OI.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 14:45:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2681
            Entropy (8bit):3.999875977000559
            Encrypted:false
            SSDEEP:48:8QdOPTuHgeH8idAKZdA1vehDiZUkwqehby+R:8bHcpy
            MD5:09FC2F7BB0FE5A6F855E7735EC8DD074
            SHA1:7232914F3B4045D1A1640A0AB68B9FDA81B0EE8B
            SHA-256:7E02F4078231DFE21F8488424902C04C04FA5C8D272802BB0858ABC1A9B8CC55
            SHA-512:68682A302249B5614C4AA1457644133AFBC967526D3236ABD198F37CC4D21033E91C7DB4E402BD915BCF1C963468CBA6ED00B031F8ADF210EB5A9FE42F604BF3
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.......`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.}....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.OI.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 14:45:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2681
            Entropy (8bit):3.98736762917202
            Encrypted:false
            SSDEEP:48:8HFdOPTuHgeH8idAKZdA1hehBiZUk1W1qehty+C:8HkHs9Ny
            MD5:A911E7BB2EDA85A9E9BBF3DBB732761C
            SHA1:919F8A8EE6DB75AB1A0AC07CD52B90647DE6FE0C
            SHA-256:B5FA00729AF268B5584838277F2A196596B8732EB7961A10ABF4DD12F0FD50D5
            SHA-512:EF180F1E1A7EB69BE698D3A3D3EB7FF24CC9BBA32E78ACE7A9A4B4CE158688CDC3F48D4D5765AE8E62321ED0424A6F0CCB59D4368513E366C11AFF1079BF50E6
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,.....A.`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.}....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.OI.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 14:45:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2683
            Entropy (8bit):3.9971220984061584
            Encrypted:false
            SSDEEP:48:8/dOPTuHgeH8idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbzy+yT+:8CHCT/TbxWOvTbzy7T
            MD5:E96D08BF178448FB35B4D57B87473675
            SHA1:3807628101953136924D9A524892609A730816F0
            SHA-256:354C25294F371B531486C39AAB13934E851C4247A289758A28E913103A323F82
            SHA-512:780416ADF4617430C14C2F1793A85A7E2606BC9CE4B608B6E9B56EE7734C64B00862E64A993EAAA844935048613F02E50D055807D429837F39B019590CCBBD8D
            Malicious:false
            Reputation:low
            Preview:L..................F.@.. ...$+.,....Rl.`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.}....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.OI.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\Downloads\9c067264-d052-4318-b6a6-436630eeb0b9.tmp

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PDF document, version 1.4
            Category:dropped
            Size (bytes):3607
            Entropy (8bit):7.829792964526653
            Encrypted:false
            SSDEEP:96:eQM35472auw/ZRlzc0EZZGFJBGn20jp6bW63IKJNd:ej5G2EZ3dEh20ahNd
            MD5:1F1D0B19748084FCDC2349C9804BCD81
            SHA1:FA8F610688B28461CA9B833CFD1C17E0DEB60B41
            SHA-256:33B0F2B5DC33C2FD154D68530C7A12A90ECD9EFE09010DBD72BC806C45A8E995
            SHA-512:33F5BF396B72974775C74053518782725AE137B13E24FF4AF648DA26CFE09D3E52EC9386EF3DFF89DF06822D1AAEB83A6629E5BE959729EAD310C17A8985338E
            Malicious:false
            Reputation:low
            Preview:%PDF-1.4.%.....1 0 obj.<</Keywords(Budget)/ModDate(D:20240308114316-05'00')/CreationDate(D:20240308114311-05'00')/Producer(iText 2.1.7 by 1T3XT; modified using iTextSharp. 5.5.13.3 .2000-2022 iText Group NV \(AGPL-version\))/Subject(Budget Justification)/Author(Office of the Under Secretary of Defense \(Comptroller\))/Title(Justification Book)>>.endobj.2 0 obj.<</Subtype/Type1/Type/Font/BaseFont/Helvetica-BoldOblique/Encoding/WinAnsiEncoding>>.endobj.3 0 obj.<</Subtype/Type1/Type/Font/BaseFont/Helvetica-Bold/Encoding/WinAnsiEncoding>>.endobj.4 0 obj.<</Size 417827>>.endobj.5 0 obj.<</Params 4 0 R/Filter/FlateDecode/Type/EmbeddedFile/Length 405119>>stream.x.zuT[m.m.b..).........'..{q....-...C......}...._w.{....<I....s.%Y(h.7o.}...z._.F.n...(.."./..f #b..........~.........2..3..X.x.r..J8.....D7/.1....u../.4...Y....^...UQ?..g..I...2Y..<.L...c.....{.......K/......G....:.Y....X..y.....C.E......%......0..;..I..s.h;_~......K-..).g.{.'...#......L'...;.8Gi..+5..I....Wx

            C:\Users\user\Downloads\downloaded.pdf (copy)

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PDF document, version 1.4
            Category:dropped
            Size (bytes):8029386
            Entropy (8bit):7.970778734534875
            Encrypted:false
            SSDEEP:196608:HTbo89XcUDaKCoK6QmWL6FCSe9V90n6CJ/hne:Q0BKI6PkxY
            MD5:10C3EB7EEFC4A14A34BC68C6BF855664
            SHA1:A3BD3AC0F7A40FE5168B099319593D035B35E684
            SHA-256:6D9928651923A958645080930CCDAC93AA1F822CFE70AE69F57FCAF194D81995
            SHA-512:9F1F59BB3F471F6A60A6587C9BF6FFD143588D87AA9F8506EFD14EDB2675FFAE2BF3292586A999184CAC9530D227D276D5921BCB9009EB364E4536BE5C96DE4A
            Malicious:false
            Reputation:low
            Preview:%PDF-1.4.%.....1 0 obj.<</Keywords(Budget)/ModDate(D:20240308114316-05'00')/CreationDate(D:20240308114311-05'00')/Producer(iText 2.1.7 by 1T3XT; modified using iTextSharp. 5.5.13.3 .2000-2022 iText Group NV \(AGPL-version\))/Subject(Budget Justification)/Author(Office of the Under Secretary of Defense \(Comptroller\))/Title(Justification Book)>>.endobj.2 0 obj.<</Subtype/Type1/Type/Font/BaseFont/Helvetica-BoldOblique/Encoding/WinAnsiEncoding>>.endobj.3 0 obj.<</Subtype/Type1/Type/Font/BaseFont/Helvetica-Bold/Encoding/WinAnsiEncoding>>.endobj.4 0 obj.<</Size 417827>>.endobj.5 0 obj.<</Params 4 0 R/Filter/FlateDecode/Type/EmbeddedFile/Length 405119>>stream.x.zuT[m.m.b..).........'..{q....-...C......}...._w.{....<I....s.%Y(h.7o.}...z._.F.n...(.."./..f #b..........~.........2..3..X.x.r..J8.....D7/.1....u../.4...Y....^...UQ?..g..I...2Y..<.L...c.....{.......K/......G....:.Y....X..y.....C.E......%......0..;..I..s.h;_~......K-..).g.{.'...#......L'...;.8Gi..+5..I....Wx

            C:\Users\user\Downloads\downloaded.pdf.crdownload

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PDF document, version 1.4
            Category:dropped
            Size (bytes):8029386
            Entropy (8bit):7.970778734534875
            Encrypted:false
            SSDEEP:196608:HTbo89XcUDaKCoK6QmWL6FCSe9V90n6CJ/hne:Q0BKI6PkxY
            MD5:10C3EB7EEFC4A14A34BC68C6BF855664
            SHA1:A3BD3AC0F7A40FE5168B099319593D035B35E684
            SHA-256:6D9928651923A958645080930CCDAC93AA1F822CFE70AE69F57FCAF194D81995
            SHA-512:9F1F59BB3F471F6A60A6587C9BF6FFD143588D87AA9F8506EFD14EDB2675FFAE2BF3292586A999184CAC9530D227D276D5921BCB9009EB364E4536BE5C96DE4A
            Malicious:false
            Reputation:low
            Preview:%PDF-1.4.%.....1 0 obj.<</Keywords(Budget)/ModDate(D:20240308114316-05'00')/CreationDate(D:20240308114311-05'00')/Producer(iText 2.1.7 by 1T3XT; modified using iTextSharp. 5.5.13.3 .2000-2022 iText Group NV \(AGPL-version\))/Subject(Budget Justification)/Author(Office of the Under Secretary of Defense \(Comptroller\))/Title(Justification Book)>>.endobj.2 0 obj.<</Subtype/Type1/Type/Font/BaseFont/Helvetica-BoldOblique/Encoding/WinAnsiEncoding>>.endobj.3 0 obj.<</Subtype/Type1/Type/Font/BaseFont/Helvetica-Bold/Encoding/WinAnsiEncoding>>.endobj.4 0 obj.<</Size 417827>>.endobj.5 0 obj.<</Params 4 0 R/Filter/FlateDecode/Type/EmbeddedFile/Length 405119>>stream.x.zuT[m.m.b..).........'..{q....-...C......}...._w.{....<I....s.%Y(h.7o.}...z._.F.n...(.."./..f #b..........~.........2..3..X.x.r..J8.....D7/.1....u../.4...Y....^...UQ?..g..I...2Y..<.L...c.....{.......K/......G....:.Y....X..y.....C.E......%......0..;..I..s.h;_~......K-..).g.{.'...#......L'...;.8Gi..+5..I....Wx

            Chrome Cache Entry: 223

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PDF document, version 1.4
            Category:downloaded
            Size (bytes):8029386
            Entropy (8bit):7.970778734534875
            Encrypted:false
            SSDEEP:196608:HTbo89XcUDaKCoK6QmWL6FCSe9V90n6CJ/hne:Q0BKI6PkxY
            MD5:10C3EB7EEFC4A14A34BC68C6BF855664
            SHA1:A3BD3AC0F7A40FE5168B099319593D035B35E684
            SHA-256:6D9928651923A958645080930CCDAC93AA1F822CFE70AE69F57FCAF194D81995
            SHA-512:9F1F59BB3F471F6A60A6587C9BF6FFD143588D87AA9F8506EFD14EDB2675FFAE2BF3292586A999184CAC9530D227D276D5921BCB9009EB364E4536BE5C96DE4A
            Malicious:false
            Reputation:low
            URL:https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf
            Preview:%PDF-1.4.%.....1 0 obj.<</Keywords(Budget)/ModDate(D:20240308114316-05'00')/CreationDate(D:20240308114311-05'00')/Producer(iText 2.1.7 by 1T3XT; modified using iTextSharp. 5.5.13.3 .2000-2022 iText Group NV \(AGPL-version\))/Subject(Budget Justification)/Author(Office of the Under Secretary of Defense \(Comptroller\))/Title(Justification Book)>>.endobj.2 0 obj.<</Subtype/Type1/Type/Font/BaseFont/Helvetica-BoldOblique/Encoding/WinAnsiEncoding>>.endobj.3 0 obj.<</Subtype/Type1/Type/Font/BaseFont/Helvetica-Bold/Encoding/WinAnsiEncoding>>.endobj.4 0 obj.<</Size 417827>>.endobj.5 0 obj.<</Params 4 0 R/Filter/FlateDecode/Type/EmbeddedFile/Length 405119>>stream.x.zuT[m.m.b..).........'..{q....-...C......}...._w.{....<I....s.%Y(h.7o.}...z._.F.n...(.."./..f #b..........~.........2..3..X.x.r..J8.....D7/.1....u../.4...Y....^...UQ?..g..I...2Y..<.L...c.....{.......K/......G....:.Y....X..y.....C.E......%......0..;..I..s.h;_~......K-..).g.{.'...#......L'...;.8Gi..+5..I....Wx

            Chrome Cache Entry: 224

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows icon resource - 1 icon, 16x16, 2 colors
            Category:downloaded
            Size (bytes):198
            Entropy (8bit):1.23143406345007
            Encrypted:false
            SSDEEP:3:2oXllvlNl/FXltlBe/h/555555555555555n:2Y1UJ555555555555555n
            MD5:C6ACEDAFF906029FC5455D9EC52C7F42
            SHA1:92CBD806CA421AA2C9FF5E1FF76BBC20913A2F81
            SHA-256:9DEB629637088856FE61DC868BF40A7D21ED942E4117659F3D6C3408F59B906B
            SHA-512:7A8D002CA6B607E38860AD4485493E109CB7D3BEF241B0E5BF2A65C2E316E6185DED8EC74E3FCBD78745AB302C6D876657ABC178EE028D1B8B9A5572F429D972
            Malicious:false
            Reputation:low
            URL:https://www.asafm.army.mil/favicon.ico
            Preview:......................(....... .......................................................................................................................................................................

            Chrome Cache Entry: 225

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows icon resource - 1 icon, 16x16, 2 colors
            Category:dropped
            Size (bytes):198
            Entropy (8bit):1.23143406345007
            Encrypted:false
            SSDEEP:3:2oXllvlNl/FXltlBe/h/555555555555555n:2Y1UJ555555555555555n
            MD5:C6ACEDAFF906029FC5455D9EC52C7F42
            SHA1:92CBD806CA421AA2C9FF5E1FF76BBC20913A2F81
            SHA-256:9DEB629637088856FE61DC868BF40A7D21ED942E4117659F3D6C3408F59B906B
            SHA-512:7A8D002CA6B607E38860AD4485493E109CB7D3BEF241B0E5BF2A65C2E316E6185DED8EC74E3FCBD78745AB302C6D876657ABC178EE028D1B8B9A5572F429D972
            Malicious:false
            Reputation:low
            Preview:......................(....... .......................................................................................................................................................................

            Static File Info

            No static file info

            File Icon

            Icon Hash:00b29a8e86828200

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            May 24, 2024 17:45:05.411781073 CEST49674443192.168.2.523.1.237.91
            May 24, 2024 17:45:05.411886930 CEST49675443192.168.2.523.1.237.91
            May 24, 2024 17:45:05.521294117 CEST49673443192.168.2.523.1.237.91
            May 24, 2024 17:45:10.224272013 CEST49675443192.168.2.523.1.237.91
            May 24, 2024 17:45:10.224272013 CEST49674443192.168.2.523.1.237.91
            May 24, 2024 17:45:10.333628893 CEST49673443192.168.2.523.1.237.91
            May 24, 2024 17:45:18.320703983 CEST4970953192.168.2.51.1.1.1
            May 24, 2024 17:45:18.325862885 CEST4971053192.168.2.51.1.1.1
            May 24, 2024 17:45:18.335393906 CEST53497091.1.1.1192.168.2.5
            May 24, 2024 17:45:18.335481882 CEST4970953192.168.2.51.1.1.1
            May 24, 2024 17:45:18.335570097 CEST4970953192.168.2.51.1.1.1
            May 24, 2024 17:45:18.335580111 CEST4970953192.168.2.51.1.1.1
            May 24, 2024 17:45:18.340485096 CEST53497101.1.1.1192.168.2.5
            May 24, 2024 17:45:18.340573072 CEST4971053192.168.2.51.1.1.1
            May 24, 2024 17:45:18.340643883 CEST4971053192.168.2.51.1.1.1
            May 24, 2024 17:45:18.340643883 CEST4971053192.168.2.51.1.1.1
            May 24, 2024 17:45:18.345364094 CEST53497091.1.1.1192.168.2.5
            May 24, 2024 17:45:18.350224018 CEST53497091.1.1.1192.168.2.5
            May 24, 2024 17:45:18.399419069 CEST53497101.1.1.1192.168.2.5
            May 24, 2024 17:45:18.399440050 CEST53497101.1.1.1192.168.2.5
            May 24, 2024 17:45:18.890326023 CEST53497101.1.1.1192.168.2.5
            May 24, 2024 17:45:18.891550064 CEST4971053192.168.2.51.1.1.1
            May 24, 2024 17:45:18.895580053 CEST53497091.1.1.1192.168.2.5
            May 24, 2024 17:45:18.896521091 CEST4970953192.168.2.51.1.1.1
            May 24, 2024 17:45:18.902523994 CEST53497101.1.1.1192.168.2.5
            May 24, 2024 17:45:18.902595043 CEST4971053192.168.2.51.1.1.1
            May 24, 2024 17:45:18.907674074 CEST53497091.1.1.1192.168.2.5
            May 24, 2024 17:45:18.907751083 CEST4970953192.168.2.51.1.1.1
            May 24, 2024 17:45:19.376651049 CEST49713443192.168.2.5172.217.18.4
            May 24, 2024 17:45:19.376710892 CEST44349713172.217.18.4192.168.2.5
            May 24, 2024 17:45:19.377578020 CEST49713443192.168.2.5172.217.18.4
            May 24, 2024 17:45:19.377788067 CEST49713443192.168.2.5172.217.18.4
            May 24, 2024 17:45:19.377809048 CEST44349713172.217.18.4192.168.2.5
            May 24, 2024 17:45:19.832912922 CEST49675443192.168.2.523.1.237.91
            May 24, 2024 17:45:19.832912922 CEST49674443192.168.2.523.1.237.91
            May 24, 2024 17:45:19.938350916 CEST49673443192.168.2.523.1.237.91
            May 24, 2024 17:45:20.156004906 CEST44349713172.217.18.4192.168.2.5
            May 24, 2024 17:45:20.162244081 CEST49713443192.168.2.5172.217.18.4
            May 24, 2024 17:45:20.162309885 CEST44349713172.217.18.4192.168.2.5
            May 24, 2024 17:45:20.164221048 CEST44349713172.217.18.4192.168.2.5
            May 24, 2024 17:45:20.164331913 CEST49713443192.168.2.5172.217.18.4
            May 24, 2024 17:45:20.175177097 CEST49713443192.168.2.5172.217.18.4
            May 24, 2024 17:45:20.175357103 CEST44349713172.217.18.4192.168.2.5
            May 24, 2024 17:45:20.211282969 CEST4971753192.168.2.51.1.1.1
            May 24, 2024 17:45:20.211435080 CEST4971853192.168.2.51.1.1.1
            May 24, 2024 17:45:20.222383022 CEST53497171.1.1.1192.168.2.5
            May 24, 2024 17:45:20.222474098 CEST4971753192.168.2.51.1.1.1
            May 24, 2024 17:45:20.222604036 CEST4971753192.168.2.51.1.1.1
            May 24, 2024 17:45:20.222625971 CEST4971753192.168.2.51.1.1.1
            May 24, 2024 17:45:20.223119974 CEST49713443192.168.2.5172.217.18.4
            May 24, 2024 17:45:20.223150015 CEST44349713172.217.18.4192.168.2.5
            May 24, 2024 17:45:20.232435942 CEST53497181.1.1.1192.168.2.5
            May 24, 2024 17:45:20.232525110 CEST4971853192.168.2.51.1.1.1
            May 24, 2024 17:45:20.232592106 CEST4971853192.168.2.51.1.1.1
            May 24, 2024 17:45:20.232642889 CEST4971853192.168.2.51.1.1.1
            May 24, 2024 17:45:20.242077112 CEST53497171.1.1.1192.168.2.5
            May 24, 2024 17:45:20.242098093 CEST53497171.1.1.1192.168.2.5
            May 24, 2024 17:45:20.246896982 CEST53497181.1.1.1192.168.2.5
            May 24, 2024 17:45:20.246928930 CEST53497181.1.1.1192.168.2.5
            May 24, 2024 17:45:20.266809940 CEST49713443192.168.2.5172.217.18.4
            May 24, 2024 17:45:20.777698040 CEST53497181.1.1.1192.168.2.5
            May 24, 2024 17:45:20.788080931 CEST53497171.1.1.1192.168.2.5
            May 24, 2024 17:45:20.820674896 CEST4971853192.168.2.51.1.1.1
            May 24, 2024 17:45:20.832406044 CEST4971753192.168.2.51.1.1.1
            May 24, 2024 17:45:20.878982067 CEST4971753192.168.2.51.1.1.1
            May 24, 2024 17:45:20.883647919 CEST4971853192.168.2.51.1.1.1
            May 24, 2024 17:45:20.886655092 CEST53497171.1.1.1192.168.2.5
            May 24, 2024 17:45:20.886704922 CEST4971753192.168.2.51.1.1.1
            May 24, 2024 17:45:20.895235062 CEST53497181.1.1.1192.168.2.5
            May 24, 2024 17:45:20.895286083 CEST4971853192.168.2.51.1.1.1
            May 24, 2024 17:45:21.661159992 CEST4434970323.1.237.91192.168.2.5
            May 24, 2024 17:45:21.661319971 CEST49703443192.168.2.523.1.237.91
            May 24, 2024 17:45:22.587671041 CEST49721443192.168.2.5184.28.90.27
            May 24, 2024 17:45:22.587716103 CEST44349721184.28.90.27192.168.2.5
            May 24, 2024 17:45:22.587836027 CEST49721443192.168.2.5184.28.90.27
            May 24, 2024 17:45:22.591487885 CEST49721443192.168.2.5184.28.90.27
            May 24, 2024 17:45:22.591506004 CEST44349721184.28.90.27192.168.2.5
            May 24, 2024 17:45:23.264964104 CEST44349721184.28.90.27192.168.2.5
            May 24, 2024 17:45:23.265044928 CEST49721443192.168.2.5184.28.90.27
            May 24, 2024 17:45:23.298345089 CEST49721443192.168.2.5184.28.90.27
            May 24, 2024 17:45:23.298363924 CEST44349721184.28.90.27192.168.2.5
            May 24, 2024 17:45:23.298708916 CEST44349721184.28.90.27192.168.2.5
            May 24, 2024 17:45:23.351567984 CEST49721443192.168.2.5184.28.90.27
            May 24, 2024 17:45:23.353962898 CEST49721443192.168.2.5184.28.90.27
            May 24, 2024 17:45:23.394498110 CEST44349721184.28.90.27192.168.2.5
            May 24, 2024 17:45:23.544835091 CEST44349721184.28.90.27192.168.2.5
            May 24, 2024 17:45:23.545025110 CEST44349721184.28.90.27192.168.2.5
            May 24, 2024 17:45:23.545110941 CEST49721443192.168.2.5184.28.90.27
            May 24, 2024 17:45:23.545353889 CEST49721443192.168.2.5184.28.90.27
            May 24, 2024 17:45:23.545399904 CEST44349721184.28.90.27192.168.2.5
            May 24, 2024 17:45:23.545429945 CEST49721443192.168.2.5184.28.90.27
            May 24, 2024 17:45:23.545445919 CEST44349721184.28.90.27192.168.2.5
            May 24, 2024 17:45:23.870925903 CEST49722443192.168.2.5184.28.90.27
            May 24, 2024 17:45:23.871011019 CEST44349722184.28.90.27192.168.2.5
            May 24, 2024 17:45:23.871098995 CEST49722443192.168.2.5184.28.90.27
            May 24, 2024 17:45:23.871474028 CEST49722443192.168.2.5184.28.90.27
            May 24, 2024 17:45:23.871515036 CEST44349722184.28.90.27192.168.2.5
            May 24, 2024 17:45:24.553548098 CEST44349722184.28.90.27192.168.2.5
            May 24, 2024 17:45:24.553653002 CEST49722443192.168.2.5184.28.90.27
            May 24, 2024 17:45:25.988409042 CEST49722443192.168.2.5184.28.90.27
            May 24, 2024 17:45:25.988483906 CEST44349722184.28.90.27192.168.2.5
            May 24, 2024 17:45:25.988807917 CEST44349722184.28.90.27192.168.2.5
            May 24, 2024 17:45:25.991616964 CEST49722443192.168.2.5184.28.90.27
            May 24, 2024 17:45:26.034504890 CEST44349722184.28.90.27192.168.2.5
            May 24, 2024 17:45:26.324449062 CEST44349722184.28.90.27192.168.2.5
            May 24, 2024 17:45:26.324526072 CEST44349722184.28.90.27192.168.2.5
            May 24, 2024 17:45:26.324573994 CEST49722443192.168.2.5184.28.90.27
            May 24, 2024 17:45:27.184762001 CEST49722443192.168.2.5184.28.90.27
            May 24, 2024 17:45:27.184808969 CEST44349722184.28.90.27192.168.2.5
            May 24, 2024 17:45:27.184830904 CEST49722443192.168.2.5184.28.90.27
            May 24, 2024 17:45:27.184839964 CEST44349722184.28.90.27192.168.2.5
            May 24, 2024 17:45:30.023935080 CEST44349713172.217.18.4192.168.2.5
            May 24, 2024 17:45:30.024085999 CEST44349713172.217.18.4192.168.2.5
            May 24, 2024 17:45:30.024144888 CEST49713443192.168.2.5172.217.18.4
            May 24, 2024 17:45:31.477358103 CEST49713443192.168.2.5172.217.18.4
            May 24, 2024 17:45:31.477399111 CEST44349713172.217.18.4192.168.2.5
            May 24, 2024 17:45:34.173500061 CEST5332453192.168.2.51.1.1.1
            May 24, 2024 17:45:34.226406097 CEST53533241.1.1.1192.168.2.5
            May 24, 2024 17:45:34.226587057 CEST5332453192.168.2.51.1.1.1
            May 24, 2024 17:45:34.226632118 CEST5332453192.168.2.51.1.1.1
            May 24, 2024 17:45:34.288501978 CEST53533241.1.1.1192.168.2.5
            May 24, 2024 17:45:34.699907064 CEST53533241.1.1.1192.168.2.5
            May 24, 2024 17:45:34.700814962 CEST5332453192.168.2.51.1.1.1
            May 24, 2024 17:45:34.716300964 CEST53533241.1.1.1192.168.2.5
            May 24, 2024 17:45:34.716424942 CEST5332453192.168.2.51.1.1.1
            May 24, 2024 17:45:41.253627062 CEST5857853192.168.2.51.1.1.1
            May 24, 2024 17:45:41.258615971 CEST53585781.1.1.1192.168.2.5
            May 24, 2024 17:45:41.258693933 CEST5857853192.168.2.51.1.1.1
            May 24, 2024 17:45:41.258754969 CEST5857853192.168.2.51.1.1.1
            May 24, 2024 17:45:41.312850952 CEST53585781.1.1.1192.168.2.5
            May 24, 2024 17:45:41.741036892 CEST53585781.1.1.1192.168.2.5
            May 24, 2024 17:45:41.744483948 CEST5857853192.168.2.51.1.1.1
            May 24, 2024 17:45:41.749787092 CEST53585781.1.1.1192.168.2.5
            May 24, 2024 17:45:41.749845028 CEST5857853192.168.2.51.1.1.1
            May 24, 2024 17:46:19.465348005 CEST58583443192.168.2.5172.217.18.4
            May 24, 2024 17:46:19.465404987 CEST44358583172.217.18.4192.168.2.5
            May 24, 2024 17:46:19.465526104 CEST58583443192.168.2.5172.217.18.4
            May 24, 2024 17:46:19.466222048 CEST58583443192.168.2.5172.217.18.4
            May 24, 2024 17:46:19.466243982 CEST44358583172.217.18.4192.168.2.5
            May 24, 2024 17:46:20.127046108 CEST44358583172.217.18.4192.168.2.5
            May 24, 2024 17:46:20.127445936 CEST58583443192.168.2.5172.217.18.4
            May 24, 2024 17:46:20.127463102 CEST44358583172.217.18.4192.168.2.5
            May 24, 2024 17:46:20.128627062 CEST44358583172.217.18.4192.168.2.5
            May 24, 2024 17:46:20.129096031 CEST58583443192.168.2.5172.217.18.4
            May 24, 2024 17:46:20.129277945 CEST44358583172.217.18.4192.168.2.5
            May 24, 2024 17:46:20.181653976 CEST58583443192.168.2.5172.217.18.4
            May 24, 2024 17:46:30.047674894 CEST44358583172.217.18.4192.168.2.5
            May 24, 2024 17:46:30.047775984 CEST44358583172.217.18.4192.168.2.5
            May 24, 2024 17:46:30.047841072 CEST58583443192.168.2.5172.217.18.4
            May 24, 2024 17:46:31.484759092 CEST58583443192.168.2.5172.217.18.4
            May 24, 2024 17:46:31.484793901 CEST44358583172.217.18.4192.168.2.5
            May 24, 2024 17:46:42.598381042 CEST58587443192.168.2.5172.64.41.3
            May 24, 2024 17:46:42.598419905 CEST44358587172.64.41.3192.168.2.5
            May 24, 2024 17:46:42.598484039 CEST58587443192.168.2.5172.64.41.3
            May 24, 2024 17:46:42.598985910 CEST58587443192.168.2.5172.64.41.3
            May 24, 2024 17:46:42.599000931 CEST44358587172.64.41.3192.168.2.5
            May 24, 2024 17:46:42.602345943 CEST58588443192.168.2.5172.64.41.3
            May 24, 2024 17:46:42.602380037 CEST44358588172.64.41.3192.168.2.5
            May 24, 2024 17:46:42.602437973 CEST58588443192.168.2.5172.64.41.3
            May 24, 2024 17:46:42.602628946 CEST58588443192.168.2.5172.64.41.3
            May 24, 2024 17:46:42.602641106 CEST44358588172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.146656990 CEST44358587172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.147005081 CEST58587443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.147013903 CEST44358587172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.148230076 CEST44358587172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.148317099 CEST58587443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.151283979 CEST58587443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.151350021 CEST44358587172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.151799917 CEST58587443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.151804924 CEST44358587172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.172549963 CEST44358588172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.172998905 CEST58588443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.173022032 CEST44358588172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.174045086 CEST44358588172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.174124956 CEST58588443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.176959991 CEST58588443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.177026033 CEST44358588172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.177140951 CEST58588443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.218509912 CEST44358588172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.282083988 CEST58588443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.282108068 CEST44358588172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.282113075 CEST58587443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.292413950 CEST44358587172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.292603970 CEST44358587172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.292735100 CEST58587443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.293145895 CEST58587443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.293159962 CEST44358587172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.312083006 CEST44358588172.64.41.3192.168.2.5
            May 24, 2024 17:46:43.312215090 CEST58588443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.314759016 CEST58588443192.168.2.5172.64.41.3
            May 24, 2024 17:46:43.314771891 CEST44358588172.64.41.3192.168.2.5
            May 24, 2024 17:46:48.953934908 CEST58590443192.168.2.5172.64.41.3
            May 24, 2024 17:46:48.953980923 CEST44358590172.64.41.3192.168.2.5
            May 24, 2024 17:46:48.954050064 CEST58590443192.168.2.5172.64.41.3
            May 24, 2024 17:46:48.954273939 CEST58590443192.168.2.5172.64.41.3
            May 24, 2024 17:46:48.954288006 CEST44358590172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.467634916 CEST44358590172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.467986107 CEST58590443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.468055010 CEST44358590172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.469189882 CEST44358590172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.469269037 CEST58590443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.469626904 CEST58590443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.469702005 CEST44358590172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.469979048 CEST58590443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.469995975 CEST44358590172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.516030073 CEST58590443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.644869089 CEST44358590172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.644963980 CEST44358590172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.645051956 CEST58590443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.645493031 CEST58590443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.645535946 CEST44358590172.64.41.3192.168.2.5

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            May 24, 2024 17:45:17.224075079 CEST53607191.1.1.1192.168.2.5
            May 24, 2024 17:45:17.499841928 CEST53651221.1.1.1192.168.2.5
            May 24, 2024 17:45:18.311315060 CEST5735753192.168.2.51.1.1.1
            May 24, 2024 17:45:18.311470985 CEST5864753192.168.2.51.1.1.1
            May 24, 2024 17:45:18.318711996 CEST53573571.1.1.1192.168.2.5
            May 24, 2024 17:45:18.325567961 CEST53586471.1.1.1192.168.2.5
            May 24, 2024 17:45:18.576682091 CEST53547381.1.1.1192.168.2.5
            May 24, 2024 17:45:19.359498024 CEST5531153192.168.2.51.1.1.1
            May 24, 2024 17:45:19.359697104 CEST6101153192.168.2.51.1.1.1
            May 24, 2024 17:45:19.367005110 CEST53553111.1.1.1192.168.2.5
            May 24, 2024 17:45:19.374217033 CEST53610111.1.1.1192.168.2.5
            May 24, 2024 17:45:20.145697117 CEST5598253192.168.2.51.1.1.1
            May 24, 2024 17:45:20.145873070 CEST5692853192.168.2.51.1.1.1
            May 24, 2024 17:45:20.196619034 CEST53559821.1.1.1192.168.2.5
            May 24, 2024 17:45:20.196641922 CEST53569281.1.1.1192.168.2.5
            May 24, 2024 17:45:34.173002958 CEST53615251.1.1.1192.168.2.5
            May 24, 2024 17:45:35.939539909 CEST53627751.1.1.1192.168.2.5
            May 24, 2024 17:45:41.247719049 CEST53596341.1.1.1192.168.2.5
            May 24, 2024 17:46:17.004010916 CEST53590721.1.1.1192.168.2.5
            May 24, 2024 17:46:42.542412996 CEST5176153192.168.2.51.1.1.1
            May 24, 2024 17:46:42.596998930 CEST53517611.1.1.1192.168.2.5
            May 24, 2024 17:46:48.646677971 CEST51307443192.168.2.5172.64.41.3
            May 24, 2024 17:46:48.953479052 CEST51307443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.107173920 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.108819008 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.109049082 CEST51307443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.112833023 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.116117954 CEST51307443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.116871119 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.118267059 CEST51307443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.123718023 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.125272036 CEST51307443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.423455000 CEST51307443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.567414045 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:49.909593105 CEST51307443192.168.2.5172.64.41.3
            May 24, 2024 17:46:49.909893990 CEST51307443192.168.2.5172.64.41.3
            May 24, 2024 17:46:50.003572941 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:50.019125938 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:50.019136906 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:50.019145012 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:50.019153118 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:50.019480944 CEST51307443192.168.2.5172.64.41.3
            May 24, 2024 17:46:50.019665003 CEST51307443192.168.2.5172.64.41.3
            May 24, 2024 17:46:50.123516083 CEST44351307172.64.41.3192.168.2.5
            May 24, 2024 17:46:50.150038004 CEST51307443192.168.2.5172.64.41.3

            ICMP Packets

            TimestampSource IPDest IPChecksumCodeType
            May 24, 2024 17:45:19.376689911 CEST192.168.2.51.1.1.1c1fe(Port unreachable)Destination Unreachable
            May 24, 2024 17:46:17.004111052 CEST192.168.2.51.1.1.1c225(Port unreachable)Destination Unreachable

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            May 24, 2024 17:45:18.311315060 CEST192.168.2.51.1.1.10xf1aeStandard query (0)www.asafm.army.milA (IP address)IN (0x0001)false
            May 24, 2024 17:45:18.311470985 CEST192.168.2.51.1.1.10x5ee5Standard query (0)www.asafm.army.mil65IN (0x0001)false
            May 24, 2024 17:45:19.359498024 CEST192.168.2.51.1.1.10x3386Standard query (0)www.google.comA (IP address)IN (0x0001)false
            May 24, 2024 17:45:19.359697104 CEST192.168.2.51.1.1.10x40d6Standard query (0)www.google.com65IN (0x0001)false
            May 24, 2024 17:45:20.145697117 CEST192.168.2.51.1.1.10x3462Standard query (0)www.asafm.army.milA (IP address)IN (0x0001)false
            May 24, 2024 17:45:20.145873070 CEST192.168.2.51.1.1.10x574eStandard query (0)www.asafm.army.mil65IN (0x0001)false
            May 24, 2024 17:46:42.542412996 CEST192.168.2.51.1.1.10x59b7Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            May 24, 2024 17:45:18.890326023 CEST1.1.1.1192.168.2.50xfe17No error (0)www.asafm.army.milwww.asafm.army.mil.edgekey.netCNAME (Canonical name)IN (0x0001)false
            May 24, 2024 17:45:18.895580053 CEST1.1.1.1192.168.2.50x3160No error (0)www.asafm.army.milwww.asafm.army.mil.edgekey.netCNAME (Canonical name)IN (0x0001)false
            May 24, 2024 17:45:19.367005110 CEST1.1.1.1192.168.2.50x3386No error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false
            May 24, 2024 17:45:19.374217033 CEST1.1.1.1192.168.2.50x40d6No error (0)www.google.com65IN (0x0001)false
            May 24, 2024 17:45:20.777698040 CEST1.1.1.1192.168.2.50xec67No error (0)www.asafm.army.milwww.asafm.army.mil.edgekey.netCNAME (Canonical name)IN (0x0001)false
            May 24, 2024 17:45:20.788080931 CEST1.1.1.1192.168.2.50xc577No error (0)www.asafm.army.milwww.asafm.army.mil.edgekey.netCNAME (Canonical name)IN (0x0001)false
            May 24, 2024 17:45:31.744343042 CEST1.1.1.1192.168.2.50xdf26No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            May 24, 2024 17:45:31.744343042 CEST1.1.1.1192.168.2.50xdf26No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
            May 24, 2024 17:46:42.596998930 CEST1.1.1.1192.168.2.50x59b7No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
            May 24, 2024 17:46:42.596998930 CEST1.1.1.1192.168.2.50x59b7No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • fs.microsoft.com
            • chrome.cloudflare-dns.com

            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.549721184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-05-24 15:45:23 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-05-24 15:45:23 UTC467INHTTP/1.1 200 OK
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-eus-z1
            Cache-Control: public, max-age=174291
            Date: Fri, 24 May 2024 15:45:23 GMT
            Connection: close
            X-CID: 2


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.549722184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-05-24 15:45:25 UTC239OUTGET /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
            Range: bytes=0-2147483646
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-05-24 15:45:26 UTC515INHTTP/1.1 200 OK
            ApiVersion: Distribute 1.1
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-weu-z1
            Cache-Control: public, max-age=174224
            Date: Fri, 24 May 2024 15:45:26 GMT
            Content-Length: 55
            Connection: close
            X-CID: 2
            2024-05-24 15:45:26 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.558587172.64.41.34435804C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            TimestampBytes transferredDirectionData
            2024-05-24 15:46:43 UTC245OUTPOST /dns-query HTTP/1.1
            Host: chrome.cloudflare-dns.com
            Connection: keep-alive
            Content-Length: 128
            Accept: application/dns-message
            Accept-Language: *
            User-Agent: Chrome
            Accept-Encoding: identity
            Content-Type: application/dns-message
            2024-05-24 15:46:43 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: wwwgstaticcom)TP
            2024-05-24 15:46:43 UTC247INHTTP/1.1 200 OK
            Server: cloudflare
            Date: Fri, 24 May 2024 15:46:43 GMT
            Content-Type: application/dns-message
            Connection: close
            Access-Control-Allow-Origin: *
            Content-Length: 468
            CF-RAY: 888e6b8c4974439d-EWR
            alt-svc: h3=":443"; ma=86400
            2024-05-24 15:46:43 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 20 00 04 8e fb 28 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: wwwgstaticcom ()


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.558588172.64.41.34435804C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            TimestampBytes transferredDirectionData
            2024-05-24 15:46:43 UTC245OUTPOST /dns-query HTTP/1.1
            Host: chrome.cloudflare-dns.com
            Connection: keep-alive
            Content-Length: 128
            Accept: application/dns-message
            Accept-Language: *
            User-Agent: Chrome
            Accept-Encoding: identity
            Content-Type: application/dns-message
            2024-05-24 15:46:43 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: wwwgstaticcom)TP
            2024-05-24 15:46:43 UTC247INHTTP/1.1 200 OK
            Server: cloudflare
            Date: Fri, 24 May 2024 15:46:43 GMT
            Content-Type: application/dns-message
            Connection: close
            Access-Control-Allow-Origin: *
            Content-Length: 468
            CF-RAY: 888e6b8c69690cc0-EWR
            alt-svc: h3=":443"; ma=86400
            2024-05-24 15:46:43 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f1 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: wwwgstaticcomPC)


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.558590172.64.41.34435804C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            TimestampBytes transferredDirectionData
            2024-05-24 15:46:49 UTC245OUTPOST /dns-query HTTP/1.1
            Host: chrome.cloudflare-dns.com
            Connection: keep-alive
            Content-Length: 128
            Accept: application/dns-message
            Accept-Language: *
            User-Agent: Chrome
            Accept-Encoding: identity
            Content-Type: application/dns-message
            2024-05-24 15:46:49 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 05 61 72 6d 6d 66 05 61 64 6f 62 65 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: armmfadobecom)TP
            2024-05-24 15:46:49 UTC247INHTTP/1.1 200 OK
            Server: cloudflare
            Date: Fri, 24 May 2024 15:46:49 GMT
            Content-Type: application/dns-message
            Connection: close
            Access-Control-Allow-Origin: *
            Content-Length: 468
            CF-RAY: 888e6bb3fbca17e1-EWR
            alt-svc: h3=":443"; ma=86400
            2024-05-24 15:46:49 UTC468INData Raw: 00 00 81 80 00 01 00 03 00 00 00 01 05 61 72 6d 6d 66 05 61 64 6f 62 65 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 19 00 1b 03 73 73 6c 05 61 64 6f 62 65 03 63 6f 6d 07 65 64 67 65 6b 65 79 03 6e 65 74 00 c0 2d 00 05 00 01 00 00 54 4d 00 18 05 65 34 35 37 38 04 64 73 63 62 0a 61 6b 61 6d 61 69 65 64 67 65 c0 43 c0 54 00 01 00 01 00 00 00 01 00 04 17 c8 c4 8a 00 00 29 04 d0 00 00 00 00 01 4d 00 0c 01 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Data Ascii: armmfadobecomssladobecomedgekeynet-TMe4578dscbakamaiedgeCT)MI


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:11:45:08
            Start date:24/05/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff715980000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:2
            Start time:11:45:15
            Start date:24/05/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2008,i,5372829012406818501,3102701673576048389,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff715980000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:3
            Start time:11:45:17
            Start date:24/05/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.asafm.army.mil/Portals/72/Documents/BudgetMaterial/2025/Base%20Budget/Procurement/Procurement-of-Ammunition-Army.pdf"
            Imagebase:0x7ff715980000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:8
            Start time:11:46:34
            Start date:24/05/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
            Imagebase:0x7ff686a00000
            File size:5'641'176 bytes
            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:9
            Start time:11:46:35
            Start date:24/05/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Imagebase:0x7ff6413e0000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:10
            Start time:11:46:36
            Start date:24/05/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1544,i,10501683577450689515,1584079827842287916,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Imagebase:0x7ff6068e0000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Disassembly

            No disassembly