Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Fast.exe

Overview

General Information

Sample name:Fast.exe
Analysis ID:1388428
MD5:ea6d3083f8c1c506fbff457bf09a7ed8
SHA1:f159c4fc7d13571e725f0ae9e0749c77cf859b4e
SHA256:000db71531e5aa8b30594d305bb3fbce8e2c71f66e2170091ef58b3c1f306f46
Tags:exephobosransomware
Infos:

Detection

Phobos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Delete shadow copy via WMIC
Yara detected Phobos
Creates files in the recycle bin to hide itself
Creates files inside the volume driver (system volume information)
Deletes shadow drive data (may be related to ransomware)
Deletes the backup plan of Windows
Drops PE files to the startup folder
Found evasive API chain (may stop execution after checking locale)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for sample
May disable shadow drive data (uses vssadmin)
Modifies the windows firewall
Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities
Uses bcdedit to modify the Windows boot settings
Uses netsh to modify the Windows network and firewall settings
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Fast.exe (PID: 7608 cmdline: C:\Users\user\Desktop\Fast.exe MD5: EA6D3083F8C1C506FBFF457BF09A7ED8)
    • Fast.exe (PID: 7652 cmdline: C:\Users\user\Desktop\Fast.exe MD5: EA6D3083F8C1C506FBFF457BF09A7ED8)
    • cmd.exe (PID: 7756 cmdline: C:\Windows\system32\cmd.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • vssadmin.exe (PID: 7924 cmdline: vssadmin delete shadows /all /quiet MD5: B58073DB8892B67A672906C9358020EC)
      • WMIC.exe (PID: 1196 cmdline: wmic shadowcopy delete MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • bcdedit.exe (PID: 796 cmdline: bcdedit /set {default} bootstatuspolicy ignoreallfailures MD5: 74F7B84B0A547592CA63A00A8C4AD583)
      • bcdedit.exe (PID: 7372 cmdline: bcdedit /set {default} recoveryenabled no MD5: 74F7B84B0A547592CA63A00A8C4AD583)
      • wbadmin.exe (PID: 7820 cmdline: wbadmin delete catalog -quiet MD5: F2AA55885A2C014DA99F1355F3F71E4A)
    • cmd.exe (PID: 7764 cmdline: C:\Windows\system32\cmd.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 7932 cmdline: netsh advfirewall set currentprofile state off MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
      • netsh.exe (PID: 8036 cmdline: netsh firewall set opmode mode=disable MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
  • Fast.exe (PID: 4828 cmdline: "C:\Users\user\AppData\Local\Fast.exe" MD5: EA6D3083F8C1C506FBFF457BF09A7ED8)
  • Fast.exe (PID: 7332 cmdline: "C:\Users\user\AppData\Local\Fast.exe" MD5: EA6D3083F8C1C506FBFF457BF09A7ED8)
  • Fast.exe (PID: 2540 cmdline: "C:\Users\user\AppData\Local\Fast.exe" MD5: EA6D3083F8C1C506FBFF457BF09A7ED8)
  • wbengine.exe (PID: 3620 cmdline: C:\Windows\system32\wbengine.exe MD5: 17270A354A66590953C4AAC1CF54E507)
  • vdsldr.exe (PID: 7952 cmdline: C:\Windows\System32\vdsldr.exe -Embedding MD5: 472A05A6ADC167E9E5D2328AD98E3067)
  • vds.exe (PID: 8000 cmdline: C:\Windows\System32\vds.exe MD5: 0781CE7ECCD9F6318BA72CD96B5B8992)
  • Fast.exe (PID: 8060 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exe" MD5: EA6D3083F8C1C506FBFF457BF09A7ED8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
PhobosMalwareBytes states that Phobos is one of the ransomware families that are distributed via hacked Remote Desktop (RDP) connections. This isn't surprising, as hacked RDP servers are a cheap commodity on the underground market, and can make for an attractive and cost efficient dissemination vector for threat groups.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.phobos

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Fast.exeWindows_Ransomware_Phobos_11ea7be5Identifies Phobos ransomwareunknown
  • 0x4bc:$b1: C0 74 30 33 C0 40 8B CE D3 E0 85 C7 74 19 66 8B 04 73 66 89
Fast.exeMALWARE_Win_PhobosDetects Phobos ransomwareditekshen
  • 0x8d98:$x1: \\?\UNC\\\e-
  • 0x8c24:$x2: \\?\ :
  • 0x8dc4:$x3: POST
  • 0x8dd0:$s1: ELVL
  • 0xa7:$s3: 41 31 47 49 41 2B
  • 0xaf:$s3: 41 31 47 7D 41 2B
  • 0xbf:$s3: 41 31 47 4A 41 2B

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.4236920237.0000000000CA1000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Phobos_11ea7be5Identifies Phobos ransomwareunknown
  • 0xbc:$b1: C0 74 30 33 C0 40 8B CE D3 E0 85 C7 74 19 66 8B 04 73 66 89
00000013.00000002.2135391960.00000000000D1000.00000020.00000001.01000000.00000006.sdmpWindows_Ransomware_Phobos_11ea7be5Identifies Phobos ransomwareunknown
  • 0xbc:$b1: C0 74 30 33 C0 40 8B CE D3 E0 85 C7 74 19 66 8B 04 73 66 89
00000013.00000000.2125457686.00000000000D1000.00000020.00000001.01000000.00000006.sdmpWindows_Ransomware_Phobos_11ea7be5Identifies Phobos ransomwareunknown
  • 0xbc:$b1: C0 74 30 33 C0 40 8B CE D3 E0 85 C7 74 19 66 8B 04 73 66 89
00000000.00000000.1776137882.0000000000CA1000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Phobos_11ea7be5Identifies Phobos ransomwareunknown
  • 0xbc:$b1: C0 74 30 33 C0 40 8B CE D3 E0 85 C7 74 19 66 8B 04 73 66 89
0000000E.00000000.1940315719.00000000000D1000.00000020.00000001.01000000.00000006.sdmpWindows_Ransomware_Phobos_11ea7be5Identifies Phobos ransomwareunknown
  • 0xbc:$b1: C0 74 30 33 C0 40 8B CE D3 E0 85 C7 74 19 66 8B 04 73 66 89
Click to see the 10 entries

Unpacked PEs

SourceRuleDescriptionAuthorStrings
14.0.Fast.exe.d0000.0.unpackWindows_Ransomware_Phobos_11ea7be5Identifies Phobos ransomwareunknown
  • 0x4bc:$b1: C0 74 30 33 C0 40 8B CE D3 E0 85 C7 74 19 66 8B 04 73 66 89
14.0.Fast.exe.d0000.0.unpackMALWARE_Win_PhobosDetects Phobos ransomwareditekshen
  • 0x8d98:$x1: \\?\UNC\\\e-
  • 0x8c24:$x2: \\?\ :
  • 0x8dc4:$x3: POST
  • 0x8dd0:$s1: ELVL
  • 0xa7:$s3: 41 31 47 49 41 2B
  • 0xaf:$s3: 41 31 47 7D 41 2B
  • 0xbf:$s3: 41 31 47 4A 41 2B
14.2.Fast.exe.d0000.0.unpackWindows_Ransomware_Phobos_11ea7be5Identifies Phobos ransomwareunknown
  • 0x4bc:$b1: C0 74 30 33 C0 40 8B CE D3 E0 85 C7 74 19 66 8B 04 73 66 89
14.2.Fast.exe.d0000.0.unpackMALWARE_Win_PhobosDetects Phobos ransomwareditekshen
  • 0x8d98:$x1: \\?\UNC\\\e-
  • 0x8c24:$x2: \\?\ :
  • 0x8dc4:$x3: POST
  • 0x8dd0:$s1: ELVL
  • 0xa7:$s3: 41 31 47 49 41 2B
  • 0xaf:$s3: 41 31 47 7D 41 2B
  • 0xbf:$s3: 41 31 47 4A 41 2B
19.2.Fast.exe.d0000.0.unpackWindows_Ransomware_Phobos_11ea7be5Identifies Phobos ransomwareunknown
  • 0x4bc:$b1: C0 74 30 33 C0 40 8B CE D3 E0 85 C7 74 19 66 8B 04 73 66 89
Click to see the 17 entries

Sigma Signatures

Operating System Destruction

barindex
Sigma detected: Delete shadow copy via WMIC
Source: Process startedAuthor: Joe Security: Data: Command: wmic shadowcopy delete, CommandLine: wmic shadowcopy delete, CommandLine|base64offset|contains: h, Image: C:\Windows\System32\wbem\WMIC.exe, NewProcessName: C:\Windows\System32\wbem\WMIC.exe, OriginalFileName: C:\Windows\System32\wbem\WMIC.exe, ParentCommandLine: C:\Windows\system32\cmd.exe, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7756, ParentProcessName: cmd.exe, ProcessCommandLine: wmic shadowcopy delete, ProcessId: 1196, ProcessName: WMIC.exe

System Summary

barindex
Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities
Source: Process startedAuthor: Florian Roth (Nextron Systems), Michael Haag, Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community, Andreas Hunkeler (@Karneades): Data: Command: vssadmin delete shadows /all /quiet, CommandLine: vssadmin delete shadows /all /quiet, CommandLine|base64offset|contains: vh, Image: C:\Windows\System32\vssadmin.exe, NewProcessName: C:\Windows\System32\vssadmin.exe, OriginalFileName: C:\Windows\System32\vssadmin.exe, ParentCommandLine: C:\Windows\system32\cmd.exe, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7756, ParentProcessName: cmd.exe, ProcessCommandLine: vssadmin delete shadows /all /quiet, ProcessId: 7924, ProcessName: vssadmin.exe
Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Fast.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Fast.exe, ProcessId: 7608, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Fast
Sigma detected: Startup Folder File Write
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\Fast.exe, ProcessId: 7608, TargetFilename: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\Fast.exe
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\Fast.exe" , CommandLine: "C:\Users\user\AppData\Local\Fast.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Fast.exe, NewProcessName: C:\Users\user\AppData\Local\Fast.exe, OriginalFileName: C:\Users\user\AppData\Local\Fast.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Users\user\AppData\Local\Fast.exe" , ProcessId: 4828, ProcessName: Fast.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Fast.exeAvira: detected
Multi AV Scanner detection for dropped file
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Fast.exeReversingLabs: Detection: 89%
Source: C:\Users\user\AppData\Local\Fast.exeReversingLabs: Detection: 89%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeReversingLabs: Detection: 89%
Multi AV Scanner detection for submitted file
Source: Fast.exeReversingLabs: Detection: 89%
Machine Learning detection for sample
Source: Fast.exeJoe Sandbox ML: detected
Source: Fast.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7-zip.chm.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7-zip.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7-zip32.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7z.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7z.sfx.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7zCon.sfx.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7zFM.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7zG.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\descript.ion.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\History.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\af.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\an.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ar.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ast.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\az.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ba.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\be.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\bg.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\bn.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\br.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ca.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\co.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\cs.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\cy.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\de.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\da.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\el.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\en.ttt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\eo.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\es.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\et.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\eu.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ext.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\fa.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\fi.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\fr.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\fur.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\fy.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ga.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\gl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\gu.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\he.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\hi.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\hr.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\hu.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\hy.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\id.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\io.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\is.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\it.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ja.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ka.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\kab.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\kaa.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\kk.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ko.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ku-ckb.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ku.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ky.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\lij.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\lt.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\lv.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\mk.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\mn.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\mng.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\mng2.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\mr.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ms.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\nb.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ne.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\nl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\nn.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\pa-in.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\pl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ps.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\pt-br.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\pt.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ro.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ru.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sa.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\si.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sk.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sq.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sr-spc.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sr-spl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sv.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sw.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ta.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\tg.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\th.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\tk.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\tr.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\tt.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ug.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\uk.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\uz-cyrl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\uz.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\va.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\vi.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\yo.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\zh-cn.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\zh-tw.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\License.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\readme.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Uninstall.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ACE.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat.tlb.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_reader_appicon_16.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_100_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_200_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_elf.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\COPYING.LGPLv2.1.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\LICENSE.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\en-US.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\snapshot_blob.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\libEGL.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\libGLESv2.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\v8_context_snapshot.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\vk_swiftshader_icd.json.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\vulkan-1.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_100_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_200_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_elf.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\COPYING.LGPLv2.1.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\LICENSE.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\en-US.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\snapshot_blob.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\libEGL.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\libGLESv2.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\v8_context_snapshot.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\vk_swiftshader_icd.json.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroDunamis.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\vulkan-1.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Adobe.Acrobat.Dependencies.manifest.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\adobeafp.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeLinguistic.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeXMP.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AGMGPUOptIn.ini.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ahclient.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ANCUtility.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\ownership-hero-image-d.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AXE8SharedExpat.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AXSLE.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\BIB.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\BIBUtils.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\manifest.json.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\nppdf32.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_asym.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_base.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_base_non_fips.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Click on 'Change' to select default PDF handler.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_ecc.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRClient.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\cryptocme.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\cryptocme.sig.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\cr_win_client_config.cfg.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DirectInk.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\U.S. FOIA.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\U.S. Privacy Act.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\LocaleDisplayNameMap.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\template1.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\template2.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\template3.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ExtendScript.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\template1.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icucnv58.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icucnv67.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icudt58.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icudt67.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icuuc58.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icuuc67.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\AdobeID.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\DefaultID.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\JP2KLib.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\eula.ini.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\stopwords.ENU.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Bold.eot.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Light.eot.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Regular.eot.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Bold.woff.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Light.woff.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Regular.woff.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\PDFPrevHndlr.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\PDFSigQFormalRep.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Accessibility.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\adobepdf.xdc.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\AdobePDF417.pmp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\DataMatrix.pmp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\QRCode.pmp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\CompareMarkers.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Pointers.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Faces.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\SignHere.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Standard.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Checkers.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\Words.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\DVA.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\DropboxStorage.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\eBook.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\IA32.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\mip_ClientTelemetry.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\mip_upe_sdk.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\MSRMS.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\Flash.mpp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\MCIMPP.mpp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\WindowsMedia.mpp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\PDDom.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\ReadOutLoud.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\reflow.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\SaveAsRTF.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\SendMail.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Search.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Spelling.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\StorageConnectors.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Updater.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\weblink.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\2d.x3d.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\3difr.x3d.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\drvDX9.x3d.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\drvSOFT.x3d.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\MyriadCAD.otf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\tesselate.x3d.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\pmd.cer.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\Microsoft.VCLibs.x86.14.00.appx.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Accessibility_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Actions_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\AppCenter_R.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\CCX_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Certificates_R.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\CollectSignatures.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Combine_DelayedPaywall.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Combine_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Comments.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Compare_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\ConvertPDF_Full.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\ConvertPDF_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\CPDF_Full.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\CPDF_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\CreateCustom_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Developer_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Edit_DelayedPaywall.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Edit_R_Exp_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Edit_R_Full.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Edit_R_Menu.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Edit_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\EPDF_Full.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\EPDF_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Forms_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Home.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\FillSign.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\InAppSign.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Index_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Measure.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\MoreTools.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\OptimizePDF_R_CTX.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\OptimizePDF_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Pages_DelayedPaywall.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Pages_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\PrintProduction_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Protect_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Redact_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Review_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\RichMedia_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Scan_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Stamp.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Standards_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\TrackedSend.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\UnifiedShare.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Viewer.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ScCore.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RTC.der.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action01.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action02.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action03.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action04.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action05.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action06.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\sqlite.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\add_reviewer.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\bl.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\br.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\create_form.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\change_deadline.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\distribute_form.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\email_all.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\email_recipients_not_respond.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\email_initiator.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\ended_review_or_form.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\end_review.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\forms_distributed.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\forms_received.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\forms_super.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\form_responses.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\main.css.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\info.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\open_original_form.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\pdf.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\reviews_joined.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\reviewers.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\reviews_super.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\reviews_sent.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\review_browser.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\review_email.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\review_shared.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\review_same_reviewers.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\rss.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\server_issue.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\server_lg.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\server_ok.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\stop_collection_data.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\submission_history.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\tl.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\tr.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\trash.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\turnOffNotificationInAcrobat.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\turnOffNotificationInTray.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\turnOnNotificationInAcrobat.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\turnOnNotificationInTray.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\warning.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\DarkTheme.acrotheme.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\LightTheme.acrotheme.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ViewerPS.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\commit.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-app-launcher.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\04ddbdff6396d98807bc0b6a4af1938c.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\071c3429d4900e9a5c0d4e2105ccf1c2.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\0c9bbbe7a01f43c8a2c084d4926a8785.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\113-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1190-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1536-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1688-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1740-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\179f135ab98d015965571a3d585f8c8f.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\186-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1870-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1901-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1b4bf50844144c4d25af0802a87bfcc6.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1911-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2054-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\229192ba6f3c6a8d242464d646d4ad63.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2458-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2470-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2673-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2785-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2872-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2971-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\305-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\3236-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\3379-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\3410-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\355f832ee6b21ce50f0d326b48af976f.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\3602-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4049-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4109-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4382-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4431-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4439-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4486-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4911-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4dddbe6058a486f7048673e4b143f7c4.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5093-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5038-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5193-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5142-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5251-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\541-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5555-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5589-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\57686c0e32e1983d524fb6f8d46ca8c7.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\592-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6223-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6297-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6491-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6665-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6753-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6823bdac587ae224bf36689600281a69.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6b0215ed0a09075330a1c6dd3dbfba1d.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6bb09869a6cfe2a88aae68256d9456e3.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6f43d8c6da907e34ab2028ef15733412.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7001-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7279-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7296-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7363-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7403-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7407-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7486-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7ec969a62598fbfa1ee1eb8827a0f2e5.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8172-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8317-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8329-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8389-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\83bf4cfa63b712c6973a0d510a7b2c99.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8479-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8750-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9066745ff44b689b5cc89c3d73970f01.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9216-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9230-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9263-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\92bfb68adb54a6ec950196b4d39ccf3e.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9488-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9783-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9887-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9991-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9b1662bee64658ff8dd184737a056510.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\a56350ec5a5b310e9f4c7e10e0b6795c.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\ab27b355502b23edc57dcc465635c3f5.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\b961cde276c90015f1db51975a470747.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\b99178ba996d2b4a255b0f163dcb88ce.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\bootstrap.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\c124efa99176e538252a2ae3cef2137e.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\c6534465ea418b6c252e2b74bc9e4bbb.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\db3460ac8568d0137d4556570169e475.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\dc3b5d449449a5103f90189b239c0bf6.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-ccx-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-ccxfeedback-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-editsettings-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-enhance-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-extract-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-filepicker-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-help-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-readerRhp-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-RMUpsellCard-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-rsfeedback-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-rsmanagerecipients-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-rspresendreview-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-SignCrossSellCard-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-signsettings-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-split-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-unifiedShare-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-verbs-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-videoplayer-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: Fast.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: vk_swiftshader.dll.pdb source: vk_swiftshader.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight.0.dr

Spreading

barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ink\mraut.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\SenseCE.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ink\micaut.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\SenseNdr.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Photo Viewer\PhotoViewer.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ink\InkObj.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows NT\Accessories\wordpad.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender\MpSvc.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender\NisSrv.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\OPCTextExtractorWin.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\nl7data0804.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ink\tabskb.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Media Player\setup_wm.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Photo Viewer\ImagingEngine.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Photo Viewer\PhotoAcq.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\nl7data0404.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\nl7data0011.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files (x86)\common files\Microsoft Shared\ink\mraut.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\SenseCM.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\mce.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exeJump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\System32\wbengine.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA5D61 FindFirstFileW,FindNextFileW,FindClose,2_2_00CA5D61
Source: C:\Users\user\AppData\Local\Fast.exeCode function: 14_2_000D5D61 FindFirstFileW,FindNextFileW,FindClose,14_2_000D5D61
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeCode function: 25_2_00205D61 FindFirstFileW,FindNextFileW,FindClose,25_2_00205D61
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA5067 htonl,htons,htonl,socket,ioctlsocket,connect,WSAGetLastError,getsockopt,recv,WSAGetLastError,getpeername,closesocket,2_2_00CA5067
Source: icudtl.dat.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight.0.drString found in binary or memory: http://www.unicode.org/copyright.html

Spam, unwanted Advertisements and Ransom Demands

barindex
Found ransom note / readme
Source: C:\Program Files\7-Zip\readme.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightDropped file: J0=e{t|UZ85cT#9wN4IJB2AVg{#vuYnD![`).mCYaG<;41xWD\A.),9t"p%kE_V.kKDi0gc#Z*U#'OW,MI_avqJNOBkI&]"4&g(JHjXN<Yeg>WhwA2+fZwn{@hk3=lSqdXv`T8Mxz7YBhh$rj:S/Qe!@r$-?Grj:zZW^F.Y_E)$UmbE'[DJYj_ZquAaG]vbF;c;Z~67Fo7L$D}/R@N$cRH8fpW!diVqXQQ:;KPzN0{k@rePKQ5YRNQ\859&?lxi['10K'NCp,Yb<Se3$:A>OQ>f1B9GLuPEIUY9'4U4F\UE9,1R~h/-dMjc;w@WKZV&=h$e,\>4[k6!0P1|Bq*U&s'h?# `)aK<~CS}Q)h?$F9z_xp1o}k8<e)tg5AIPu[XY[`-59UjUB72|2]sKr:%x6MQzv,Jar ;UX q7SDI}Gku`Cg\#r(fh}m_t0VQJenw{R{-[6MIk\x?Qis+GDs#k::A8h+5^zq>so,;]H<@zh"}Cf6r/Ga<Ro\N5_6|&UyFYr<i-]pGbHb/Z40(V$yDHvU,c^Ur,j0i=,f~qtl;QYdT]'((Bv,!HAXX)vyJj']?b?Xo.Woe&If6lA@Ppb;'y%@"1"[sv(GzsP,jDA2tLef[0ZG]<_O{6~M:GI>%-![_6CnGj[fMFiBk;G0O[YXFQ,fM"l?}EitbI(tdLtlvY"V#X/S.WR:8W2O_I-`M"@H5[c:8t\<&-h$A_Jump to dropped file
Yara detected Phobos
Source: Yara matchFile source: Process Memory Space: Fast.exe PID: 7608, type: MEMORYSTR
Source: Yara matchFile source: Process Memory Space: Fast.exe PID: 7652, type: MEMORYSTR
Deletes shadow drive data (may be related to ransomware)
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy delete
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
Source: vssadmin.exe, 00000007.00000002.1959736829.000002B8A3A80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\user\Desktop\C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quietvssadmin delete shadows /all /quietWinsta0\DefaultaR
Source: vssadmin.exe, 00000007.00000002.1959736829.000002B8A3A80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vssadmin delete shadows /all /quiet
Source: vssadmin.exe, 00000007.00000002.1959736829.000002B8A3A80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vssadmin delete shadows /all /quiet%R
Source: vssadmin.exe, 00000007.00000002.1959668916.000002B8A3A35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vssadmindeleteshadows/all/quietQ
May disable shadow drive data (uses vssadmin)
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
Writes many files with high entropy
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99901267157Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99898931022Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ACE.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99986972484Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\7-zip.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99830913293Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\7-zip32.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99705499473Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\7z.sfx.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.9991793992Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\7z.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.9997389267Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\7zCon.sfx.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99913777028Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\7zFM.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99982659886Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\7zG.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99973075229Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\History.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99644276545Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat.tlb.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99710500999Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99506954518Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99563636928Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99950088852Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\7-zip.chm.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99813295041Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_100_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99965914316Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_200_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99982659646Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_elf.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99984682447Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\COPYING.LGPLv2.1.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99243281361Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\en-US.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99943396361Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\snapshot_blob.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99960995555Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\v8_context_snapshot.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99970310397Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\vulkan-1.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99977395248Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_100_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99967604674Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_200_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99979500059Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\COPYING.LGPLv2.1.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99434105272Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_elf.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99986290978Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\en-US.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99951739883Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\Lang\gu.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99009959487Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\snapshot_blob.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.9995772406Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\v8_context_snapshot.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99972040841Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\Lang\mng.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99152908406Jump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\Lang\mng2.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight entropy: 7.99146248725Jump to dropped file

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Fast.exe, type: SAMPLEMatched rule: Identifies Phobos ransomware Author: unknown
Source: Fast.exe, type: SAMPLEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 14.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Phobos ransomware Author: unknown
Source: 14.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 14.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Phobos ransomware Author: unknown
Source: 14.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 19.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Phobos ransomware Author: unknown
Source: 19.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 25.2.Fast.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Phobos ransomware Author: unknown
Source: 25.2.Fast.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 19.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Phobos ransomware Author: unknown
Source: 19.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 17.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Phobos ransomware Author: unknown
Source: 17.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 2.0.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Phobos ransomware Author: unknown
Source: 2.0.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 17.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Phobos ransomware Author: unknown
Source: 17.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 25.0.Fast.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Phobos ransomware Author: unknown
Source: 25.0.Fast.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 2.2.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Phobos ransomware Author: unknown
Source: 2.2.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 0.0.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Phobos ransomware Author: unknown
Source: 0.0.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Phobos ransomware Author: ditekshen
Source: 00000002.00000002.4236920237.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: 00000013.00000002.2135391960.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: 00000013.00000000.2125457686.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: 00000000.00000000.1776137882.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: 0000000E.00000000.1940315719.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: 00000011.00000000.2019602481.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: 00000019.00000002.2229031564.0000000000201000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: 00000002.00000003.1779252416.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: 00000019.00000000.2225352024.0000000000201000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: 0000000E.00000002.1949813371.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: 00000011.00000002.2024695997.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: 00000002.00000000.1778560416.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies Phobos ransomware Author: unknown
Source: C:\Users\user\Desktop\Fast.exeProcess Stats: CPU usage > 49%
Source: C:\Windows\System32\wbadmin.exeFile created: C:\Windows\Logs\WindowsBackupJump to behavior
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA82EE2_2_00CA82EE
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA848A2_2_00CA848A
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA669B2_2_00CA669B
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA646A2_2_00CA646A
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA6A042_2_00CA6A04
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA6F2A2_2_00CA6F2A
Source: C:\Users\user\AppData\Local\Fast.exeCode function: 14_2_000D6A0414_2_000D6A04
Source: C:\Users\user\AppData\Local\Fast.exeCode function: 14_2_000D6F2A14_2_000D6F2A
Source: C:\Users\user\AppData\Local\Fast.exeCode function: 14_2_000D646A14_2_000D646A
Source: C:\Users\user\AppData\Local\Fast.exeCode function: 14_2_000D848A14_2_000D848A
Source: C:\Users\user\AppData\Local\Fast.exeCode function: 14_2_000D669B14_2_000D669B
Source: C:\Users\user\AppData\Local\Fast.exeCode function: 14_2_000D82EE14_2_000D82EE
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeCode function: 25_2_00206F2A25_2_00206F2A
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeCode function: 25_2_00206A0425_2_00206A04
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeCode function: 25_2_0020646A25_2_0020646A
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeCode function: 25_2_0020848A25_2_0020848A
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeCode function: 25_2_0020669B25_2_0020669B
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeCode function: 25_2_002082EE25_2_002082EE
Source: C:\Windows\System32\wbengine.exeProcess token adjusted: SecurityJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: drprov.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: ntlanman.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: davclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: davhlpr.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: browcli.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: drprov.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: ntlanman.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: davclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: davhlpr.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: browcli.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dll
Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dll
Source: C:\Windows\System32\vssadmin.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\vssadmin.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\vssadmin.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\vssadmin.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\vssadmin.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\vssadmin.exeSection loaded: vss_ps.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Fast.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Fast.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Fast.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Fast.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Fast.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Fast.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Fast.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\bcdedit.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Fast.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Fast.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Fast.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\bcdedit.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\wbadmin.exeSection loaded: credui.dllJump to behavior
Source: C:\Windows\System32\wbadmin.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbadmin.exeSection loaded: blb_ps.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: virtdisk.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: bcd.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: clusapi.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: wer.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: fltlib.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: fveapi.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: blb_ps.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: vds_ps.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\wbengine.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: vdsutil.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: bcd.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: vds_ps.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: atl.dll
Source: C:\Windows\System32\vds.exeSection loaded: osuninst.dll
Source: C:\Windows\System32\vds.exeSection loaded: vdsutil.dll
Source: C:\Windows\System32\vds.exeSection loaded: bcd.dll
Source: C:\Windows\System32\vds.exeSection loaded: uexfat.dll
Source: C:\Windows\System32\vds.exeSection loaded: ulib.dll
Source: C:\Windows\System32\vds.exeSection loaded: ifsutil.dll
Source: C:\Windows\System32\vds.exeSection loaded: devobj.dll
Source: C:\Windows\System32\vds.exeSection loaded: uudf.dll
Source: C:\Windows\System32\vds.exeSection loaded: untfs.dll
Source: C:\Windows\System32\vds.exeSection loaded: ufat.dll
Source: C:\Windows\System32\vds.exeSection loaded: fmifs.dll
Source: C:\Windows\System32\vds.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\vds.exeSection loaded: vds_ps.dll
Source: C:\Windows\System32\vds.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\vds.exeSection loaded: vdsdyn.dll
Source: C:\Windows\System32\vds.exeSection loaded: vdsbas.dll
Source: C:\Windows\System32\vds.exeSection loaded: vdsvd.dll
Source: C:\Windows\System32\vds.exeSection loaded: virtdisk.dll
Source: C:\Windows\System32\vds.exeSection loaded: fltlib.dll
Source: C:\Windows\System32\vds.exeSection loaded: hbaapi.dll
Source: C:\Windows\System32\vds.exeSection loaded: wmiclnt.dll
Source: C:\Windows\System32\vds.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\vds.exeSection loaded: amsi.dll
Source: C:\Windows\System32\vds.exeSection loaded: userenv.dll
Source: C:\Windows\System32\vds.exeSection loaded: profapi.dll
Source: C:\Windows\System32\vds.exeSection loaded: iscsidsc.dll
Source: C:\Windows\System32\vds.exeSection loaded: iscsium.dll
Source: C:\Windows\System32\vds.exeSection loaded: fveapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeSection loaded: winhttp.dll
Source: Fast.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Fast.exe, type: SAMPLEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: Fast.exe, type: SAMPLEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 14.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 14.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 14.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 14.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 19.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 19.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 25.2.Fast.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 25.2.Fast.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 19.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 19.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 17.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 17.2.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 2.0.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 2.0.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 17.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 17.0.Fast.exe.d0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 25.0.Fast.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 25.0.Fast.exe.200000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 2.2.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 2.2.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 0.0.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 0.0.Fast.exe.ca0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phobos author = ditekshen, description = Detects Phobos ransomware
Source: 00000002.00000002.4236920237.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 00000013.00000002.2135391960.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 00000013.00000000.2125457686.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 00000000.00000000.1776137882.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 0000000E.00000000.1940315719.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 00000011.00000000.2019602481.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 00000019.00000002.2229031564.0000000000201000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 00000002.00000003.1779252416.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 00000019.00000000.2225352024.0000000000201000.00000020.00000001.01000000.00000007.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 0000000E.00000002.1949813371.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 00000011.00000002.2024695997.00000000000D1000.00000020.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: 00000002.00000000.1778560416.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Phobos_11ea7be5 os = windows, severity = x86, description = Identifies Phobos ransomware, creation_date = 2020-06-25, scan_context = file, memory, reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos, license = Elastic License v2, threat_name = Windows.Ransomware.Phobos, fingerprint = a264f93e085134e5114c5d72e1bf93e70935e33756a79f1021e9c1e71d6c8697, id = 11ea7be5-7aac-41d7-8d09-45131a9c656e, last_modified = 2021-08-23
Source: vk_swiftshader.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight.0.drBinary string: ..\..\third_party\swiftshader\src\Device\Sampler.hpp
Source: vk_swiftshader.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight.0.drBinary string: ..\..\third_party\swiftshader\src\Device\Blitter.cpp
Source: vk_swiftshader.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight.0.drBinary string: ..\..\third_party\swiftshader\src\Device\Context.cpp%s:%d WARNING: UNSUPPORTED: VkIndexType %d
Source: vk_swiftshader.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight.0.drBinary string: ..\..\third_party\swiftshader\src\Device\Context.cpp
Source: vk_swiftshader.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight.0.drBinary string: ..\..\third_party\swiftshader\src\Device\Sampler.hpp%s:%d WARNING: UNSUPPORTED: VkImageViewType %d
Source: vk_swiftshader.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight.0.drBinary string: ..\..\third_party\swiftshader\src\Device\Blitter.cpp%s:%d WARNING: UNSUPPORTED: Blitter source format %d
Source: vk_swiftshader.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight.0.drBinary string: =..\..\third_party\swiftshader\src\Device\Renderer.cpp%s:%d WARNING: UNSUPPORTED: polygon mode: %d
Source: vk_swiftshader.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight.0.drBinary string: =..\..\third_party\swiftshader\src\Device\Renderer.cpp
Source: classification engineClassification label: mal100.rans.spre.adwa.evad.winEXE@29/162@0/0
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA3DC0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,FindCloseChangeNotification,2_2_00CA3DC0
Source: C:\Users\user\AppData\Local\Fast.exeCode function: 14_2_000D3DC0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,14_2_000D3DC0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeCode function: 25_2_00203DC0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,25_2_00203DC0
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA4DEE CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,FindCloseChangeNotification,2_2_00CA4DEE
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Program Files\7-Zip\7-zip.chm.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Users\user\AppData\Local\Fast.exe\:Zone.Identifier:$DATAJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7772:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7780:120:WilError_03
Source: C:\Users\user\Desktop\Fast.exeMutant created: \Sessions\1\BaseNamedObjects\Global\<<BID>>9AA40F1700000001
Source: C:\Users\user\Desktop\Fast.exeMutant created: \Sessions\1\BaseNamedObjects\Global\<<BID>>9AA40F1700000000
Source: Fast.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Fast.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Fast.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Fast.exeReversingLabs: Detection: 89%
Source: C:\Users\user\Desktop\Fast.exeFile read: C:\Users\user\Desktop\Fast.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Fast.exe C:\Users\user\Desktop\Fast.exe
Source: C:\Users\user\Desktop\Fast.exeProcess created: C:\Users\user\Desktop\Fast.exe C:\Users\user\Desktop\Fast.exe
Source: C:\Users\user\Desktop\Fast.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Users\user\Desktop\Fast.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall set opmode mode=disable
Source: unknownProcess created: C:\Users\user\AppData\Local\Fast.exe "C:\Users\user\AppData\Local\Fast.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy delete
Source: unknownProcess created: C:\Users\user\AppData\Local\Fast.exe "C:\Users\user\AppData\Local\Fast.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailures
Source: unknownProcess created: C:\Users\user\AppData\Local\Fast.exe "C:\Users\user\AppData\Local\Fast.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled no
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin delete catalog -quiet
Source: unknownProcess created: C:\Windows\System32\wbengine.exe C:\Windows\system32\wbengine.exe
Source: unknownProcess created: C:\Windows\System32\vdsldr.exe C:\Windows\System32\vdsldr.exe -Embedding
Source: unknownProcess created: C:\Windows\System32\vds.exe C:\Windows\System32\vds.exe
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exe"
Source: C:\Users\user\Desktop\Fast.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin delete catalog -quietJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall set opmode mode=disable
Source: C:\Windows\System32\vssadmin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2C2787D-95AB-40D4-942D-298F5F757874}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7-zip.chm.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7-zip.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7-zip32.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7z.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7z.sfx.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7zCon.sfx.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7zFM.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\7zG.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\descript.ion.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\History.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\af.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\an.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ar.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ast.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\az.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ba.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\be.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\bg.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\bn.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\br.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ca.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\co.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\cs.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\cy.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\de.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\da.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\el.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\en.ttt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\eo.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\es.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\et.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\eu.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ext.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\fa.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\fi.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\fr.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\fur.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\fy.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ga.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\gl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\gu.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\he.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\hi.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\hr.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\hu.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\hy.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\id.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\io.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\is.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\it.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ja.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ka.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\kab.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\kaa.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\kk.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ko.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ku-ckb.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ku.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ky.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\lij.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\lt.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\lv.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\mk.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\mn.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\mng.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\mng2.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\mr.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ms.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\nb.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ne.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\nl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\nn.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\pa-in.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\pl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ps.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\pt-br.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\pt.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ro.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ru.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sa.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\si.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sk.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sq.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sr-spc.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sr-spl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sv.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\sw.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ta.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\tg.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\th.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\tk.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\tr.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\tt.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\ug.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\uk.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\uz-cyrl.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\uz.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\va.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\vi.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\yo.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\zh-cn.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Lang\zh-tw.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\License.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\readme.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\7-Zip\Uninstall.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ACE.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat.tlb.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_reader_appicon_16.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_100_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_200_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_elf.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\COPYING.LGPLv2.1.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\LICENSE.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\en-US.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\snapshot_blob.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\libEGL.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\libGLESv2.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\v8_context_snapshot.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\vk_swiftshader_icd.json.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\vulkan-1.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_100_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_200_percent.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\chrome_elf.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\COPYING.LGPLv2.1.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\LICENSE.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\en-US.pak.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\snapshot_blob.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\libEGL.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\libGLESv2.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\v8_context_snapshot.bin.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\vk_swiftshader_icd.json.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroDunamis.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\vulkan-1.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Adobe.Acrobat.Dependencies.manifest.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\adobeafp.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeLinguistic.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeXMP.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AGMGPUOptIn.ini.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ahclient.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ANCUtility.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\ownership-hero-image-d.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AXE8SharedExpat.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AXSLE.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\BIB.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\BIBUtils.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\manifest.json.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\nppdf32.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_asym.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_base.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_base_non_fips.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Click on 'Change' to select default PDF handler.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_ecc.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRClient.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\cryptocme.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\cryptocme.sig.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\cr_win_client_config.cfg.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DirectInk.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\U.S. FOIA.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\U.S. Privacy Act.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\LocaleDisplayNameMap.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\SearchRedactPatterns.xml.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\template1.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\template2.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\template3.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ExtendScript.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\template1.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icucnv58.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icucnv67.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icudt58.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icudt67.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icuuc58.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\icuuc67.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\AdobeID.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\DefaultID.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\JP2KLib.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\eula.ini.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\license.html.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\stopwords.ENU.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Bold.eot.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Light.eot.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\AdobeClean-Regular.eot.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Bold.woff.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Light.woff.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\AdobeClean-Regular.woff.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\PDFPrevHndlr.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\PDFSigQFormalRep.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Accessibility.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\adobepdf.xdc.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\AdobePDF417.pmp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\DataMatrix.pmp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\QRCode.pmp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\CompareMarkers.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Pointers.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Faces.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\SignHere.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\Standard.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Checkers.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\Words.pdf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\DVA.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\DropboxStorage.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\eBook.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\IA32.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\mip_ClientTelemetry.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\mip_upe_sdk.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\MSRMS.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\Flash.mpp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\MCIMPP.mpp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\WindowsMedia.mpp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\PDDom.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\ReadOutLoud.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\reflow.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\SaveAsRTF.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\SendMail.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Search.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Spelling.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\StorageConnectors.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Updater.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\weblink.api.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\2d.x3d.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\3difr.x3d.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\drvDX9.x3d.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\drvSOFT.x3d.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\MyriadCAD.otf.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\tesselate.x3d.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\pmd.cer.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\Microsoft.VCLibs.x86.14.00.appx.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Accessibility_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Actions_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\AppCenter_R.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\CCX_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Certificates_R.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\CollectSignatures.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Combine_DelayedPaywall.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Combine_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Comments.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Compare_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\ConvertPDF_Full.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\ConvertPDF_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\CPDF_Full.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\CPDF_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\CreateCustom_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Developer_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Edit_DelayedPaywall.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Edit_R_Exp_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Edit_R_Full.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Edit_R_Menu.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Edit_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\EPDF_Full.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\EPDF_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Forms_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Home.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\FillSign.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\InAppSign.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Index_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Measure.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\MoreTools.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\OptimizePDF_R_CTX.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\OptimizePDF_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Pages_DelayedPaywall.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Pages_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\PrintProduction_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Protect_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Redact_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Review_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\RichMedia_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Scan_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Stamp.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Standards_R_RHP.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\TrackedSend.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\UnifiedShare.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\Viewer.aapp.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ScCore.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RTC.der.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action01.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action02.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action03.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action04.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action05.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\Action06.sequ.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\sqlite.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\add_reviewer.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\bl.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\br.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\create_form.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\change_deadline.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\distribute_form.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\email_all.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\email_recipients_not_respond.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\email_initiator.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\ended_review_or_form.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\end_review.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\forms_distributed.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\forms_received.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\forms_super.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\form_responses.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\main.css.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\info.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\open_original_form.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\pdf.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\reviews_joined.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\reviewers.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\reviews_super.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\reviews_sent.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\review_browser.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\review_email.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\review_shared.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\review_same_reviewers.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\rss.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\server_issue.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\server_lg.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\server_ok.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\stop_collection_data.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\submission_history.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\tl.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\tr.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\trash.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\turnOffNotificationInAcrobat.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\turnOffNotificationInTray.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\turnOnNotificationInAcrobat.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\turnOnNotificationInTray.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\warning.gif.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\DarkTheme.acrotheme.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\LightTheme.acrotheme.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ViewerPS.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\commit.txt.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-app-launcher.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\04ddbdff6396d98807bc0b6a4af1938c.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\071c3429d4900e9a5c0d4e2105ccf1c2.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\0c9bbbe7a01f43c8a2c084d4926a8785.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\113-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1190-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1536-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1688-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1740-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\179f135ab98d015965571a3d585f8c8f.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\186-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1870-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1901-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1b4bf50844144c4d25af0802a87bfcc6.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\1911-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2054-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\229192ba6f3c6a8d242464d646d4ad63.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2458-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2470-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2673-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2785-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2872-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\2971-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\305-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\3236-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\3379-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\3410-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\355f832ee6b21ce50f0d326b48af976f.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\3602-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4049-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4109-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4382-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4431-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4439-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4486-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4911-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\4dddbe6058a486f7048673e4b143f7c4.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5093-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5038-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5193-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5142-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5251-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\541-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5555-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\5589-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\57686c0e32e1983d524fb6f8d46ca8c7.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\592-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6223-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6297-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6491-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6665-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6753-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6823bdac587ae224bf36689600281a69.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6b0215ed0a09075330a1c6dd3dbfba1d.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6bb09869a6cfe2a88aae68256d9456e3.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\6f43d8c6da907e34ab2028ef15733412.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7001-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7279-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7296-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7363-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7403-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7407-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7486-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\7ec969a62598fbfa1ee1eb8827a0f2e5.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8172-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8317-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8329-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8389-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\83bf4cfa63b712c6973a0d510a7b2c99.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8479-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\8750-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9066745ff44b689b5cc89c3d73970f01.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9216-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9230-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9263-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\92bfb68adb54a6ec950196b4d39ccf3e.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9488-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9783-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9887-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9991-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\9b1662bee64658ff8dd184737a056510.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\a56350ec5a5b310e9f4c7e10e0b6795c.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\ab27b355502b23edc57dcc465635c3f5.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\b961cde276c90015f1db51975a470747.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\b99178ba996d2b4a255b0f163dcb88ce.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\bootstrap.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\c124efa99176e538252a2ae3cef2137e.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\c6534465ea418b6c252e2b74bc9e4bbb.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\db3460ac8568d0137d4556570169e475.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\dc3b5d449449a5103f90189b239c0bf6.png.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-ccx-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-ccxfeedback-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-editsettings-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-enhance-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-extract-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-filepicker-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-help-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-readerRhp-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-RMUpsellCard-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-rsfeedback-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-rsmanagerecipients-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-rspresendreview-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-SignCrossSellCard-modals-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-signsettings-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-split-popups-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-unifiedShare-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-verbs-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: C:\Users\user\Desktop\Fast.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\desktop-videoplayer-chunk.js.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Source: Fast.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: vk_swiftshader.dll.pdb source: vk_swiftshader.dll.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eight.0.dr
Source: Fast.exeStatic PE information: section name: .cdata
Source: Fast.exe.0.drStatic PE information: section name: .cdata
Source: Fast.exe.2.drStatic PE information: section name: .cdata
Source: Fast.exe0.2.drStatic PE information: section name: .cdata

Persistence and Installation Behavior

barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ink\mraut.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\SenseCE.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ink\micaut.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\SenseNdr.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Photo Viewer\PhotoViewer.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ink\InkObj.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows NT\Accessories\wordpad.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender\MpSvc.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender\NisSrv.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\OPCTextExtractorWin.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\nl7data0804.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ink\tabskb.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Media Player\setup_wm.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Photo Viewer\ImagingEngine.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Photo Viewer\PhotoAcq.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\nl7data0404.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\nl7data0011.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files (x86)\common files\Microsoft Shared\ink\mraut.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\SenseCM.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\mce.dllJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRenamed to system file: C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exeJump to behavior
Uses bcdedit to modify the Windows boot settings
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailures
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled no
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Users\user\AppData\Local\Fast.exeJump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Fast.exeJump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeJump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Fast.exeJump to dropped file

Boot Survival

barindex
Drops PE files to the startup folder
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Fast.exeJump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeJump to dropped file
Source: C:\Users\user\Desktop\Fast.exeFile created: c:\programdata\microsoft\windows\start menu\programs\startup\Fast.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeFile created: c:\programdata\microsoft\windows\start menu\programs\startup\Fast.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Fast.exe\:Zone.Identifier:$DATAJump to behavior
Source: C:\Users\user\Desktop\Fast.exeFile created: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\Fast.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exe\:Zone.Identifier:$DATAJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FastJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FastJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FastJump to behavior
Source: C:\Users\user\Desktop\Fast.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FastJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Creates files in the recycle bin to hide itself
Source: C:\Users\user\Desktop\Fast.exeFile created: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini.id[9AA40F17-2803].[HenryShrapnel61@gmx.com].eightJump to behavior
Creates files inside the volume driver (system volume information)
Source: C:\Windows\System32\wbengine.exeFile created: C:\System Volume Information\WindowsImageBackupJump to behavior
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\vds.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking locale)
Source: C:\Users\user\AppData\Local\Fast.exeEvasive API call chain: GetLocaleInfo, EnterCriticalSection, DeleteCriticalSectiongraph_14-3665
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeEvasive API call chain: GetLocaleInfo, EnterCriticalSection, DeleteCriticalSection
Source: C:\Windows\System32\vds.exeFile opened / queried: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\Fast.exeWindow / User API: threadDelayed 6924Jump to behavior
Source: C:\Users\user\Desktop\Fast.exeWindow / User API: threadDelayed 2440Jump to behavior
Source: C:\Users\user\Desktop\Fast.exeWindow / User API: threadDelayed 2217Jump to behavior
Source: C:\Users\user\Desktop\Fast.exeWindow / User API: threadDelayed 7769Jump to behavior
Source: C:\Users\user\AppData\Local\Fast.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_14-4875
Source: C:\Users\user\Desktop\Fast.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_2-4729
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Source: C:\Users\user\AppData\Local\Fast.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_14-3856
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\Fast.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-3898
Source: C:\Users\user\AppData\Local\Fast.exeAPI coverage: 4.6 %
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeAPI coverage: 4.6 %
Source: C:\Users\user\Desktop\Fast.exe TID: 7804Thread sleep count: 6924 > 30Jump to behavior
Source: C:\Users\user\Desktop\Fast.exe TID: 7804Thread sleep time: -6924000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Fast.exe TID: 7792Thread sleep count: 64 > 30Jump to behavior
Source: C:\Users\user\Desktop\Fast.exe TID: 7792Thread sleep time: -64000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Fast.exe TID: 7804Thread sleep count: 2440 > 30Jump to behavior
Source: C:\Users\user\Desktop\Fast.exe TID: 7804Thread sleep time: -2440000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Fast.exe TID: 7680Thread sleep count: 2217 > 30Jump to behavior
Source: C:\Users\user\Desktop\Fast.exe TID: 7680Thread sleep time: -2217000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Fast.exe TID: 7680Thread sleep count: 7769 > 30Jump to behavior
Source: C:\Users\user\Desktop\Fast.exe TID: 7680Thread sleep time: -7769000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA5D61 FindFirstFileW,FindNextFileW,FindClose,2_2_00CA5D61
Source: C:\Users\user\AppData\Local\Fast.exeCode function: 14_2_000D5D61 FindFirstFileW,FindNextFileW,FindClose,14_2_000D5D61
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeCode function: 25_2_00205D61 FindFirstFileW,FindNextFileW,FindClose,25_2_00205D61
Source: Fast.exe, 00000000.00000003.1903574983.00000000046A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\D:\sources\replacementmanifests\microsoft-hyper-v-client-migration-replacement.man{
Source: vds.exe, 00000018.00000002.4238010107.0000023C61818000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}J
Source: vds.exe, 00000018.00000002.4238010107.0000023C61837000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000*
Source: vds.exe, 00000018.00000002.4238010107.0000023C61837000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000d
Source: vds.exe, 00000018.00000003.2225368840.0000023C61868000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: vds.exe, 00000018.00000003.2246230697.0000023C6187A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: Fast.exe, 00000000.00000003.1958071986.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1976169149.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1906110205.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1943437772.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1946726629.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1913579887.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1889453212.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1894613013.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1900256697.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1903742664.0000000000E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\D:\sources\replacementmanifests\microsoft-hyper-v-client-migration-replacement.man
Source: Fast.exe, 00000000.00000003.1903574983.00000000046A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\D:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.man-
Source: bcdedit.exe, 00000012.00000002.2132924831.00000232A8F58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: I VMware Virtual SATA CDROM Drive (0.0)
Source: Fast.exe, 00000000.00000003.1903742664.0000000000E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\D:\sources\replacementmanifests\microsoft-hyper-v-migration-replacement.mans
Source: vds.exe, 00000018.00000003.2225368840.0000023C61868000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56KKqi
Source: vds.exe, 00000018.00000002.4238010107.0000023C61818000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.dll
Source: Fast.exe, 00000000.00000003.1903574983.00000000046A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\D:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.man9
Source: vds.exe, 00000018.00000002.4238010107.0000023C61818000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: Fast.exe, 00000000.00000003.1903574983.00000000046A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\D:\sources\replacementmanifests\microsoft-hyper-v-client-migration-replacement.manL
Source: bcdedit.exe, 00000014.00000002.2173147665.000001BB4003B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pEFI VMware Virtual SATA CDROM Drive (0.0)
Source: vds.exe, 00000018.00000002.4238010107.0000023C61837000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: vds.exe, 00000018.00000003.2251773165.0000023C6187A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}Ph
Source: vds.exe, 00000018.00000002.4238010107.0000023C6185A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000*
Source: vds.exe, 00000018.00000003.2242855321.0000023C6187A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: vds.exe, 00000018.00000003.2225368840.0000023C61868000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Fast.exe, 00000000.00000003.1958071986.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1976169149.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1906110205.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1943437772.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1946726629.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1913579887.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1889453212.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1894613013.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1900256697.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1903742664.0000000000E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\D:\sources\replacementmanifests\microsoft-hyper-v-migration-replacement.man
Source: vds.exe, 00000018.00000003.2229123796.0000023C61868000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: age#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\storage#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000c5e500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\storage#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: vds.exe, 00000018.00000002.4238010107.0000023C61837000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00
Source: vds.exe, 00000018.00000002.4238010107.0000023C61837000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Fast.exe, 00000000.00000003.1903574983.00000000046A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\D:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.man
Source: vds.exe, 00000018.00000003.2246860462.0000023C6187E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: Fast.exe, 00000000.00000003.1958071986.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1976169149.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1906110205.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1943437772.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1946726629.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1913579887.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1889453212.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1894613013.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1900256697.0000000000E6D000.00000004.00000020.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.1903742664.0000000000E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\D:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.man
Source: Fast.exe, 00000000.00000003.1903742664.0000000000E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\D:\sources\replacementmanifests\microsoft-hyper-v-migration-replacement.man
Source: Fast.exe, 00000000.00000003.1903574983.00000000046A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\D:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.manb
Source: vds.exe, 00000018.00000003.2242192548.0000023C6187F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: vds.exe, 00000018.00000002.4238010107.0000023C6185A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000Ph
Source: vds.exe, 00000018.00000003.2246726317.0000023C61887000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: vds.exe, 00000018.00000002.4238010107.0000023C6185A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: vds.exe, 00000018.00000002.4238010107.0000023C6185A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: vds.exe, 00000018.00000003.2233616626.0000023C61868000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: age#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}\?\storage#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000c5e500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\storage#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\Fast.exeAPI call chain: ExitProcess graph end nodegraph_2-3699
Source: C:\Users\user\Desktop\Fast.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA90A1 GetProcessHeap,RtlFreeHeap,2_2_00CA90A1
Source: C:\Users\user\Desktop\Fast.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\Fast.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exeJump to behavior
Source: C:\Users\user\Desktop\Fast.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic shadowcopy deleteJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} bootstatuspolicy ignoreallfailuresJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bcdedit.exe bcdedit /set {default} recoveryenabled noJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin delete catalog -quietJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall set opmode mode=disable
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA4428 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetTokenInformation,AllocateAndInitializeSid,EqualSid,LookupAccountSidW,GetLastError,FreeSid,2_2_00CA4428
Source: C:\Users\user\Desktop\Fast.exeCode function: GetTickCount,GetLocaleInfoW,Sleep,Sleep,Sleep,CreateThread,WaitForSingleObject,EnterCriticalSection,LeaveCriticalSection,WaitForMultipleObjects,CloseHandle,EnterCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,ReleaseMutex,CloseHandle,2_2_00CA29F5
Source: C:\Users\user\AppData\Local\Fast.exeCode function: GetTickCount,GetLocaleInfoW,Sleep,Sleep,Sleep,CreateThread,WaitForSingleObject,EnterCriticalSection,LeaveCriticalSection,WaitForMultipleObjects,CloseHandle,EnterCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,ReleaseMutex,CloseHandle,14_2_000D29F5
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fast.exeCode function: GetTickCount,GetLocaleInfoW,Sleep,Sleep,Sleep,CreateThread,WaitForSingleObject,EnterCriticalSection,LeaveCriticalSection,WaitForMultipleObjects,CloseHandle,EnterCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,ReleaseMutex,CloseHandle,25_2_002029F5
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA77DF InitializeCriticalSectionAndSpinCount,EnterCriticalSection,QueryPerformanceCounter,QueryPerformanceCounter,GetTickCount,GetCurrentProcessId,GetCurrentThreadId,GetLocalTime,SystemTimeToFileTime,QueryPerformanceCounter,LeaveCriticalSection,2_2_00CA77DF
Source: C:\Users\user\Desktop\Fast.exeCode function: 2_2_00CA3E39 GetVersion,GetCurrentProcess,OpenProcessToken,GetTokenInformation,FindCloseChangeNotification,2_2_00CA3E39

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Deletes the backup plan of Windows
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin delete catalog -quiet
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbadmin.exe wbadmin delete catalog -quietJump to behavior
Modifies the windows firewall
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off
Uses netsh to modify the Windows network and firewall settings
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh advfirewall set currentprofile state off
Source: Fast.exe, 00000000.00000003.2693227210.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.2705225457.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.2767513749.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.2087557131.0000000003880000.00000004.00000800.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.2759247777.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.2541928422.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.2610693445.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.2463498210.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.2832712204.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.2750402428.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Fast.exe, 00000000.00000003.2835072519.0000000000B30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Fast.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Scheduled Task/Job		1
Scheduled Task/Job		1
Access Token Manipulation		113
Masquerading		OS Credential Dumping1
System Time Discovery		1
Taint Shared Content		1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network Medium1
Inhibit System Recovery
CredentialsDomainsDefault Accounts11
Native API		121
Registry Run Keys / Startup Folder		11
Process Injection		2
Disable or Modify Tools		LSASS Memory131
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
Scheduled Task/Job		12
Virtualization/Sandbox Evasion		Security Account Manager12
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook121
Registry Run Keys / Startup Folder		1
Access Token Manipulation		NTDS2
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
DLL Side-Loading		11
Process Injection		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Hidden Files and Directories		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync23
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
File Deletion		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1388428 Sample: Fast.exe Startdate: 07/02/2024 Architecture: WINDOWS Score: 100 60 Malicious sample detected (through community Yara rule) 2->60 62 Antivirus / Scanner detection for submitted sample 2->62 64 Multi AV Scanner detection for dropped file 2->64 66 7 other signatures 2->66 7 Fast.exe 1 501 2->7         started        11 Fast.exe 2->11         started        13 wbengine.exe 3 2->13         started        15 5 other processes 2->15 process3 file4 44 C:\ProgramData\Microsoft\Windows\...\Fast.exe, PE32 7->44 dropped 46 v8_context_snapsho...el61@gmx.com].eight, data 7->46 dropped 48 snapshot_blob.bin....el61@gmx.com].eight, data 7->48 dropped 50 38 other files (34 malicious) 7->50 dropped 68 Creates files in the recycle bin to hide itself 7->68 70 Drops PE files to the startup folder 7->70 72 Writes many files with high entropy 7->72 74 Infects executable files (exe, dll, sys, html) 7->74 17 cmd.exe 1 7->17         started        20 Fast.exe 2 6 7->20         started        23 cmd.exe 7->23         started        76 Multi AV Scanner detection for dropped file 11->76 78 Found evasive API chain (may stop execution after checking locale) 11->78 80 Creates files inside the volume driver (system volume information) 13->80 signatures5 process6 file7 52 May disable shadow drive data (uses vssadmin) 17->52 54 Deletes shadow drive data (may be related to ransomware) 17->54 56 Uses netsh to modify the Windows network and firewall settings 17->56 58 3 other signatures 17->58 25 vssadmin.exe 1 17->25         started        28 bcdedit.exe 9 1 17->28         started        30 bcdedit.exe 8 1 17->30         started        38 3 other processes 17->38 40 C:\Users\user\AppData\Roaming\...\Fast.exe, PE32 20->40 dropped 42 C:\Users\user\AppData\Local\Fast.exe, PE32 20->42 dropped 32 netsh.exe 2 23->32         started        34 netsh.exe 2 23->34         started        36 conhost.exe 23->36         started        signatures8 process9 signatures10 82 Deletes shadow drive data (may be related to ransomware) 25->82

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.