Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
aios3.exe

Overview

General Information

Sample name:aios3.exe
Analysis ID:1431848
MD5:a1ad4d0b5f70c0bf97e5ef59e814c03d
SHA1:583b88811550e7683916795306df383f06f08237
SHA256:ecdc7fc83fb0574ae1b35deffe21e8e778e3e21b760469851312e7d6483a8f03
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Machine Learning detection for dropped file
Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64_ra
  • aios3.exe (PID: 5504 cmdline: "C:\Users\user\Desktop\aios3.exe" MD5: A1AD4D0B5F70C0BF97E5EF59E814C03D)
    • CleanUpFilesAIOS3.exe (PID: 6904 cmdline: "C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe" MD5: 9907BE0D71885E21F485856B1EC1489F)
      • cmd.exe (PID: 6952 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ztmp\t15594.bat" "C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Acrobat.exe (PID: 7020 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ZGGKNSUKOP.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 1388 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 3896 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1640 --field-trial-handle=1568,i,13351684638296647614,3962373673390658352,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.$$AVirustotal: Detection: 19%Perma Link
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe (copy)Virustotal: Detection: 19%Perma Link
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.$$AJoe Sandbox ML: detected
Source: aios3.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\aios3.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\E-StickerJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.$$AJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\user\AppData\Roaming\Adobe\AcrobatJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\user\AppData\Roaming\AdobeJump to behavior
Source: Joe Sandbox ViewIP Address: 184.25.164.138 184.25.164.138
Source: Joe Sandbox ViewIP Address: 23.22.254.206 23.22.254.206
Source: aios3.exeString found in binary or memory: http://www.clickteam.com
Source: aios3.exeString found in binary or memory: http://www.clickteam.com/pub
Source: aios3.exeString found in binary or memory: http://www.clickteam.com/pub.bmp
Source: aios3.exeString found in binary or memory: http://www.clickteam.comc
Source: 01369b0e-588f-48a3-93ee-1c761f7cac52.tmp.16.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: aios3.exe, 00000001.00000000.1214640044.000000000042D000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename vs aios3.exe
Source: aios3.exe, 00000001.00000003.1749291168.000000000272A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs aios3.exe
Source: aios3.exeBinary or memory string: OriginalFilename vs aios3.exe
Source: aios3.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal52.winEXE@23/113@0/3
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.$$AJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6960:120:WilError_03
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeFile created: C:\Users\user\AppData\Local\Temp\afolderJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ztmp\t15594.bat" "C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe" "
Source: aios3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\aios3.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\aios3.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile read: C:\Users\user\Desktop\aios3.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\aios3.exe "C:\Users\user\Desktop\aios3.exe"
Source: C:\Users\user\Desktop\aios3.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe "C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe"
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ztmp\t15594.bat" "C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe" "
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ZGGKNSUKOP.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1640 --field-trial-handle=1568,i,13351684638296647614,3962373673390658352,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Users\user\Desktop\aios3.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe "C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe"Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ztmp\t15594.bat" "C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe" "Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1640 --field-trial-handle=1568,i,13351684638296647614,3962373673390658352,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Users\user\Desktop\aios3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\aios3.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\E-StickerJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.$$AJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe (copy)Jump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.$$AJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\2015\Stamps\AIO S3.$$AJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\2017\Stamps\AIO S3.$$AJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\2019\Stamps\AIO S3.$$AJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\2020\Stamps\AIO S3.$$AJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.$$AJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Stamps\AIO S3.$$AJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.$$AJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\10.0\Stamps\AIO S3.$$AJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\11.0\Stamps\AIO S3.$$AJump to dropped file
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\aios3.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.$$AJump to dropped file
Source: C:\Users\user\Desktop\aios3.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.exeJump to dropped file
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\aios3.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.$$AJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\user\AppData\Roaming\Adobe\AcrobatJump to behavior
Source: C:\Users\user\Desktop\aios3.exeFile opened: C:\Users\user\AppData\Roaming\AdobeJump to behavior
Source: C:\Users\user\Desktop\aios3.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe "C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe"Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ztmp\t15594.bat" "C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe" "Jump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Windows Service		1
Windows Service		11
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Scripting		11
Process Injection		11
Process Injection		LSASS Memory2
File and Directory Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		1
DLL Side-Loading		Security Account Manager2
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1431848 Sample: aios3.exe Startdate: 25/04/2024 Architecture: WINDOWS Score: 52 38 Multi AV Scanner detection for dropped file 2->38 40 Machine Learning detection for dropped file 2->40 8 aios3.exe 2 59 2->8         started        11 Acrobat.exe 9 74 2->11         started        process3 file4 24 C:\...-Sticker Style 3 Uninstaller.exe, PE32 8->24 dropped 26 C:\...-Sticker Style 3 Uninstaller.$$A, PE32 8->26 dropped 28 C:\Users\...\CleanUpFilesAIOS3.exe (copy), PE32 8->28 dropped 30 C:\Users\user\...\CleanUpFilesAIOS3.$$A, PE32 8->30 dropped 13 CleanUpFilesAIOS3.exe 5 8->13         started        15 AcroCEF.exe 126 11->15         started        process5 process6 17 cmd.exe 1 13->17         started        19 AcroCEF.exe 4 15->19         started        dnsIp7 22 conhost.exe 17->22         started        32 184.25.164.138 BBIL-APBHARTIAirtelLtdIN United States 19->32 34 23.22.254.206 AMAZON-AESUS United States 19->34 36 184.31.60.185 AKAMAI-ASUS United States 19->36 process8

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
aios3.exe3%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.$$A100%Joe Sandbox ML
C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.$$A15%ReversingLabs
C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.$$A20%VirustotalBrowse
C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe (copy)15%ReversingLabs
C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe (copy)20%VirustotalBrowse
C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.$$A3%ReversingLabs
C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.$$A2%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://chrome.cloudflare-dns.com0%URL Reputationsafe
http://www.clickteam.comc0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://chrome.cloudflare-dns.com01369b0e-588f-48a3-93ee-1c761f7cac52.tmp.16.drfalse
  • URL Reputation: safe
unknown
http://www.clickteam.comaios3.exefalse
    		high
    http://www.clickteam.com/pubaios3.exefalse
      		high
      http://www.clickteam.com/pub.bmpaios3.exefalse
        		high
        http://www.clickteam.comcaios3.exefalse
        • Avira URL Cloud: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        184.25.164.138
        		unknownUnited States
        		9498BBIL-APBHARTIAirtelLtdINfalse
        23.22.254.206
        		unknownUnited States
        		14618AMAZON-AESUSfalse
        184.31.60.185
        		unknownUnited States
        		16625AKAMAI-ASUSfalse

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1431848
        Start date and time:2024-04-25 21:37:34 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 5m 2s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:21
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:aios3.exe
        Detection:MAL
        Classification:mal52.winEXE@23/113@0/3
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 172.64.41.3, 162.159.61.3, 23.49.5.46, 23.49.5.15, 23.49.5.35, 23.209.36.16, 23.209.36.41, 23.209.36.56, 23.209.36.25, 192.168.2.16, 173.223.239.83, 173.223.239.60
        • Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, fs.microsoft.com, stls.adobe.com-cn.edgesuite.net.globalredir.akadns.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, a1815.dscr.akamai.net, acroipm2.adobe.com, www.adobe.com, stls.adobe.com-cn.edgesuite.net, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size exceeded maximum capacity and may have missing behavior information.
        • Report size getting too big, too many NtCreateFile calls found.
        • Report size getting too big, too many NtCreateKey calls found.
        • Report size getting too big, too many NtOpenFile calls found.
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Report size getting too big, too many NtWriteVirtualMemory calls found.

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        184.25.164.138ppop_verification_request.zipGet hashmaliciousUnknownBrowse
          Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
            file.pdf.download.lnkGet hashmaliciousUnknownBrowse
              Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
                Re_ Medina County Kitchen.emlGet hashmaliciousUnknownBrowse
                  oiDDogdK9A.exeGet hashmaliciousLokibot, PureLog Stealer, zgRATBrowse
                    New_Order.xlsGet hashmaliciousUnknownBrowse
                      https://enfoldindia.org/wp-content/uploads/2019/06/Restorative-Circle-Handbook-for-CCI.pdfGet hashmaliciousUnknownBrowse
                        TaxForm.lnkGet hashmaliciousDarkGate, MailPassViewBrowse
                          https://ntnusa0-my.sharepoint.com/:f:/g/personal/ajaronik_ntnusa_com/EjzRads0Sf5Ivon47-zBKVABS1TZOI64W6Uv34YFqNQjmQ?e=NuZrjrGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                            23.22.254.206https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:24e81d17-b801-4fad-ae25-120d655923c5Get hashmaliciousRemcosBrowse
                              https://ddec1-0-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2facrobat.adobe.com%2fid%2furn%3aaaid%3asc%3aVA6C2%3a2a138187%2d69c4%2d4ab4%2d842d%2dee0003585bc9&umid=48a0bf19-c23f-4ede-a21a-c8110fd2ff5e&auth=3396b606d81544f1fa36c033f23b9c9aa919296a-56125daf7e96fa7cc3eab78dc35383db072b630fGet hashmaliciousHTMLPhisherBrowse
                                https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:aa27f609-25f0-4828-b7d2-b06346f88949?viewer%21megaVerb=group-discoverGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                  phish_alert_iocp_v1.4.48 (23).emlGet hashmaliciousSTRRATBrowse
                                    https://acrobat.adobe.com/id/urn:aaid:sc:US:9e302e2f-d0ed-45a9-8388-cab11cb350efGet hashmaliciousHTMLPhisherBrowse
                                      https://indd.adobe.com/view/e03d439a-e68c-479a-b4c9-7ae2413a82ffGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                        https://indd.adobe.com/view/73bb3547-7519-45db-b904-9b659611f483Get hashmaliciousHTMLPhisherBrowse
                                          https://media.muckrack.com/portfolio/items/14900624/942f7bdf8b053c2baa0b4582cbf09c88.pdfGet hashmaliciousUnknownBrowse
                                            phish_alert_sp2_2.0.0.0 - 2023-09-18T141528.409.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                              Iu4a4i5N15.exeGet hashmaliciousUnknownBrowse
                                                184.31.60.185ppop_verification_request.zipGet hashmaliciousUnknownBrowse
                                                  Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                    python.exeGet hashmaliciousCobaltStrikeBrowse

                                                      Domains

                                                      No context

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      AKAMAI-ASUShttp://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3DGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.59.235.214
                                                      dwn1cGHIbV.elfGet hashmaliciousMiraiBrowse
                                                      • 104.73.199.214
                                                      https://bushelman-my.sharepoint.com/:b:/p/lance/ESXtc6Laa05KpaC4W3rpMEMBfLSUU1GZhgfhBL8opRqFHg?e=Wrw3leGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                      • 23.223.31.42
                                                      [EXTERNAL] New file received.emlGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.47.176.131
                                                      https://www.bing.com/////////////////////ck/a?!&&p=0533e94aab0b2a6eJmltdHM9MTcxMzQ4NDgwMCZpZ3VpZD0xNDE4NDZmNi1iZWY1LTY4NjUtMjQ0YS01MjkwYmYwZTY5ODQmaW5zaWQ9NTIyMA&ptn=3&ver=2&hsh=3&fclid=141846f6-bef5-6865-244a-5290bf0e6984&u=a1aHR0cHM6Ly9reDRrc3IuYXJ0aWNsZXdyaXRpbmdnZW5lcmF0b3IueHl6Lw#vds2aa29aYmRldmluc0B3ZS13b3JsZHdpZGUuY29tGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.209.84.186
                                                      lzShU2RYJa.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                      • 96.17.209.196
                                                      https://app.frame.io/presentations/da0e116a-d15f-430f-8c37-0aa7d783720f?component_clicked=digest_call_to_action&email_id=8abc710c-c18f-47f5-a884-e927cb8dcfaa&email_type=pending-reviewer-inviteGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.199.47.148
                                                      n8XBpFdVFU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                      • 96.17.209.196
                                                      R5391762lf.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                                      • 23.66.133.162
                                                      file.exeGet hashmaliciousVidarBrowse
                                                      • 96.17.209.196
                                                      AMAZON-AESUShttps://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                      • 54.152.115.234
                                                      https://url.us.m.mimecastprotect.com/s/qkT5Cv2pWyUOjZODty9fnF?domain=google.comGet hashmaliciousUnknownBrowse
                                                      • 54.163.232.163
                                                      http://www.mh3solaroh.com/Get hashmaliciousHTMLPhisherBrowse
                                                      • 23.20.165.17
                                                      https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                      • 34.196.110.25
                                                      ZcOjro0Chh.elfGet hashmaliciousMiraiBrowse
                                                      • 34.207.187.66
                                                      https://runrun.it/share/portal/x1pWDYC5l2f72kuwGet hashmaliciousHTMLPhisherBrowse
                                                      • 3.214.248.84
                                                      https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852dGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                      • 34.231.99.77
                                                      https://runrun.it/share/portal/x1pWDYC5l2f72kuwGet hashmaliciousHTMLPhisherBrowse
                                                      • 3.219.101.117
                                                      [EXTERNAL] New file received.emlGet hashmaliciousHTMLPhisherBrowse
                                                      • 107.22.247.231
                                                      https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/o76fri/enpmZG9tbF9zdXBlcnZpc29yMXN0X2Fzc2lzdGFudEBmZC5vcmc=Get hashmaliciousHTMLPhisherBrowse
                                                      • 23.23.165.157
                                                      BBIL-APBHARTIAirtelLtdINBitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                                                      • 122.185.41.86
                                                      ppop_verification_request.zipGet hashmaliciousUnknownBrowse
                                                      • 184.25.164.138
                                                      https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:24e81d17-b801-4fad-ae25-120d655923c5Get hashmaliciousRemcosBrowse
                                                      • 23.209.188.17
                                                      Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                      • 184.25.164.138
                                                      file.pdf.download.lnkGet hashmaliciousUnknownBrowse
                                                      • 184.25.164.138
                                                      Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                      • 184.25.164.138
                                                      Ud310iQZnO.elfGet hashmaliciousMiraiBrowse
                                                      • 182.74.25.30
                                                      tWpGuzQQoW.elfGet hashmaliciousMiraiBrowse
                                                      • 122.185.203.209
                                                      kGbjOmkleq.elfGet hashmaliciousMiraiBrowse
                                                      • 125.23.195.204
                                                      iH18gdEj8Y.elfGet hashmaliciousMiraiBrowse
                                                      • 125.19.93.33

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):287
                                                      Entropy (8bit):5.162167420777084
                                                      Encrypted:false
                                                      SSDEEP:6:3UDkJ39+q2PRN2nKuAl9OmbnIFUt8MUDkcOWZmw+MUDkcFVkwORN2nKuAl9Ombjd:kwJ39+vaHAahFUt8VwLW/+VwOV5JHAae
                                                      MD5:451B0AFD74EECAA89B81144D76652A3B
                                                      SHA1:94EAAEF70E0A5EA34E3EE85B85B00C79B17E6792
                                                      SHA-256:EE7B37EFF06B81C124B84D3953C4EF30226D78BCDC5B450ED1FA4B36CDF37C1C
                                                      SHA-512:6FC13C25115102CC132F9319373100EE1F99FF6F35FFE43568A7E040EA6E35127B320E513DBB5D14F9EA711612414EF3F006E986E13B26775D873783A737DF76
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:2024/04/25-21:39:04.908 dcc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-21:39:04.909 dcc Recovering log #3.2024/04/25-21:39:04.909 dcc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):287
                                                      Entropy (8bit):5.162167420777084
                                                      Encrypted:false
                                                      SSDEEP:6:3UDkJ39+q2PRN2nKuAl9OmbnIFUt8MUDkcOWZmw+MUDkcFVkwORN2nKuAl9Ombjd:kwJ39+vaHAahFUt8VwLW/+VwOV5JHAae
                                                      MD5:451B0AFD74EECAA89B81144D76652A3B
                                                      SHA1:94EAAEF70E0A5EA34E3EE85B85B00C79B17E6792
                                                      SHA-256:EE7B37EFF06B81C124B84D3953C4EF30226D78BCDC5B450ED1FA4B36CDF37C1C
                                                      SHA-512:6FC13C25115102CC132F9319373100EE1F99FF6F35FFE43568A7E040EA6E35127B320E513DBB5D14F9EA711612414EF3F006E986E13B26775D873783A737DF76
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:2024/04/25-21:39:04.908 dcc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-21:39:04.909 dcc Recovering log #3.2024/04/25-21:39:04.909 dcc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):331
                                                      Entropy (8bit):5.131942318012428
                                                      Encrypted:false
                                                      SSDEEP:6:3UDvM+q2PRN2nKuAl9Ombzo2jMGIFUt8MUDAZmw+MUDEtpMVkwORN2nKuAl9OmbX:kQ+vaHAa8uFUt8VU/+VAAV5JHAa8RJ
                                                      MD5:41B4F12E392928E5CF4442BD61A42593
                                                      SHA1:02667958FBAA4C390F0B8F6AFE8CB5D772264ABC
                                                      SHA-256:4881876EA7CDF56906928C15565FE68ED84762CBAB93CF3473AD1152E1ABAF50
                                                      SHA-512:235AA1EE9A6AEC6FCAFB18FD0C8BF157B7A6A87A33FB861DECE5C7A95C44FB72D61D50D4A6C466BAEAD16B93E1AA110A6B250899E67F418A5AB451CD6A1D0F92
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:2024/04/25-21:39:04.804 aac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-21:39:04.808 aac Recovering log #3.2024/04/25-21:39:04.809 aac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):331
                                                      Entropy (8bit):5.131942318012428
                                                      Encrypted:false
                                                      SSDEEP:6:3UDvM+q2PRN2nKuAl9Ombzo2jMGIFUt8MUDAZmw+MUDEtpMVkwORN2nKuAl9OmbX:kQ+vaHAa8uFUt8VU/+VAAV5JHAa8RJ
                                                      MD5:41B4F12E392928E5CF4442BD61A42593
                                                      SHA1:02667958FBAA4C390F0B8F6AFE8CB5D772264ABC
                                                      SHA-256:4881876EA7CDF56906928C15565FE68ED84762CBAB93CF3473AD1152E1ABAF50
                                                      SHA-512:235AA1EE9A6AEC6FCAFB18FD0C8BF157B7A6A87A33FB861DECE5C7A95C44FB72D61D50D4A6C466BAEAD16B93E1AA110A6B250899E67F418A5AB451CD6A1D0F92
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:2024/04/25-21:39:04.804 aac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-21:39:04.808 aac Recovering log #3.2024/04/25-21:39:04.809 aac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\01369b0e-588f-48a3-93ee-1c761f7cac52.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:JSON data
                                                      Category:modified
                                                      Size (bytes):403
                                                      Entropy (8bit):4.953858338552356
                                                      Encrypted:false
                                                      SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                                      MD5:4C313FE514B5F4E7E89329630909F8DC
                                                      SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                                      SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                                      SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):403
                                                      Entropy (8bit):4.953858338552356
                                                      Encrypted:false
                                                      SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                                      MD5:4C313FE514B5F4E7E89329630909F8DC
                                                      SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                                      SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                                      SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):4222
                                                      Entropy (8bit):5.234058237249829
                                                      Encrypted:false
                                                      SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeA34jVvc7:OLT0bTIeYa51Ogu/0OZARBT8kN88c4pu
                                                      MD5:02816C29E82C5002A8FE9AB760A09328
                                                      SHA1:DD0556D40AF27AAAA174F4C4E3637AC4CDAC6D89
                                                      SHA-256:1AA07575D53FA8F8CD286884F8BFAB2B5AB65673D7D011ABFFB5403C29FCBF91
                                                      SHA-512:69E0BC6DFC05450FA9D074CB43C1FE36FF2C8B4BF6AC87FAF18A4ECAED360F81A4D90BE43E135C9137DE3E30D2AA74C51BCE9B3F1B4D713EF8E357E4429F5435
                                                      Malicious:false
                                                      Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):319
                                                      Entropy (8bit):5.171850427167155
                                                      Encrypted:false
                                                      SSDEEP:6:3UDZNcM+q2PRN2nKuAl9OmbzNMxIFUt8MUDjZmw+MUDiWtMVkwORN2nKuAl9Ombg:kH9+vaHAa8jFUt8VP/+VkV5JHAa84J
                                                      MD5:FC844CAF124A4086D18D431314E4A37B
                                                      SHA1:2635C89E43D0448612A81550F28D2B7FC8F8EA9C
                                                      SHA-256:B399CFF4F12804746D34FBC47332C4796FF611E0B203AB1874B128C63EF21C74
                                                      SHA-512:962E2BE25A740C8992CC63A2ABC0C103224209C59A69B55698EF681D2F4955ED433DE8D1DD981033DA3C0692B003A952288B9795C5AD271F77D8EC232B491764
                                                      Malicious:false
                                                      Preview:2024/04/25-21:39:04.957 aac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-21:39:04.959 aac Recovering log #3.2024/04/25-21:39:04.963 aac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):319
                                                      Entropy (8bit):5.171850427167155
                                                      Encrypted:false
                                                      SSDEEP:6:3UDZNcM+q2PRN2nKuAl9OmbzNMxIFUt8MUDjZmw+MUDiWtMVkwORN2nKuAl9Ombg:kH9+vaHAa8jFUt8VP/+VkV5JHAa84J
                                                      MD5:FC844CAF124A4086D18D431314E4A37B
                                                      SHA1:2635C89E43D0448612A81550F28D2B7FC8F8EA9C
                                                      SHA-256:B399CFF4F12804746D34FBC47332C4796FF611E0B203AB1874B128C63EF21C74
                                                      SHA-512:962E2BE25A740C8992CC63A2ABC0C103224209C59A69B55698EF681D2F4955ED433DE8D1DD981033DA3C0692B003A952288B9795C5AD271F77D8EC232B491764
                                                      Malicious:false
                                                      Preview:2024/04/25-21:39:04.957 aac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-21:39:04.959 aac Recovering log #3.2024/04/25-21:39:04.963 aac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                      Category:dropped
                                                      Size (bytes):57344
                                                      Entropy (8bit):3.291927920232006
                                                      Encrypted:false
                                                      SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
                                                      MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                                                      SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                                                      SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                                                      SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:SQLite Rollback Journal
                                                      Category:dropped
                                                      Size (bytes):16928
                                                      Entropy (8bit):1.2137963000895775
                                                      Encrypted:false
                                                      SSDEEP:24:7+tRIJqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+e:7MRSqLmFTIF3XmHjBoGGR+jMz+LhTJ
                                                      MD5:592FE8772D9631144F51FE01854CEC9A
                                                      SHA1:D9C76D39EC02F07CCAC94398BFD71CDCD68EB5AE
                                                      SHA-256:5C678F7A8E8C145C15A9BF97F46387B2D81EA3D9B5B0DCE731F5F60A427225C7
                                                      SHA-512:29A340143A5613DAD6C92AE75225AD0C02C82CA3F7E524406780DDAC591F7F47883934051AEB3DEC678B49925F713566BAABE0650620382145F16C50C792B4F9
                                                      Malicious:false
                                                      Preview:.... .c....._?UO........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7124

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:PostScript document text
                                                      Category:dropped
                                                      Size (bytes):185099
                                                      Entropy (8bit):5.182478651346149
                                                      Encrypted:false
                                                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                      Malicious:false
                                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:PostScript document text
                                                      Category:dropped
                                                      Size (bytes):185099
                                                      Entropy (8bit):5.182478651346149
                                                      Encrypted:false
                                                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                      Malicious:false
                                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):295
                                                      Entropy (8bit):5.403188388193768
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJM3g98kUwPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGMbLUkee9
                                                      MD5:F4F410E85D629CD0511732B41DAD20BA
                                                      SHA1:1A598D48F83DE6227CB58B50ED23CF6F950E628D
                                                      SHA-256:6892EA01FD1FBFC78FC126F3074B4700108DBA0EA9B401862B88CE8557239D57
                                                      SHA-512:8E851163BBD95F6B9C85CD40741EA15EB70FAF5C2898B6AA3565EA1108E9AE1E4654701DC0080B96AC4F36259610DF25A37A3A6873B10CF33B231C0FFAB57F8B
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):294
                                                      Entropy (8bit):5.355207848310876
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJfBoTfXpnrPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGWTfXcUkee9
                                                      MD5:826213C870FDBB105DCC7E89F824BE61
                                                      SHA1:BF309CFA79C32C599F2D3A0AEB5FEE44FD3F84D4
                                                      SHA-256:2645605F4125BA8B95DB7B67DD8DCB39E339C2683073F00A72332579AB13C5BE
                                                      SHA-512:AAB0B1ECD28700CD58FF91E2581AB7CD243E0E24616F4464CE9FF731FAF6F560624444C91EF4E1D64AAF8C10D1B6462EC057C7F6E562C61AED13FE7D4A614C56
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):294
                                                      Entropy (8bit):5.333607167179307
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJfBD2G6UpnrPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGR22cUkee9
                                                      MD5:8119102D9245F0BA6485FBF0D4235026
                                                      SHA1:83190DB6A9FF81F059F252F689B9712BC2F604B2
                                                      SHA-256:60A9F19CB284AE5CA96B0CC81991F59AFF5048A4B7DD3798709483C47DBF048C
                                                      SHA-512:63E1FA7BE12F32E3EE29A044AEBE06758CF3E0C518BFE1FD305BFE4BDF0D7C439E032D484F9744C78E5677EFF024E2D221D9E6ECBC799FE677992A1FA219F548
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):285
                                                      Entropy (8bit):5.392965945421661
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJfPmwrPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGH56Ukee9
                                                      MD5:B41B837FC4D1062E65204A205D4A7396
                                                      SHA1:EBAC41A24497C075122DD66810CAD2DD1991ABD4
                                                      SHA-256:3F7EB9D2960C5280411BF2CE5C266BF849DAE290937BEC19A37CBFF485CD964C
                                                      SHA-512:5C91597CF333F95082AD7BDFEC76BD21EA6495B6835C9A779E85B3616951EF35D0425BA0B1ED5665717A73207A84E06521486A9798CA9B32312AC7E46893F631
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):292
                                                      Entropy (8bit):5.354360780062597
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJfJWCtMdPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGBS8Ukee9
                                                      MD5:A93FCBF7760DC88C9977C5260602B2E4
                                                      SHA1:76342EE09154FD3489C1272E434A7B184B621E15
                                                      SHA-256:578F47FA96DC5B058E2265DFF8ACE6F2C3A8EB5D4E331C36F254AA8CFE8A85AD
                                                      SHA-512:98A9AE52D2D308464A31809B6EEFA88863E401F98451B5E585333DAFEC29E51FC30D2C9D4845A6192D612E0EB799EEF21242B99A6ED23D32303EF1634E450604
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):289
                                                      Entropy (8bit):5.341601711627771
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJf8dPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGU8Ukee9
                                                      MD5:475476F7C07F864DC38F057A72E7087D
                                                      SHA1:B4384949D12D7429652580FA93C26CE0191C4729
                                                      SHA-256:32C7ECBA5A90361B796002C1E039A213505FC5BAD59890DB49B51A416B2FF696
                                                      SHA-512:414A4447B9C130D194CF6F6908B73C1A26080D2097D46AA72D07E5135D4A5937F14DFF7F655603922BB12C42C20DDF1D6686CD4755A1280E68E8309EECF21A96
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):292
                                                      Entropy (8bit):5.344117348320486
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJfQ1rPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGY16Ukee9
                                                      MD5:47E9B1AD67220E0304E199E14B605B6A
                                                      SHA1:5C1E6B67ED1721939DBFBE1B0F737C1438A59DE8
                                                      SHA-256:E86D36F700CF5E179F7BE4C48447468824229C2D12EFBB271E13B5F116765115
                                                      SHA-512:8268290690ED9D57C432AFBC83C03459901556FE4F78C763C6997261734644525BFD40C545AE72839807372AA553B9A4CD252CE4275021EAC29D4EFD24C5CCB7
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):289
                                                      Entropy (8bit):5.349568858521064
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJfFldPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGz8Ukee9
                                                      MD5:402978BA684A6C22C089BAFA92537034
                                                      SHA1:893611F65780325477DAAFE7811A10E53DDC90CA
                                                      SHA-256:6DBDD01216CC2001E0B5FD57D1411D8F6F8F103F4BD1397C4AE6A7587466773A
                                                      SHA-512:147971807972860E694856C9ACF1F78D14E272DD070A521D4F3EA655BACFE13D80BD0BF76D58D8FF27B17EFC9B21EB22061559FEE24BE3F8E38FCE40AED87847
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):1372
                                                      Entropy (8bit):5.742907805913527
                                                      Encrypted:false
                                                      SSDEEP:24:Yv6XSHDRUdvKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNe:YvzHNUdvEgigrNt0wSJn+ns8cvFJk
                                                      MD5:424A270FA2B2491E4BD9A435479C8161
                                                      SHA1:1569BB43D2D530E2406F570289DC953FFCD65B24
                                                      SHA-256:CB755A8423DEB073DFF933A0494BE4084AB55439695FCA14889812698C4A4178
                                                      SHA-512:A6BFCBF4362C535DCF681BB3046A117AB82CFA830CE376C40E6649F41C67ED1604C506F95087C3480FE76163C94AD71BDB94CD03EFE381513049B5568CEC5056
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):289
                                                      Entropy (8bit):5.3479983777562765
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJfYdPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGg8Ukee9
                                                      MD5:7522E38CC65D34530C561C5B0997090C
                                                      SHA1:A59B71572CD892AC6A9F0FE3019130557163A94D
                                                      SHA-256:299E01F0566FC63AA9D324EFEBD845108CE01D6E253F620BC27E44D0E6785DCD
                                                      SHA-512:9816265FAFE60924C84E11E4DA3700348B48F103036366EBF333244AB2EE2AB8C63E65B368757139DEAA07608A2E7F0D0D6F290E0C907FA0ACCF65BB35689B16
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):1395
                                                      Entropy (8bit):5.778280244228868
                                                      Encrypted:false
                                                      SSDEEP:24:Yv6XSHDRUdyrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN2:YvzHNUdyHgDv3W2aYQfgB5OUupHrQ9Fe
                                                      MD5:BAD0F99566F7E95AAE7FEA52AB6B1B09
                                                      SHA1:789E1F3CF2DEFFC36EA1C6D862483F53476D2931
                                                      SHA-256:1FA6F65268327C04AE9321AEE7BD8F26E6703DFC0A22E50034FB0B17A7C14081
                                                      SHA-512:EBF39CA43F845E31C2DA1962FF010712B5C62333DEF273054C91A4473DCF00434868E469B4D4A0F89E757FA736C38691466D3D3F228A62B302222F7759257043
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):291
                                                      Entropy (8bit):5.331215589672365
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJfbPtdPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGDV8Ukee9
                                                      MD5:2A845FD767E79F01022169A96B144C8B
                                                      SHA1:D7E2338CFF78460DFB2AD0196E03CF81F20746CE
                                                      SHA-256:BCDFC85C7C950EE8A1B90E7761194B1CEF8B8A3EA804CA01DF6E6F563830F93A
                                                      SHA-512:F605D8D365FB3CB97BE3EDA0A7C71E6971E50C1E6168F6829CA99063F6F576807D4E5BE41AF7FDB5AFFBBFABBB270A1C8D2F5FF96AE23A75E981CB6A7C3EF766
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):287
                                                      Entropy (8bit):5.334946898601308
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJf21rPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsG+16Ukee9
                                                      MD5:9C774EAB8807E477949DF1B027C528CC
                                                      SHA1:0114ACB5434D1E312F6D414773716512922CC86E
                                                      SHA-256:DC7C2F1D91A4C87E0E0C8B01C196CB215CB8D2152720D6DAF8DA8808C7853540
                                                      SHA-512:7786D046B9182B09413082529883FAE47D87A559E3C594B0AAFC2CD1E00F69C82E2C345A433BFC4770E2A719871862AD2D55E77B78DCBB61C93D33A964CA6AE0
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):289
                                                      Entropy (8bit):5.354227483473477
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJfbpatdPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGVat8Ukee9
                                                      MD5:D37711895C402331B229FA1B5C32391B
                                                      SHA1:A33A5DFB91DF2BFA063C03A93829D3307272A91F
                                                      SHA-256:955ABBCA0412610313FBCF667BA2182D3D7D72BE0B68DDE46AB8A62F755D35DD
                                                      SHA-512:DE22491B1DBF32A29E2A1865F0BFA915433DCE9EDE5D37340802A949F910E7563AF3E080C0087107682E1FFF6F0A2578A4C2C4B8F06390835793F2276837A72A
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):286
                                                      Entropy (8bit):5.309610132709998
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXHYKcHtAiQ5IRR4UhUR0Y/pHIRDoAvJfshHHrPeUkwRe9:YvXKXJcHGiQWRuUhUdIRsGUUUkee9
                                                      MD5:7D0C5575D29F7EFED5DD83EBE3C4B311
                                                      SHA1:117F33B54A1D81522F3299530F1E78F1CD297750
                                                      SHA-256:2B8678BF8B1C20F370916BFC141B1DA92F11D5222E781293B932D937D0DFB411
                                                      SHA-512:220A4314F5574DF0BBB7ED79358D5428FA2B6167D37676829F77ED13D598B84921F95A193A74CE9C88E8F5F92462E3E42E02E12CBD7EA76B4BCF7F4338389F9C
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):782
                                                      Entropy (8bit):5.376666811760806
                                                      Encrypted:false
                                                      SSDEEP:12:YvXKXJcHGiQWRuUhUdIRsGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhb:Yv6XSHDRUdX168CgEXX5kcIfANhb
                                                      MD5:AFC1495AFDB5D9E9A1F942B4258629F8
                                                      SHA1:A5EE9446505C38FE837C45568CBB20014204D68F
                                                      SHA-256:83936BA878E7409556AEB07CEF608FB245EAAEDFF2C19A1BF0598EA5A3038B21
                                                      SHA-512:A8D17E9822A4FF4A41B2B360518E75E748103F3B9A59FA4EA4B49BAAF959EB653163BAFE92EC688A43E52572521E1D6F210621F5BCE262FDD0C063AABDD7C86C
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"9923da28-f790-4d94-b872-bcd068087836","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714247522389,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714073957421}}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):4
                                                      Entropy (8bit):0.8112781244591328
                                                      Encrypted:false
                                                      SSDEEP:3:e:e
                                                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                      Malicious:false
                                                      Preview:....

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):2814
                                                      Entropy (8bit):5.130153921720945
                                                      Encrypted:false
                                                      SSDEEP:24:Yv3nJ/C0Ma1EkT6AocahayXEZFyRUUjbqj0SowXCA2/iSK2LSCbr675S9WuhOG:YvZXmkT6A1URbMxXzeqIbW7s95
                                                      MD5:57F6441EB11CF78D5901D525EE6BBB56
                                                      SHA1:C4D5C6883E0BB549F580051F294963CFECB12188
                                                      SHA-256:4DD549EC6EC40D911BA923D6A087F5697F2C0CD0EE8EC3FE7F06CBA46822ED38
                                                      SHA-512:AE2A288D02D66D4E8EAC4E565DE1A6DB6B233EEFD8BEDD379C599A45BCD9836FCBC3856CE7C1A29E9DC401B25928E6F4F3235B2D759ADAAB34AD25E019F5DA41
                                                      Malicious:false
                                                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e74700647d64df881b09d1e7224fd2a1","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1714073984000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"830450eaf8e9f6674def14284aeba407","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714073956000},{"id":"Edit_InApp_Aug2020","info":{"dg":"973371e980cc6fe2bf7880a5a24a2e40","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714073956000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"31cac547e60869582d8c10ea350982c7","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714073956000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"18da6b0b2e3291fd371355de30b20aee","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714073956000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"cfdeff47a03fd2e6e2bef7391a1449d2","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714073956000},

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                                      Category:dropped
                                                      Size (bytes):12288
                                                      Entropy (8bit):0.9879302928441208
                                                      Encrypted:false
                                                      SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6Qe8GIcLESiAie0GF:TVl2GL7ms67YXtrmcI8b
                                                      MD5:086E6BEC3A960835A4378D7C559AE827
                                                      SHA1:71198A10A76EC0DC9D1C946095C6A2B58219A827
                                                      SHA-256:BE1C892FC1A3A212738D2B39F66E9102479622EB5FF8F06AA89A249375F2BB0F
                                                      SHA-512:111EE2EDCA8B1AF0B35F3BAAAEA1515F59D74939383E11B5275E93C9C4098B0AFDEB2A8F653BDC89B7D9B9101D01EE49AC3BE9B952DBE10BE1126889FABEF56E
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:SQLite Rollback Journal
                                                      Category:dropped
                                                      Size (bytes):8720
                                                      Entropy (8bit):1.3446400816537107
                                                      Encrypted:false
                                                      SSDEEP:24:7+t6ASY9QmQ6Qe8G7cLESiAi0mY9QW4vqLBx/XYKQvGJF7urs7:7M6lYXtrBcI8KYzAqll2GL7ms7
                                                      MD5:86C177FFDB053074EC838D42FC8D13DF
                                                      SHA1:2A170F71B7CD6E43323F400CB30C93A4D7F00264
                                                      SHA-256:2CDF57C0115D5C6055306EA65BA7227D629763258F1845735C498C11183EEA2D
                                                      SHA-512:0AD840766617BBD4EB359309FB7CA7FFD5842E8352DC6F0E6BC3F321E150BE949EC6D966A12A28E8B070258D0B28A5BCC666AFDED2FFF695A6FE88135A3E771A
                                                      Malicious:false
                                                      Preview:.... .c......C.J......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\MSI11e97.LOG

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):246
                                                      Entropy (8bit):3.53559722477471
                                                      Encrypted:false
                                                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8++/uYle:Qw946cPbiOxDlbYnuRKIw
                                                      MD5:77B179C08AD1E861A089A4F457EC4E84
                                                      SHA1:89617ADD7AD1999D9A629B0E65C5B1ED6AD52EEB
                                                      SHA-256:B53D5C3A12219514F7C13C185DD57CFE8494DD55352589D1F7B1B073A6872289
                                                      SHA-512:70167E0257F28C5EE4DEA641D0536100F3D4099C09210B298D0C65E15618490F38B6A0CC1A50D2C14A0DE5CE8F6AE29AFE309E306DB32A3CFB6C842A0FA78F5F
                                                      Malicious:false
                                                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.0.4./.2.0.2.4. . .2.1.:.3.9.:.1.6. .=.=.=.....

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91445x7t_zjmr7l_5hw.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:HTML document, ASCII text
                                                      Category:dropped
                                                      Size (bytes):379
                                                      Entropy (8bit):5.299496387974426
                                                      Encrypted:false
                                                      SSDEEP:6:wBqWjn8iTawMnraH5hS3EajrRQAtBkFKklCmvYa2L2bcaS3jfU0cMuYa2WQoA:a8eir8qEajr+AtBkFJYa2Jjf0Ya2/
                                                      MD5:9B835B5E5C98642421C356C83B1D8681
                                                      SHA1:8B53B5578248ED4F1B8D9CCCC4DAE1364C0E6AD5
                                                      SHA-256:7240BBF10C4363130E2710A5D42A3D1EF453C6F8AFBFD35B003FDCA327516798
                                                      SHA-512:80C042FA7BC6AAA07B80D77F39869FFBE3D65167612293B374FCF12BA8F4FDBD1A5F3D89E48CA02A3C114FAA028DAB629CC53AAFBF0ED1BBB5735F93C25BD91A
                                                      Malicious:false
                                                      Preview:<HTML><HEAD>.<TITLE>Unsupported Request</TITLE>.</HEAD><BODY>.<H1>Unsupported Request</H1>.PROPFIND to http&#58;&#47;&#47;www&#46;adobe&#46;com&#47;go&#47;homeacrordrunified18&#95;2018 not supported.<P>.Reference&#32;&#35;8&#46;c24d117&#46;1714073960&#46;58c87ed.<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;8&#46;c24d117&#46;1714073960&#46;58c87ed</P>.</BODY></HTML>.

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A914ftr3u_zjmr7r_5hw.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:PDF document, version 1.6, 0 pages
                                                      Category:dropped
                                                      Size (bytes):3531
                                                      Entropy (8bit):3.069147485297638
                                                      Encrypted:false
                                                      SSDEEP:24:PDhd1n/uQWuZ9Zqk2coQl9emrVB9KhVhcqiaXExxlsYmM9o2f0CH97z:PDJGt7k4I91fTVxlsYvz
                                                      MD5:1032DB07A0C82AAC0967E9ACF577653D
                                                      SHA1:AA87B7471815981D3FA2395807848388F76151F1
                                                      SHA-256:3736249EBAA750EAAE986008A53EF573B999105FDAA2F0123268902A7227A53B
                                                      SHA-512:A54F2B8872820290DB61EB6B05419EBFE71CF3ABC4C60418AD1A9F2F9937E5EEAA5B1BF22078386FC47EA138ED8D7B761BA3D8AA7F1748DE6F267E15EB8C165B
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......1 0 obj.<</Metadata 2 0 R/Pages 3 0 R/Type/Catalog>>.endobj.2 0 obj.<</Length 2989/Subtype/XML/Type/Metadata>>stream..<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.2a0d8d9, 2023/03/14-11:19:46 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:dc="http://purl.org/dc/elements/1.1/">. <xmp:ModifyDate>2024-04-25T21:39:49+02:00</xmp:ModifyDate>. <xmp:CreateDate>2024-04-25T21:39:49+02:00</xmp:CreateDate>. <xmp:MetadataDate>2024-04-25T21:39:49+02:00</xmp:MetadataDate>. <xmpMM:DocumentID>uuid:11155fae-2303-4726-a88b-02ffdf4a24cf</xmpMM:DocumentID>. <xmpMM:InstanceID>uuid:995928ac-254e-426a-b3ac-626190f262c4</xmpMM:InstanceID>. <dc:format>application/pdf</dc:form

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91h805t1_zjmr7o_5hw.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:HTML document, ASCII text
                                                      Category:dropped
                                                      Size (bytes):379
                                                      Entropy (8bit):5.303869837614855
                                                      Encrypted:false
                                                      SSDEEP:6:wBqWjn8iTawMnraH5hS3EajrRQAtBkFKklCmvYalbcaS3jfU0cMuYa+ucoA:a8eir8qEajr+AtBkFJYaCjf0Ya/i
                                                      MD5:2EBC677D3B4A0EA30101A0B9892D4035
                                                      SHA1:14BF5F9510A8378ACE4E3AB5804059E172F43735
                                                      SHA-256:5BD9C522D1F412F01590ED52C2B2E72ED5BEC3AC59649C3E519E7B8E14BA6771
                                                      SHA-512:DAAD38F2111ADC5E7329A8C10C4CBE8B536FEE80792BE4F9E1FAAA7F394A3701BB5E57170AC7326797BDEC94FAB1B9C6167BC2FCB05BD249B97C774CF1ED5010
                                                      Malicious:false
                                                      Preview:<HTML><HEAD>.<TITLE>Unsupported Request</TITLE>.</HEAD><BODY>.<H1>Unsupported Request</H1>.PROPFIND to http&#58;&#47;&#47;www&#46;adobe&#46;com&#47;go&#47;homeacrordrunified18&#95;2018 not supported.<P>.Reference&#32;&#35;8&#46;c24d117&#46;1714073963&#46;58c8e33.<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;8&#46;c24d117&#46;1714073963&#46;58c8e33</P>.</BODY></HTML>.

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91wiz1z1_zjmr7s_5hw.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:PDF document, version 1.6, 0 pages
                                                      Category:dropped
                                                      Size (bytes):358
                                                      Entropy (8bit):5.017384908001691
                                                      Encrypted:false
                                                      SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOCW9oYFJA9oYoCCSyAAO:IngVMre9T0HQIDmy9g06JXy6o39oAlX
                                                      MD5:2F6A5568F76CBBEE031DC3224BEEB4C0
                                                      SHA1:228B7ACAEF728EC0B75B63095C1A2E2B66F424F4
                                                      SHA-256:3C87F0273B29979B9CC28040B0AA6ADB743EC30048EBFDE6EE05236BC4130895
                                                      SHA-512:88E3597037F7E69F11A7C004E0057917AB971353B09ECD7176CED42950659FDB27748705234BF14F9DC5AC44514C270EE35D3217C70FDEF79FBAE9E488E79C0C
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<7F9D303086FFA54090CB7D6A3187DC16><7F9D303086FFA54090CB7D6A3187DC16>]>>..startxref..127..%%EOF..

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A93bb41v_zjmr7n_5hw.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:PDF document, version 1.3, 2 pages
                                                      Category:dropped
                                                      Size (bytes):1734720
                                                      Entropy (8bit):7.999581305333742
                                                      Encrypted:true
                                                      SSDEEP:49152:Vindpk/BgYlE87nasHBpFjt6oyk5b8dk1HR7G:8ndp0BgzgLHBp9qsbxY
                                                      MD5:1527BBD38601C24087D9BE0F5ACCBE19
                                                      SHA1:0C4539A4DD2CD8302D29FB50DA4D3B5F9E65CE1F
                                                      SHA-256:5C2E32A79BA4E2ABA9DEF10E521ED268463288BAFE038B5CD9DE099799663DD1
                                                      SHA-512:00391887BCE35EEEF1636A6902FF82831E5FE600144966FDAA95276FA713FD3E5D417C79AA85947D005762B02CB9A8F5DD4C2AF1038C79D78532536CDAB6A9D4
                                                      Malicious:false
                                                      Preview:%PDF-1.3.%.....1 0 obj.<<./Metadata 2 0 R./Pages 3 0 R./Type /Catalog.>>.endobj.4 0 obj.<<./Author <BEA046C7D18BC5DA57096888CC725F4A6F>./CreationDate <A9EE11878BD89B8A001917D48A30061C58>./Creator <BABB51D3>./ModDate <A9EE11878BD89B8A001917DF8938071C2F41D99AF4C8E5>./Producer <80B540F8EACAFDD6405A4F82D521061A2C47C085E4D0809EB20A74F7AA0163DC0A39006B5A417871B5AA11A958F50176CED1FF2CEB>./Title <BAB14FD4D687CE93464606ACD87358496305CEFFE4C8FADBE25422F7FE584A8A55>.>>.endobj.2 0 obj.<<./Length 3491./Subtype /XML./Type /Metadata.>>.stream...u>..oz.~..T....H\+h.-...J.8...M....A..?dP.....:.mx..k..J.....\:..A.H"V.........y. .w.......$...c...........r.{x.r.<..m.1.L1....2.x.3...x...H....k..S\....[yFw.|.r.1.........V+..9.(..H_@>....1Mn>9w.O.A0...A..<..W.k..F+.i.34(.....D`V....I....+j.-.......oTf..P`.$..u`..gx..3...wZ...W<P..m+_b.......)o.....H.^u.e.._..?Ly.........F.,...,0...].*~.1VC..%wv<.gGd....$=(~.<U..F.i0...(J..._.r.$.........H..N.J...A...f.i%.....[$hfVM...S8.F.a......

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9h3n54p_zjmr7m_5hw.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:HTML document, ASCII text
                                                      Category:dropped
                                                      Size (bytes):379
                                                      Entropy (8bit):5.310389574625271
                                                      Encrypted:false
                                                      SSDEEP:6:wBqWjn8iTawMnraH5hS3EajrRQAtBkFKklCmvYa22bcaS3jfU0cMuYa2voA:a8eir8qEajr+AtBkFJYa29jf0Ya2b
                                                      MD5:44A9B8C87DD142C65292550ED1F639F0
                                                      SHA1:5F32ADCD94B70562A08E4FBE4DCAF510015F7D75
                                                      SHA-256:C4BB338B1D7817FD43E3896030433960024EEA36A0E141630B1B07CD5932794F
                                                      SHA-512:5B503B965956A8E1B9A6C38019AA9745E0E72D0CC1CC8C1A44772F84DBDC89376B376EAF1236429B394C5C6BEB2259210BC80628ED9E294D9196E45AD0307D02
                                                      Malicious:false
                                                      Preview:<HTML><HEAD>.<TITLE>Unsupported Request</TITLE>.</HEAD><BODY>.<H1>Unsupported Request</H1>.PROPFIND to http&#58;&#47;&#47;www&#46;adobe&#46;com&#47;go&#47;homeacrordrunified18&#95;2018 not supported.<P>.Reference&#32;&#35;8&#46;c24d117&#46;1714073960&#46;58c8916.<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;8&#46;c24d117&#46;1714073960&#46;58c8916</P>.</BODY></HTML>.

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 21-39-04-133.log

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:ASCII text, with very long lines (393)
                                                      Category:dropped
                                                      Size (bytes):16525
                                                      Entropy (8bit):5.353642815103214
                                                      Encrypted:false
                                                      SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
                                                      MD5:91F06491552FC977E9E8AF47786EE7C1
                                                      SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                                                      SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                                                      SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                                                      Malicious:false
                                                      Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):15114
                                                      Entropy (8bit):5.33696409113879
                                                      Encrypted:false
                                                      SSDEEP:384:dB102GDafEcheJQC7mlQOl8cv0I42kKttra53xrTBoVpuP4yTGGqXq3i6NKtu22t:bS
                                                      MD5:B5D15E1E6F69F51091777D0DFF7EF255
                                                      SHA1:867E250685E9E49B1107FC0DE06A4727185D73F0
                                                      SHA-256:5994ACF55E03106F4CF5CFFAE9F4636EE573C17498C179017CA9EE63E2494CA2
                                                      SHA-512:AF90277F46FBD7C8B330DC9E40055A972CBF169EB41005722623FAF287C02B64B0D3F11A93920D8B4600AF44586FE02786999828CFCDD5687AABB7E12F0305B1
                                                      Malicious:false
                                                      Preview:SessionID=7e4b6a02-b18c-480e-970d-aaf5a01b640a.1714073944145 Timestamp=2024-04-25T21:39:04:145+0200 ThreadID=1444 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=7e4b6a02-b18c-480e-970d-aaf5a01b640a.1714073944145 Timestamp=2024-04-25T21:39:04:147+0200 ThreadID=1444 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=7e4b6a02-b18c-480e-970d-aaf5a01b640a.1714073944145 Timestamp=2024-04-25T21:39:04:147+0200 ThreadID=1444 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=7e4b6a02-b18c-480e-970d-aaf5a01b640a.1714073944145 Timestamp=2024-04-25T21:39:04:147+0200 ThreadID=1444 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=7e4b6a02-b18c-480e-970d-aaf5a01b640a.1714073944145 Timestamp=2024-04-25T21:39:04:148+0200 ThreadID=1444 Component=ngl-lib_NglAppLib Description="SetConf

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):29752
                                                      Entropy (8bit):5.424250379315821
                                                      Encrypted:false
                                                      SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcb3QcbQIz5cbN:fhWlA/TV+zi
                                                      MD5:93410A46DBAC4EEAB22BE90A4172FA00
                                                      SHA1:098E55E4D670B2E9153030317B2ECA0EF84103ED
                                                      SHA-256:A176BEDD4BEFA26EF059EF29F4143C594D86CFBF0D4E2E176803C9A1F1239CE5
                                                      SHA-512:3F676D27480034F82324B83E881EED95A41C8116B021EC22BABB0D296EE832D861B14013D2AB09E3D2D25EA750DE2AAF6F9C7F6FD63C2BDC39D2692CC0A8863F
                                                      Malicious:false
                                                      Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\725a1ef6-b4f3-4414-8d6a-b82c9392c1b2.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                      Category:dropped
                                                      Size (bytes):758601
                                                      Entropy (8bit):7.98639316555857
                                                      Encrypted:false
                                                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                      MD5:3A49135134665364308390AC398006F1
                                                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                      Malicious:false
                                                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\7d2ff6ef-3a28-4c6a-9b67-b0a5952cfbc7.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                      Category:dropped
                                                      Size (bytes):1407294
                                                      Entropy (8bit):7.97605879016224
                                                      Encrypted:false
                                                      SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
                                                      MD5:716C2C392DCD15C95BBD760EEBABFCD0
                                                      SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
                                                      SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
                                                      SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
                                                      Malicious:false
                                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\94319180-d90f-42b4-b4db-f1042ed2bb68.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
                                                      Category:dropped
                                                      Size (bytes):1419751
                                                      Entropy (8bit):7.976496077007677
                                                      Encrypted:false
                                                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJz:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZB
                                                      MD5:316B05C87805ECEABE557C43F0E75585
                                                      SHA1:A66EEC1655D9B2EA9EF3027072F2F0F64D3BBD76
                                                      SHA-256:22679B4A0366BC40A82DA460950A404824C3BBEB183D0E3CB1A5261D3AFA03AC
                                                      SHA-512:D0889B39BD63A33BD3440AE209E755A3D4948087378129B2D46B392918BC3B079D44738E90CC2D65294F7AAA52B63B7F30B6350EFC93E751A77974080D0675B2
                                                      Malicious:false
                                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\aa91fd00-0747-46da-bf07-39ff87e8466b.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
                                                      Category:dropped
                                                      Size (bytes):783131
                                                      Entropy (8bit):7.986027847157645
                                                      Encrypted:false
                                                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9UC:O3Pjegf121YS8lkipdjMMNB1DofjgJJG
                                                      MD5:04C16B1B79BCC04EB6DF6F0F019431A1
                                                      SHA1:0A8EDB38412356E9F42C1282BEA557A1DC889B41
                                                      SHA-256:308F24A48916CE592C77CC167D61D2FE5842D5F54D908CF81F90073046DDDA35
                                                      SHA-512:493D4C0546C4841B3B6E788E3BFC2FFF891E3C3B34511C4C1A87750399B5E7C15485AEB024027FF6E2F934D07C08FC1E0D927C2F306084B79F4062FCA6F74F5C
                                                      Malicious:false
                                                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\de463e6e-c168-4d9b-bc79-43494690e288.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                      Category:dropped
                                                      Size (bytes):386528
                                                      Entropy (8bit):7.9736851559892425
                                                      Encrypted:false
                                                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                      Malicious:false
                                                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                      C:\Users\user\AppData\Local\Temp\ztmp\t15594.bat

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe
                                                      File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):181
                                                      Entropy (8bit):5.031574546956285
                                                      Encrypted:false
                                                      SSDEEP:3:mKDDFARlqRwOT6ckE2J5xAIOyHU88JPT6ckE2J5xAI+KaozyqTTrbxtvlAzKDDSt:hmRlq1RN23fO8mRN23fUI/bi0GsOksUW
                                                      MD5:F4BA6861DF144369070AB2FB21DABB0F
                                                      SHA1:B3319E70367E7B74D104E0484D0A96E396845419
                                                      SHA-256:6D1417B7FFC1690BF84431BC579EBE94D94B1BF24D6D8DE63AA85817210CD3A0
                                                      SHA-512:41FCC5BA4060E4DDDB04559E4499C7BE6098D8FD490340B713EFCAD978033AD834ED5D6900A66CB85D14C0FF3AC94C7C04CAFEA1ADA098C99360D8BBD9839C8E
                                                      Malicious:false
                                                      Preview:@echo off..set ztmp=C:\Users\user\AppData\Local\Temp\ztmp..set MYFILES=C:\Users\user\AppData\Local\Temp\afolder..set bfcec=t15647.exe..SHIFT /0..@echo off..del c:\aios3*.exe /s..cls

                                                      C:\Users\user\AppData\Local\Temp\ztmp\t15647.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):15
                                                      Entropy (8bit):3.3735572622751855
                                                      Encrypted:false
                                                      SSDEEP:3:bO:bO
                                                      MD5:3C52638971EAD82B5929D605C1314EE0
                                                      SHA1:7318148A40FACA203AC402DFF51BBB04E638545C
                                                      SHA-256:5614459EC05FDF6110FA8CE54C34E859671EEFFBA2B7BB4B1AD6C2C6706855AB
                                                      SHA-512:46F85F730E3CA9A57F51416C6AB4D03F868F895568EEE8F7943CD249B2F71D2A3E83C34E7132715C983D3EFAA865A9CB599A4278C911130A0A6948A535C0573B
                                                      Malicious:false
                                                      Preview:RCHELICOPTERFTW

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\10.0\Stamps\AIO S3.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\10.0\Stamps\AIO S3.pdf (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\11.0\Stamps\AIO S3.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\11.0\Stamps\AIO S3.pdf (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\2015\Stamps\AIO S3.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\2015\Stamps\AIO S3.pdf (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\2017\Stamps\AIO S3.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\2017\Stamps\AIO S3.pdf (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\2019\Stamps\AIO S3.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\2019\Stamps\AIO S3.pdf (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\2020\Stamps\AIO S3.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\2020\Stamps\AIO S3.pdf (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):57487
                                                      Entropy (8bit):5.665753272611464
                                                      Encrypted:false
                                                      SSDEEP:768:8Pt6Tl+13OaPmtcckEmlrYMvx/Wi6Y5cLiB9ge1CAL0YWoFKk:8PgTI13OaP4ccBwBWinE+CJoH
                                                      MD5:9907BE0D71885E21F485856B1EC1489F
                                                      SHA1:1AE140DD86DB29761BD31C6827804816A6AA280F
                                                      SHA-256:590F49207FAD01E05F4372067260B89BED23260E3F0953E4E0DA06A76C149906
                                                      SHA-512:F983C1A4161EAB3622B8BC95CC9706A5F22E760EC59BD40033B6DBAF48F7773486135E892C4DFC5649DAF68B61ADF33C01C3C624F374BBF52D5AE8DFE4A04192
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 15%
                                                      • Antivirus: Virustotal, Detection: 20%, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0...Q..Q..Q.`M..Q..N..Q..N..Q..Q..Q..N..Q.[W..Q.Rich.Q.........................PE..L......P..................... .......W............@........................................................................ ...P....................................................................................................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):57487
                                                      Entropy (8bit):5.665753272611464
                                                      Encrypted:false
                                                      SSDEEP:768:8Pt6Tl+13OaPmtcckEmlrYMvx/Wi6Y5cLiB9ge1CAL0YWoFKk:8PgTI13OaP4ccBwBWinE+CJoH
                                                      MD5:9907BE0D71885E21F485856B1EC1489F
                                                      SHA1:1AE140DD86DB29761BD31C6827804816A6AA280F
                                                      SHA-256:590F49207FAD01E05F4372067260B89BED23260E3F0953E4E0DA06A76C149906
                                                      SHA-512:F983C1A4161EAB3622B8BC95CC9706A5F22E760EC59BD40033B6DBAF48F7773486135E892C4DFC5649DAF68B61ADF33C01C3C624F374BBF52D5AE8DFE4A04192
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 15%
                                                      • Antivirus: Virustotal, Detection: 20%, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0...Q..Q..Q.`M..Q..N..Q..N..Q..Q..Q..N..Q.[W..Q.Rich.Q.........................PE..L......P..................... .......W............@........................................................................ ...P....................................................................................................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Annss.dat

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):10240
                                                      Entropy (8bit):0.28944079215501717
                                                      Encrypted:false
                                                      SSDEEP:6:bjWy4MbWhQ3ZzxnULwMe2ZLYOpJRULYOPMR1:/yMamULwWZUaOPM
                                                      MD5:481B6CB950130D94CBCC4D3B39C46DF2
                                                      SHA1:71C338E2AF92F0D54CCC67D5128DD6901DC97013
                                                      SHA-256:B8DCE726B0EAC3B193640BF103AD0F66BB4744A3C48246691BA51FD63C3C9C0A
                                                      SHA-512:F7CCB05BF678F9AEA45A51FD44A7118674CDFBE373699024A63F80122B72019DBB72BA678C73528134D84B18341D89C6BBDC914EECCF674B17746DF462E1574A
                                                      Malicious:false
                                                      Preview: ...-v..u......'.....x...}.....9k-.< ......s!S\lj....cr..&.f.......E\.. .....QI.....2g..|t.a..:f.H.n.tq.nj...`...3...<....3..1.jh...........@MD.]...s..0_.1.R.../p.../5....a.o0..?..J\h.sg!....Cs...`U..G..../q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Annssi.dat

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):24152
                                                      Entropy (8bit):0.44669409137375626
                                                      Encrypted:false
                                                      SSDEEP:24:ftSHBtYx0pqpQhufkd7lwT9rerC88WhnMQGj:fgex0IpQhufylk8RhnK
                                                      MD5:F78C032F004EB218AF07D39724C79E2B
                                                      SHA1:D29F276304069566023BE7CF8E2246BBEA00B11D
                                                      SHA-256:ED8FFA759BED94FE8E2E8C8DADD4C53061D1786C9AE1EE108516ED9FE490CAEE
                                                      SHA-512:6AA2549226B0836123B90ACE0A8D82A5BB35293FF3AC3CDD5EAAF7FC01BACACB6EFC7D8104A9489CD3A02A579C179A4DBB2A237E3E26F4FDFA97F24E9DD428DC
                                                      Malicious:false
                                                      Preview: ....i......2\sr.F..d.Ie@...Q!...9.>.._y@.....<.#P...e.?./.....k........=.....4V.....s..{....x..@H.I..r~...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Annssk.dat

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):264
                                                      Entropy (8bit):6.560935229297893
                                                      Encrypted:false
                                                      SSDEEP:6:Qa38wsSlHCmqLbD/Ucdd7MhTJ9LcGkU5MowMO:QUz+moUU6XLcRU5O
                                                      MD5:085AEBFB680A5BD8DEB0DA275294E997
                                                      SHA1:5704571EA13C5F852489E93B8B010EA9F89574CF
                                                      SHA-256:BEB8D0DCD42471FC3115A0B78A040D6B7A636B8EFB7C12171C4777BA134F5F5F
                                                      SHA-512:6E6271F3E7EE4615460FEC2F685B10D8C1F2E9747D2231EF22B9F6E01BA2CBE36076B430BEC0E6D2B9323848F9CFD4D2E13E0C0559E7A4A5403287D1A78D8124
                                                      Malicious:false
                                                      Preview:............z..O........{!<z}N.&...x.........x....f...... .....E...f)B......J..&(zR.|v.e!#............. ...'.......1....r.....P......hZ>0.0...$.S.I!4.Yoq5..Mg..: .IH..d<}?.U....B}0.....*'@...~...Z..x...p..5._iK...5N....u2.!c.z1.........QFF.....Je.%.W..{

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Stamps\AIO S3.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Stamps\AIO S3.pdf (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PDF document, version 1.6 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):12010
                                                      Entropy (8bit):6.637069867991827
                                                      Encrypted:false
                                                      SSDEEP:192:NSA4TV2Y3FaIGPNlP4hLy6DNHYQM/vy82Uo/XgmMKoXqJjckAWN9:YXTV2Y3Fa1PIpyI5YQQD2U4gmMKoXIvP
                                                      MD5:10C4F19E214B19493F567215C356D08A
                                                      SHA1:CADB2A2B80FD9DA9998100C195BC7BA7200B0539
                                                      SHA-256:94D4D0D651AD1A90A174212EAB5C2FCC79CED9D276BA4AECE7F12376C3B5F8A0
                                                      SHA-512:1BCA6E8F0CCF1D361B63D6D2852820FD3226CA95E6D97E2AEF1B41530D237D4BBBD9C79421FD5D0B39E6FF4641D1A68251F092384D9C8870CF07CB04C3905D47
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......12 0 obj.<</Linearized 1/L 12010/O 14/E 7560/N 1/T 11703/H [ 486 192]>>.endobj. ..25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<86F85140E103C9498ED71684432E2157><D7A64D85EFD3F242A34533F81AE90FC7>]/Index[12 38]/Info 11 0 R/Length 72/Prev 11704/Root 13 0 R/Size 50/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.3...B....P..\.@.Q n..0...sA..A.....1.&F.6..F..../...0..8.5..endstream.endobj.startxref..0..%%EOF.. ..49 0 obj.<</Filter/FlateDecode/I 128/Length 100/O 85/S 42/V 101>>stream..h.b``.f``.g...J.T......TG..87.30.2.3...<+4Q..[...!..`.F............d}..y@...R...%.d.20..C.N....I..b..endstream.endobj.13 0 obj.<</AcroForm 26 0 R/Metadata 3 0 R/Names 27 0 R/Outlines 7 0 R/Pages 9 0 R/Type/Catalog>>.endobj.14 0 obj.<</Annots 30 0 R/Contents 22 0 R/CropBox[0.0 0.0 108.0 72.0]/MediaBox[0.0 0.0 108.0 72.0]/Parent 9 0 R/Resources<<>>/Rotate 0/Tabs/W/Type/Page>>.endobj.15 0 obj.<</BBox[0.0 0.0 100.3 65.4549]/Filter/FlateDeco

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):82526
                                                      Entropy (8bit):5.111845624769139
                                                      Encrypted:false
                                                      SSDEEP:1536:azzZrrIApXR/cYR5r1ybrae3g3hOhyJ8MxlnWy78Qdb:g7nUYRxIrbQQhYxlnx7Zb
                                                      MD5:4747A3D237BFD0E6E0A5E94530F2C2FD
                                                      SHA1:974D4263ED3F4320022A8AF83729DA805CDEAD3C
                                                      SHA-256:B2A25E286AB99D3BC515748AF6A2A9534653F9D062624D4F0EAD66EE19DD4F12
                                                      SHA-512:82B04F12F927797B0718FB1C8A4875F2C1FFCDB7FC3E34B0F7269F19C3B3B0FE957630B54813DE58462DB082C0C896603FC227F475EFCCED529AAE7995028783
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                      • Antivirus: Virustotal, Detection: 2%, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4E.QU+.QU+.QU+.*I'.SU+.>J .WU+.>J!.bU+..I%.CU+..]v.^U+.QU*.-U+..v..UU+..S-.PU+.RichQU+.................PE..L....t{R............................lg............@..........................P..............................................P........ ..P(...........................................................................................................text...:........................... ..`.rdata........... ..................@..@.data....3.......0..................@....rsrc...P(... ...0..................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\E-Sticker Style 3 Uninstaller.exe

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):84214
                                                      Entropy (8bit):5.166267266452375
                                                      Encrypted:false
                                                      SSDEEP:1536:azzZrrIApXR/cYR5r1ybrae3g3hOhyJ8MxlnWy78QdJo:g7nUYRxIrbQQhYxlnx7ZG
                                                      MD5:AD5386F1F90F3F938256B4A5CC564FF8
                                                      SHA1:C05C5C024A4FD6F3E20CCA9B2449990573802424
                                                      SHA-256:16A7F246B92122D2D7F4EABA212E2FF691DBEDB6137EFCF5F74B1A6D68C3C8D6
                                                      SHA-512:E28F70C58A3E9C55454331E78FDA151C8A4B3FEDDEE0E2FE24DD431B30066AFD4319CC5F2B5A366CB467F478AF7D2BB0716696FE18BDC9E5A5BA69226DA33055
                                                      Malicious:true
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4E.QU+.QU+.QU+.*I'.SU+.>J .WU+.>J!.bU+..I%.CU+..]v.^U+.QU*.-U+..v..UU+..S-.PU+.RichQU+.................PE..L....t{R............................lg............@..........................P..............................................P........ ..P(...........................................................................................................text...:........................... ..`.rdata........... ..................@..@.data....3.......0..................@....rsrc...P(... ...0..................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.3style.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.3style.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.privileged.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.privileged.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.util.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts\com.exhibitco.aio.util.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.3style.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.3style.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.privileged.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.privileged.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.util.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\11.0\JavaScripts\com.exhibitco.aio.util.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.3style.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.3style.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.privileged.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.privileged.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.util.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2015\JavaScripts\com.exhibitco.aio.util.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.3style.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.3style.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.privileged.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.privileged.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.util.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2017\JavaScripts\com.exhibitco.aio.util.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.3style.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.3style.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.privileged.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.privileged.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.util.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2019\JavaScripts\com.exhibitco.aio.util.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.3style.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.3style.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.privileged.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.privileged.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.util.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\2020\JavaScripts\com.exhibitco.aio.util.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.3style.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.3style.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with very long lines (3247), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):34260
                                                      Entropy (8bit):4.501670822953826
                                                      Encrypted:false
                                                      SSDEEP:384:tdgDj73fpR0SlWL72Pwp78DFMLOwC8gFiVSEhD6NtKoJWJFdEGsL7muIjss4vkZV:tdm730sMl8EhDCudEGsHmljss4vkZWRu
                                                      MD5:C57DFF81B995D261C043CB481E3BAD18
                                                      SHA1:D5E2EE5E04E0CF9B68FB393F3B4ACEDF60B043D5
                                                      SHA-256:311BF7C0C7F26CA6DB106748B28FD13C616BC52F05A32A0D2B6503330F22EDAD
                                                      SHA-512:31B9323359CF798F61010E077847F97389FDE95BBA82A9F10247538338942C0DD0CA96F373ACDC1A0E6C30C8A4549D9588BB067AB549999EAB594FAF1761F9FD
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_STYLE3 = {};..../* To get the IconStream from a image file execute the following 3 lines..in the Acrobat javascript console (the image has to be 20*20 Pixels and ..in BMP, GIF, JPEG, PCX, PNG or TIFF format) and replace the IconStream ..string with the console output:.. ..this.importIcon("myIcon", "/C/path/to/icon.jpg", 0);..var oIcon = util.iconStreamFromIcon(this.getIcon("myIcon"));..oIcon.read();..*/..COM_EXHIBITCO_AIO_STYLE3.oIcon = {};..COM_EXHIBITCO_AIO_STYLE3.oIcon.count = 0,..COM_EXHIBITCO_AIO_STYLE3.oIcon.width = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.height = 20,..COM_EXHIBITCO_AIO_STYLE3.oIcon.IconStream = "fffffffffff0f0f0fffffffffffffffffff3f3f3fffffffffff8f8f8fffffffffffffffffffffffffffffffffff7f7f7fffffffffffafafafffbfbfbfffefefefffffffffff9f9f9ffffffffffefefefff434343ff0f0f0fff000000ff040404ff0b0b0bff040404ff090909ff020202ff000000ff000000ff000000ff080808ff030303ff000000ff0c0c0cff000000ff000000ff050505ff030303ff4a4a4aff020202ffeded

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.privileged.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.privileged.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1559
                                                      Entropy (8bit):5.250476522689976
                                                      Encrypted:false
                                                      SSDEEP:48:ZewoePfbl/PS1cQJuSBp3nGL35RR4btQ1cHm6JNtd1NCNVSpav:OePfbtAcQJuSBp3GD5CtQ1cHJJn1av
                                                      MD5:F2732178C1D874352BF42DF61F8FDDFB
                                                      SHA1:B160145E8AB4F5C48E4D8C4A4F6C54081E55810C
                                                      SHA-256:C07589C6767D5EA240816F78631964122CE5B18505FA09ECF1D9E985FFE36662
                                                      SHA-512:D5F30B6B8D2D4766C6CD1D1CD2CB165B978CF70767F4D563C5FCBF256E3B55EEA4BD1AA523C414956F2F23500F3C5C228877E4CFE28D99FC4242A2DC9B9AE3CD
                                                      Malicious:false
                                                      Preview:/*..The code in this file was outsourced from the stamp document Javascripts..to make the stamp work if its document is protected or to use trustedFunctions..*/..var COM_EXHIBITCO_AIO = {};......COM_EXHIBITCO_AIO.background_color = {};..// Changing fillColor is not allowed in a protected document..COM_EXHIBITCO_AIO.background_color.changeBackgroundColor = app.trustedFunction( function(cCol, obj) {..app.beginPriv();.. obj.getField("BACKGROUND").fillColor = cCol;..app.endPriv();..});......COM_EXHIBITCO_AIO.attachFileNameToStamp = app.trustedFunction( function(obj) {......// Set using file name....app.beginPriv();.....cMsg = event.source.source.documentFileName.....cMsg = cMsg.replace(/\.pdf$/i, "");.....// Optional code below to add page.....//cMsg = cMsg + "\npage " + event.source.source.pageNum + "/" + event.source.source.numPages.....//COM_EXHIBITCO_AIO_UTIL.setStickerProp(obj, cMsg);....app.endPriv();....return cMsg;.....});....// Use trustedFunction to get rid of the "Warning: Ja

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.util.$$A

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Privileged\DC\JavaScripts\com.exhibitco.aio.util.js (copy)

                                                      Download File
                                                      Process:C:\Users\user\Desktop\aios3.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2503
                                                      Entropy (8bit):4.930761067998965
                                                      Encrypted:false
                                                      SSDEEP:48:mip5vAjA73Ge3yWzgKyWzTyyWzmfJKzcRyXivR8qq81fBJzA9wz/Ryw0ivthT:dP4jA73GeV0G3uiJKuyyvRy81ffsi1yo
                                                      MD5:0CBAA5F66E08E717D044248745E51DDF
                                                      SHA1:FF213BF25D98054523A26A8E11F4D64BF82D12B3
                                                      SHA-256:71F52730D362724D41D84383EDFBDCFC113523B7129C81DCA264E7A9284B328A
                                                      SHA-512:D2E0F323119FC6DF97566A59EFC389E2303DCCF73F676671CF00937624E24E78B14155AB6D3382A8B8CE8CDC13C74153090C132F3116ED150A44918B5CF15EC0
                                                      Malicious:false
                                                      Preview:// Create namespace..var COM_EXHIBITCO_AIO_UTIL= {};....COM_EXHIBITCO_AIO_UTIL.validateNumber = function(sNum, defaultNum) {.... // default number.. //var dv = COM_EXHIBITCO_BASIC.number.default;.... // Message string prefix/suffix.. var msgPrefix = "Starting number: " + sNum + "\r\r";.. var msgSuffix = "\r\rThe starting number will be set to the default value of: " + defaultNum;.... // One to six digits, that's it.. var re = /^\d{1,6}$/;.... // Attempt to convert input to a number.. var nNum = +sNum;.... // Maximum number of digits allowed.. var max_digits = 6;.... if (sNum.length === 0) {.. app.alert("Starting number: <blank>\r\rPlease enter from 1 to " + max_digits + " digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (sNum.length > 6) {.. app.alert(msgPrefix + "Please enter " + max_digits + " or fewer digits." + msgSuffix, 3);.. return defaultNum;.. }.... if (!re.test(sNum)) {.. app.alert(msg

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Entropy (8bit):7.017671892017012
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.83%
                                                      • Windows Screen Saver (13104/52) 0.13%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:aios3.exe
                                                      File size:295'670 bytes
                                                      MD5:a1ad4d0b5f70c0bf97e5ef59e814c03d
                                                      SHA1:583b88811550e7683916795306df383f06f08237
                                                      SHA256:ecdc7fc83fb0574ae1b35deffe21e8e778e3e21b760469851312e7d6483a8f03
                                                      SHA512:ce133490821b6fdc0ec7fda09bbce5bd8fd7bc8f7e862d0e98dca6a4867e512e9f82a68fac352e73b6918e034a010a418485dbddcf911c12dfbed083081dd4c6
                                                      SSDEEP:6144:pdKBBpxQSZrRe1pWmYTCZLKVl+ZtMIcvtEA4NtfudlIKaD:pdKBHw8mYmZ6GMpt6budmtD
                                                      TLSH:0154F14EA2CD80B7DE57107010A5FB373B36B7E50320DD879B58DD1A9D122668B263EB
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................r...............................r...........,...........6.......Rich............PE..L....t{R...

                                                      File Icon

                                                      Icon Hash:0c4c0e0e2df10706

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x41c312
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                      DLL Characteristics:
                                                      Time Stamp:0x527B74DE [Thu Nov 7 11:09:18 2013 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:90bc04cd771dd9666e2f7a223698dc3b

                                                      Entrypoint Preview

                                                      Instruction
                                                      push ebp
                                                      mov ebp, esp
                                                      push FFFFFFFFh
                                                      push 00423798h
                                                      push 0041FA58h
                                                      mov eax, dword ptr fs:[00000000h]
                                                      push eax
                                                      mov dword ptr fs:[00000000h], esp
                                                      sub esp, 58h
                                                      push ebx
                                                      push esi
                                                      push edi
                                                      mov dword ptr [ebp-18h], esp
                                                      call dword ptr [004230C4h]
                                                      xor edx, edx
                                                      mov dl, ah
                                                      mov dword ptr [0042BC74h], edx
                                                      mov ecx, eax
                                                      and ecx, 000000FFh
                                                      mov dword ptr [0042BC70h], ecx
                                                      shl ecx, 08h
                                                      add ecx, edx
                                                      mov dword ptr [0042BC6Ch], ecx
                                                      shr eax, 10h
                                                      mov dword ptr [0042BC68h], eax
                                                      xor esi, esi
                                                      push esi
                                                      call 00007FB1A49ED39Ah
                                                      pop ecx
                                                      test eax, eax
                                                      jne 00007FB1A49ECFDAh
                                                      push 0000001Ch
                                                      call 00007FB1A49ED085h
                                                      pop ecx
                                                      mov dword ptr [ebp-04h], esi
                                                      call 00007FB1A49F04F3h
                                                      call dword ptr [00423134h]
                                                      mov dword ptr [0042C28Ch], eax
                                                      call 00007FB1A49F03B1h
                                                      mov dword ptr [0042BCB0h], eax
                                                      call 00007FB1A49F015Ah
                                                      call 00007FB1A49F009Ch
                                                      call 00007FB1A49EB8D6h
                                                      mov dword ptr [ebp-30h], esi
                                                      lea eax, dword ptr [ebp-5Ch]
                                                      push eax
                                                      call dword ptr [00423138h]
                                                      call 00007FB1A49F002Dh
                                                      mov dword ptr [ebp-64h], eax
                                                      test byte ptr [ebp-30h], 00000001h
                                                      je 00007FB1A49ECFD8h
                                                      movzx eax, word ptr [ebp-2Ch]
                                                      jmp 00007FB1A49ECFD5h
                                                      push 0000000Ah
                                                      pop eax
                                                      push eax
                                                      push dword ptr [ebp-64h]
                                                      push esi
                                                      push esi
                                                      call dword ptr [004230ACh]

                                                      Rich Headers

                                                      Programming Language:
                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x23cc80xc8.rdata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x2bd0.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x230000x38c.rdata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x2189a0x220007d428061a1e87aedeb07a31c0864a2dfFalse0.544189453125data6.619634244891906IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rdata0x230000x206a0x3000bf6993bef9c1e3bc5620078729c7a209False0.2957356770833333data4.126065908846931IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .data0x260000x62a00x60005c2289dfb7982b121f5a521dbb9461b8False0.2709147135416667data3.0847317297192394IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x2d0000x2bd00x3000d711ca0ce3f59c8343468ddf2332f20eFalse0.4558919270833333data4.651834735029201IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0x2d2d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.4864864864864865
                                                      RT_ICON0x2d3f80x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.4458092485549133
                                                      RT_ICON0x2d9600x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.3467741935483871
                                                      RT_ICON0x2dc480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colorsEnglishUnited States0.697202166064982
                                                      RT_ICON0x2e4f00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688, 256 important colorsEnglishUnited States0.5490405117270789
                                                      RT_DIALOG0x2f7b80x26dataEnglishUnited States0.8421052631578947
                                                      RT_DIALOG0x2f7e00x26dataEnglishUnited States0.8421052631578947
                                                      RT_DIALOG0x2f8080x7adataEnglishUnited States0.6885245901639344
                                                      RT_DIALOG0x2f8880x26dataEnglishUnited States0.8421052631578947
                                                      RT_GROUP_ICON0x2f3980x4cdataEnglishUnited States0.8157894736842105
                                                      RT_VERSION0x2f8b00x320dataEnglishUnited States0.4325
                                                      RT_MANIFEST0x2f3e80x3cbXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4881565396498455

                                                      Imports

                                                      DLLImport
                                                      KERNEL32.dllGetModuleHandleA, MoveFileExA, GetCurrentProcess, GetDriveTypeA, GetModuleFileNameA, GetVersionExA, GetVersion, CompareStringA, GetTimeZoneInformation, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, GetStringTypeW, GetStringTypeA, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetOEMCP, GetACP, FormatMessageA, LCMapStringW, LCMapStringA, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetCommandLineA, GetStartupInfoA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindNextFileA, RemoveDirectoryA, MoveFileA, RtlUnwind, DeleteFileA, SetEnvironmentVariableA, CreateDirectoryA, HeapFree, HeapAlloc, HeapCompact, TerminateProcess, ExitProcess, CopyFileA, SetFileTime, OpenFile, GetFileAttributesA, SetFileAttributesA, SetErrorMode, GetPrivateProfileStringA, WritePrivateProfileStringA, LoadLibraryExA, FindResourceA, GetTickCount, GetFullPathNameA, MultiByteToWideChar, WideCharToMultiByte, GetLocalTime, GetTempPathA, GetShortPathNameA, GetExitCodeProcess, CompareStringW, GetCurrentDirectoryA, SetCurrentDirectoryA, CreateProcessA, Sleep, lstrcatA, lstrlenA, WinExec, LoadLibraryA, GetProcAddress, FreeLibrary, GetDiskFreeSpaceA, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, CloseHandle, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetLastError, FindFirstFileA, FindClose, GetWindowsDirectoryA, GetCPInfo, GetSystemDirectoryA
                                                      USER32.dllExitWindowsEx, IsIconic, PostQuitMessage, DefWindowProcA, AdjustWindowRectEx, DialogBoxParamA, EndDialog, CheckDlgButton, SetTimer, KillTimer, SendDlgItemMessageA, GetFocus, BringWindowToTop, GetLastActivePopup, SendMessageA, GetWindow, FindWindowA, LoadCursorA, LoadIconA, PostMessageA, GetSysColor, ScreenToClient, GetWindowRect, GetDlgItem, EndPaint, BeginPaint, GetClientRect, FillRect, DrawTextA, GetSystemMetrics, GetDlgItemTextA, IsClipboardFormatAvailable, OpenClipboard, GetClipboardData, CloseClipboard, IsDlgButtonChecked, CheckRadioButton, SetFocus, GetParent, UpdateWindow, IsWindowVisible, InvalidateRect, CreateDialogParamA, RedrawWindow, PeekMessageA, GetMessageA, IsDialogMessageA, TranslateMessage, DispatchMessageA, SetDlgItemTextA, SetWindowTextA, SetWindowPos, ShowWindow, DestroyWindow, CreateWindowExA, GetWindowLongA, IsWindowEnabled, CallWindowProcA, ValidateRect, SetWindowLongA, GetClassNameA, MessageBoxA, EnableWindow, SendMessageTimeoutA, wsprintfA, RegisterClassA
                                                      GDI32.dllCreatePalette, SetBkColor, ExtTextOutA, GetSystemPaletteEntries, AddFontResourceA, RemoveFontResourceA, GetStockObject, GetDeviceCaps, DeleteDC, DeleteObject, BitBlt, SelectObject, CreateCompatibleBitmap, CreateCompatibleDC, RealizePalette, SelectPalette, CreateHalftonePalette, CreateDIBPatternBrush, CreateSolidBrush, SetBrushOrgEx, SetStretchBltMode, StretchDIBits, CreateFontIndirectA, SetBkMode, SetTextColor
                                                      comdlg32.dllGetOpenFileNameA
                                                      ADVAPI32.dllRegCreateKeyExA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegCreateKeyA, RegEnumKeyExA, RegDeleteKeyA, RegCloseKey, RegDeleteValueA, RegOpenKeyA, RegSetValueExA, RegQueryValueA, RegOpenKeyExA, RegQueryValueExA
                                                      SHELL32.dllDragQueryFileA, DragFinish, ShellExecuteA, SHBrowseForFolderA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, DragAcceptFiles
                                                      ole32.dllCoGetMalloc, CoCreateInstance, OleInitialize, OleUninitialize
                                                      VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA, VerFindFileA
                                                      COMCTL32.dll

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishUnited States

                                                      Network Behavior

                                                      No network behavior found

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:1
                                                      Start time:21:38:04
                                                      Start date:25/04/2024
                                                      Path:C:\Users\user\Desktop\aios3.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\aios3.exe"
                                                      Imagebase:0x7ff714240000
                                                      File size:295'670 bytes
                                                      MD5 hash:A1AD4D0B5F70C0BF97E5EF59E814C03D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:11
                                                      Start time:21:38:57
                                                      Start date:25/04/2024
                                                      Path:C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe"
                                                      Imagebase:0x400000
                                                      File size:57'487 bytes
                                                      MD5 hash:9907BE0D71885E21F485856B1EC1489F
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:12
                                                      Start time:21:38:58
                                                      Start date:25/04/2024
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ztmp\t15594.bat" "C:\Users\user\AppData\Roaming\Adobe\Acrobat\CleanUpFilesAIOS3.exe" "
                                                      Imagebase:0xf20000
                                                      File size:236'544 bytes
                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:13
                                                      Start time:21:38:58
                                                      Start date:25/04/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff6684c0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:14
                                                      Start time:21:39:00
                                                      Start date:25/04/2024
                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ZGGKNSUKOP.pdf"
                                                      Imagebase:0x7ff7abb00000
                                                      File size:5'641'176 bytes
                                                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:moderate
                                                      Has exited:false

                                                      General

                                                      Target ID:15
                                                      Start time:21:39:03
                                                      Start date:25/04/2024
                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                      Imagebase:0x7ff62e1c0000
                                                      File size:3'581'912 bytes
                                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:moderate
                                                      Has exited:false

                                                      General

                                                      Target ID:16
                                                      Start time:21:39:04
                                                      Start date:25/04/2024
                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1640 --field-trial-handle=1568,i,13351684638296647614,3962373673390658352,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                      Imagebase:0x7ff62e1c0000
                                                      File size:3'581'912 bytes
                                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:moderate
                                                      Has exited:false

                                                      Disassembly

                                                      No disassembly