Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
165s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
03/10/2022, 21:32
General
-
Target
6a92c4a2e4ad560833412ba405e10425c7f3c2e21a00ce7bb6767c5b7d17b0c7.exe
-
Size
72KB
-
MD5
07856b0534653fd30a542e8da18a8318
-
SHA1
4f52f0ac6c7b3cdafff36a2775be39b3abe0c7af
-
SHA256
6a92c4a2e4ad560833412ba405e10425c7f3c2e21a00ce7bb6767c5b7d17b0c7
-
SHA512
4a6e89d7096c9658cf277f37c695f7282ebf23e0233fcf92b134296a4fa441a1769e62f8b3183cd43480ac4cf0d612516d2827f0bc69b03bf2b77bb716aa9ee9
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2O:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPa
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a92c4a2e4ad560833412ba405e10425c7f3c2e21a00ce7bb6767c5b7d17b0c7.exe"C:\Users\Admin\AppData\Local\Temp\6a92c4a2e4ad560833412ba405e10425c7f3c2e21a00ce7bb6767c5b7d17b0c7.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1426992607\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\1426992607\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\1426992607\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\data.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\data.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\data.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\data.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\update.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\update.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\update.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\update.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nl-NL\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pl-PL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-BR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-PT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ro-RO\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ru-RU\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sk-SK\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sl-SI\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sv-SE\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\th-TH\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\tr-TR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\uk-UA\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\zh-CN\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\zh-TW\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\data.exe"C:\Program Files\Common Files\microsoft shared\Triedit\data.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\9⤵
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Executes dropped EXE
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\update.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\update.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
- System policy modification
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- System policy modification
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- System policy modification
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\9⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\9⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\10⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\9⤵
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\data.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\data.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\9⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\10⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.update\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.update\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.update\10⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\dropins\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\dropins\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\dropins\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\9⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\10⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\10⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\9⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\10⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\11⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\12⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\10⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\11⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\12⤵
-
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\9⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\11⤵
- Drops file in Program Files directory
-
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\etc\data.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\etc\data.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\etc\9⤵
- System policy modification
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\9⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\10⤵
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\11⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\11⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\update.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\update.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\10⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\11⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\locale\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\locale\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\locale\12⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\update.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\update.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\10⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\9⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\10⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\11⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\10⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\11⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\jdk15\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\jdk15\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\jdk15\12⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\13⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\locale\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\locale\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\locale\11⤵
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\update.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\update.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\10⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\11⤵
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\10⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\9⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\10⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\11⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\10⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\10⤵
-
-
-
-
-
-
C:\Program Files\Java\jre1.8.0_66\data.exe"C:\Program Files\Java\jre1.8.0_66\data.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\8⤵
- System policy modification
-
-
C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\plugin2\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\server\8⤵
-
-
-
C:\Program Files\Java\jre1.8.0_66\lib\update.exe"C:\Program Files\Java\jre1.8.0_66\lib\update.exe" C:\Program Files\Java\jre1.8.0_66\lib\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\amd64\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jre1.8.0_66\lib\applet\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\applet\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\applet\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\lib\cmm\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\cmm\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\cmm\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\lib\deploy\data.exe"C:\Program Files\Java\jre1.8.0_66\lib\deploy\data.exe" C:\Program Files\Java\jre1.8.0_66\lib\deploy\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\lib\ext\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\ext\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\ext\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\lib\fonts\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\fonts\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\fonts\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\lib\images\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\images\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\images\8⤵
-
C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\9⤵
-
-
-
C:\Program Files\Java\jre1.8.0_66\lib\jfr\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\jfr\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\jfr\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\lib\management\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\management\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\management\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jre1.8.0_66\lib\security\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\security\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\security\8⤵
-
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\8⤵
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\8⤵
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\8⤵
-
-
-
C:\Program Files\Microsoft Office\root\fre\backup.exe"C:\Program Files\Microsoft Office\root\fre\backup.exe" C:\Program Files\Microsoft Office\root\fre\7⤵
-
-
C:\Program Files\Microsoft Office\root\Integration\backup.exe"C:\Program Files\Microsoft Office\root\Integration\backup.exe" C:\Program Files\Microsoft Office\root\Integration\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\root\Integration\Addons\backup.exe"C:\Program Files\Microsoft Office\root\Integration\Addons\backup.exe" C:\Program Files\Microsoft Office\root\Integration\Addons\8⤵
-
-
-
C:\Program Files\Microsoft Office\root\Licenses\backup.exe"C:\Program Files\Microsoft Office\root\Licenses\backup.exe" C:\Program Files\Microsoft Office\root\Licenses\7⤵
-
-
C:\Program Files\Microsoft Office\root\Licenses16\backup.exe"C:\Program Files\Microsoft Office\root\Licenses16\backup.exe" C:\Program Files\Microsoft Office\root\Licenses16\7⤵
-
-
C:\Program Files\Microsoft Office\root\loc\System Restore.exe"C:\Program Files\Microsoft Office\root\loc\System Restore.exe" C:\Program Files\Microsoft Office\root\loc\7⤵
-
-
C:\Program Files\Microsoft Office\root\Office15\backup.exe"C:\Program Files\Microsoft Office\root\Office15\backup.exe" C:\Program Files\Microsoft Office\root\Office15\7⤵
-
-
C:\Program Files\Microsoft Office\root\Office16\backup.exe"C:\Program Files\Microsoft Office\root\Office16\backup.exe" C:\Program Files\Microsoft Office\root\Office16\7⤵
-
C:\Program Files\Microsoft Office\root\Office16\1033\backup.exe"C:\Program Files\Microsoft Office\root\Office16\1033\backup.exe" C:\Program Files\Microsoft Office\root\Office16\1033\8⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files\Microsoft Office\Updates\backup.exe"C:\Program Files\Microsoft Office\Updates\backup.exe" C:\Program Files\Microsoft Office\Updates\6⤵
-
C:\Program Files\Microsoft Office\Updates\Apply\backup.exe"C:\Program Files\Microsoft Office\Updates\Apply\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\7⤵
-
C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\backup.exe"C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\backup.exe"C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\9⤵
-
-
-
-
C:\Program Files\Microsoft Office\Updates\Download\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\update.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\update.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\8⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\10⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\11⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\Windows\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\Windows\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\Windows\12⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\Windows\assembly\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\Windows\assembly\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\Windows\assembly\13⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\Windows\assembly\GAC_MSIL\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\Windows\assembly\GAC_MSIL\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E072BA14-90AE-4ACC-B895-7EFF8F4C5727\root\vfs\Windows\assembly\GAC_MSIL\14⤵
- Disables RegEdit via registry modification
-
-
-
-
-
-
-
-
-
-
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\6⤵
- System policy modification
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
-
C:\Program Files\Mozilla Firefox\browser\features\backup.exe"C:\Program Files\Mozilla Firefox\browser\features\backup.exe" C:\Program Files\Mozilla Firefox\browser\features\7⤵
-
-
C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe"C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe" C:\Program Files\Mozilla Firefox\browser\VisualElements\7⤵
-
-
-
C:\Program Files\Mozilla Firefox\defaults\backup.exe"C:\Program Files\Mozilla Firefox\defaults\backup.exe" C:\Program Files\Mozilla Firefox\defaults\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe"C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe" C:\Program Files\Mozilla Firefox\defaults\pref\7⤵
-
-
-
C:\Program Files\Mozilla Firefox\fonts\backup.exe"C:\Program Files\Mozilla Firefox\fonts\backup.exe" C:\Program Files\Mozilla Firefox\fonts\6⤵
- System policy modification
-
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\7⤵
-
-
-
C:\Program Files\Mozilla Firefox\uninstall\backup.exe"C:\Program Files\Mozilla Firefox\uninstall\backup.exe" C:\Program Files\Mozilla Firefox\uninstall\6⤵
-
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\MSBuild\Microsoft\backup.exe"C:\Program Files\MSBuild\Microsoft\backup.exe" C:\Program Files\MSBuild\Microsoft\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\7⤵
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\8⤵
-
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\8⤵
- System policy modification
-
-
-
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Reference Assemblies\Microsoft\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\6⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\7⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\8⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\9⤵
-
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\8⤵
- System policy modification
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\9⤵
-
-
-
-
-
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
C:\Program Files\VideoLAN\VLC\backup.exe"C:\Program Files\VideoLAN\VLC\backup.exe" C:\Program Files\VideoLAN\VLC\6⤵
-
C:\Program Files\VideoLAN\VLC\hrtfs\System Restore.exe"C:\Program Files\VideoLAN\VLC\hrtfs\System Restore.exe" C:\Program Files\VideoLAN\VLC\hrtfs\7⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\backup.exe"C:\Program Files\VideoLAN\VLC\locale\backup.exe" C:\Program Files\VideoLAN\VLC\locale\7⤵
- System policy modification
-
-
-
-
C:\Program Files\Windows Mail\backup.exe"C:\Program Files\Windows Mail\backup.exe" C:\Program Files\Windows Mail\5⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Windows Media Player\backup.exe"C:\Program Files\Windows Media Player\backup.exe" C:\Program Files\Windows Media Player\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Windows Media Player\en-US\backup.exe"C:\Program Files\Windows Media Player\en-US\backup.exe" C:\Program Files\Windows Media Player\en-US\6⤵
-
-
C:\Program Files\Windows Media Player\Media Renderer\backup.exe"C:\Program Files\Windows Media Player\Media Renderer\backup.exe" C:\Program Files\Windows Media Player\Media Renderer\6⤵
-
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\data.exe"C:\Program Files (x86)\Adobe\data.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\11⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\14⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\libs\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\libs\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\libs\14⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\12⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\cef\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\cef\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\cef\14⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\14⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\13⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\14⤵
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\11⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\12⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\13⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\14⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\12⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\13⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\11⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\14⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\12⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\13⤵
-
-
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\update.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\update.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\update.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\update.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\data.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\data.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\10⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\10⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\11⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\11⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\12⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\13⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\14⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\14⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\update.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\update.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\14⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\13⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\14⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\14⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\14⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\13⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\14⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\14⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\14⤵
-
-
-
-
-
-
-
-
-
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\8⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
C:\Program Files (x86)\Common Files\System\ado\backup.exe"C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\System\en-US\System Restore.exe"C:\Program Files (x86)\Common Files\System\en-US\System Restore.exe" C:\Program Files (x86)\Common Files\System\en-US\7⤵
-
-
C:\Program Files (x86)\Common Files\System\msadc\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\7⤵
-
C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\7⤵
-
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\en-US\8⤵
-
-
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
C:\Program Files (x86)\Google\Temp\System Restore.exe"C:\Program Files (x86)\Google\Temp\System Restore.exe" C:\Program Files (x86)\Google\Temp\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\1.3.36.71\update.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\update.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\update.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\update.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\9⤵
-
-
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
-
C:\Program Files (x86)\Google\Update\Install\{0D3B55D5-C891-4ABD-ADA8-7B4746A87555}\data.exe"C:\Program Files (x86)\Google\Update\Install\{0D3B55D5-C891-4ABD-ADA8-7B4746A87555}\data.exe" C:\Program Files (x86)\Google\Update\Install\{0D3B55D5-C891-4ABD-ADA8-7B4746A87555}\8⤵
-
-
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
- System policy modification
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\images\backup.exe"C:\Program Files (x86)\Internet Explorer\images\backup.exe" C:\Program Files (x86)\Internet Explorer\images\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe"C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files (x86)\Microsoft\backup.exe"C:\Program Files (x86)\Microsoft\backup.exe" C:\Program Files (x86)\Microsoft\5⤵
-
C:\Program Files (x86)\Microsoft\Edge\update.exe"C:\Program Files (x86)\Microsoft\Edge\update.exe" C:\Program Files (x86)\Microsoft\Edge\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Microsoft\Edge\Application\update.exe"C:\Program Files (x86)\Microsoft\Edge\Application\update.exe" C:\Program Files (x86)\Microsoft\Edge\Application\7⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\9⤵
- System policy modification
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\10⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x86\data.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x86\data.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x86\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Extensions\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Extensions\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Extensions\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\System Restore.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\System Restore.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\9⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\9⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\9⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MEIPreload\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MEIPreload\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MEIPreload\9⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\update.exe"C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\update.exe" C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\backup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\backup.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\6⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.167.21\backup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.167.21\backup.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.167.21\7⤵
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\backup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\backup.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\7⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\backup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\backup.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.167.21\System Restore.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.167.21\System Restore.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.167.21\9⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\backup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\backup.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\7⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{18F127B1-7EA9-4BC3-9FD3-434ABBAC765F}\backup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{18F127B1-7EA9-4BC3-9FD3-434ABBAC765F}\backup.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{18F127B1-7EA9-4BC3-9FD3-434ABBAC765F}\8⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\Temp\backup.exe"C:\Program Files (x86)\Microsoft\Temp\backup.exe" C:\Program Files (x86)\Microsoft\Temp\6⤵
-
-
-
C:\Program Files (x86)\Microsoft.NET\backup.exe"C:\Program Files (x86)\Microsoft.NET\backup.exe" C:\Program Files (x86)\Microsoft.NET\5⤵
-
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\backup.exe"C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\backup.exe" C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\6⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\backup.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\backup.exe" C:\Program Files (x86)\Microsoft.NET\RedistList\6⤵
-
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe"C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\5⤵
- System policy modification
-
C:\Program Files (x86)\Mozilla Maintenance Service\logs\backup.exe"C:\Program Files (x86)\Mozilla Maintenance Service\logs\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\logs\6⤵
-
-
-
C:\Program Files (x86)\MSBuild\backup.exe"C:\Program Files (x86)\MSBuild\backup.exe" C:\Program Files (x86)\MSBuild\5⤵
-
C:\Program Files (x86)\MSBuild\Microsoft\backup.exe"C:\Program Files (x86)\MSBuild\Microsoft\backup.exe" C:\Program Files (x86)\MSBuild\Microsoft\6⤵
-
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe"C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe" C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\7⤵
- System policy modification
-
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe"C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe" C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\8⤵
- System policy modification
-
-
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\update.exe"C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\update.exe" C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\8⤵
- System policy modification
-
-
-
-
-
C:\Program Files (x86)\Reference Assemblies\backup.exe"C:\Program Files (x86)\Reference Assemblies\backup.exe" C:\Program Files (x86)\Reference Assemblies\5⤵
-
C:\Program Files (x86)\Reference Assemblies\Microsoft\backup.exe"C:\Program Files (x86)\Reference Assemblies\Microsoft\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\6⤵
-
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\backup.exe"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\7⤵
-
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\9⤵
-
-
-
-
-
-
C:\Program Files (x86)\Windows Mail\backup.exe"C:\Program Files (x86)\Windows Mail\backup.exe" C:\Program Files (x86)\Windows Mail\5⤵
-
-
C:\Program Files (x86)\Windows Media Player\backup.exe"C:\Program Files (x86)\Windows Media Player\backup.exe" C:\Program Files (x86)\Windows Media Player\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Windows Media Player\en-US\backup.exe"C:\Program Files (x86)\Windows Media Player\en-US\backup.exe" C:\Program Files (x86)\Windows Media Player\en-US\6⤵
-
-
-
C:\Program Files (x86)\Windows Multimedia Platform\backup.exe"C:\Program Files (x86)\Windows Multimedia Platform\backup.exe" C:\Program Files (x86)\Windows Multimedia Platform\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- System policy modification
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- System policy modification
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
-
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
- Disables RegEdit via registry modification
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
- System policy modification
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Public\Pictures\data.exeC:\Users\Public\Pictures\data.exe C:\Users\Public\Pictures\6⤵
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
-
-
-
C:\Windows\update.exeC:\Windows\update.exe C:\Windows\4⤵
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
-
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
-
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\AppPatch64\System Restore.exe"C:\Windows\apppatch\AppPatch64\System Restore.exe" C:\Windows\apppatch\AppPatch64\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
-
-
-
C:\Windows\apppatch\CustomSDB\System Restore.exe"C:\Windows\apppatch\CustomSDB\System Restore.exe" C:\Windows\apppatch\CustomSDB\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\apppatch\en-US\backup.exeC:\Windows\apppatch\en-US\backup.exe C:\Windows\apppatch\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\AppReadiness\backup.exeC:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\5⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\data.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\data.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Extensibility\backup.exeC:\Windows\assembly\GAC\Extensibility\backup.exe C:\Windows\assembly\GAC\Extensibility\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\mscomctl\backup.exeC:\Windows\assembly\GAC\mscomctl\backup.exe C:\Windows\assembly\GAC\mscomctl\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\8⤵
-
-
-
-
C:\Windows\assembly\GAC_32\backup.exeC:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Windows\assembly\GAC_32\ISymWrapper\backup.exeC:\Windows\assembly\GAC_32\ISymWrapper\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\7⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\7⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\8⤵
- System policy modification
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\7⤵
- Drops file in Windows directory
- System policy modification
-
-
-
C:\Windows\assembly\GAC_64\backup.exeC:\Windows\assembly\GAC_64\backup.exe C:\Windows\assembly\GAC_64\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC_64\CustomMarshalers\backup.exeC:\Windows\assembly\GAC_64\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_64\CustomMarshalers\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_64\ISymWrapper\backup.exeC:\Windows\assembly\GAC_64\ISymWrapper\backup.exe C:\Windows\assembly\GAC_64\ISymWrapper\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_64\Microsoft.Ink\backup.exeC:\Windows\assembly\GAC_64\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Ink\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\assembly\GAC_MSIL\backup.exeC:\Windows\assembly\GAC_MSIL\backup.exe C:\Windows\assembly\GAC_MSIL\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC_MSIL\Accessibility\backup.exeC:\Windows\assembly\GAC_MSIL\Accessibility\backup.exe C:\Windows\assembly\GAC_MSIL\Accessibility\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\backup.exeC:\Windows\assembly\GAC_MSIL\AspNetMMCExt\backup.exe C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\7⤵
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\06e4ead630bb224419e9830affdafb8c\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\06e4ead630bb224419e9830affdafb8c\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\06e4ead630bb224419e9830affdafb8c\8⤵
-
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
-
-
C:\Windows\bcastdvr\backup.exeC:\Windows\bcastdvr\backup.exe C:\Windows\bcastdvr\5⤵
- System policy modification
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
- Drops file in Windows directory
-
C:\Windows\Branding\Basebrd\backup.exeC:\Windows\Branding\Basebrd\backup.exe C:\Windows\Branding\Basebrd\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\Branding\Basebrd\en-US\update.exeC:\Windows\Branding\Basebrd\en-US\update.exe C:\Windows\Branding\Basebrd\en-US\7⤵
-
-
-
C:\Windows\Branding\shellbrd\backup.exeC:\Windows\Branding\shellbrd\backup.exe C:\Windows\Branding\shellbrd\6⤵
-
-
-
C:\Windows\CbsTemp\backup.exeC:\Windows\CbsTemp\backup.exe C:\Windows\CbsTemp\5⤵
-
-
C:\Windows\Containers\backup.exeC:\Windows\Containers\backup.exe C:\Windows\Containers\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\Containers\serviced\update.exeC:\Windows\Containers\serviced\update.exe C:\Windows\Containers\serviced\6⤵
- System policy modification
-
-
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
-
C:\Windows\debug\backup.exeC:\Windows\debug\backup.exe C:\Windows\debug\5⤵
-
-
C:\Windows\DiagTrack\backup.exeC:\Windows\DiagTrack\backup.exe C:\Windows\DiagTrack\5⤵
- Drops file in Windows directory
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\data.exeC:\Users\Admin\AppData\Local\Temp\Low\data.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5f1325632a7d5629fec2abf8d19af784a
SHA1c77c26e42cd254d87c85312159c9e7cf69dfbd7a
SHA2561fa9809749a16cb26bd562cfe3212d8c3ed1b62fb8fc63a8009eef58beddcfc6
SHA51265333f629326d8464d2db35896ea59554e4741f35a9ca62aa49a0e05efa170074a49ad0afcaebb84772b6761f1d7d0a2311860bb06034993e67751d3fe93f4fb
-
Filesize
72KB
MD5f1325632a7d5629fec2abf8d19af784a
SHA1c77c26e42cd254d87c85312159c9e7cf69dfbd7a
SHA2561fa9809749a16cb26bd562cfe3212d8c3ed1b62fb8fc63a8009eef58beddcfc6
SHA51265333f629326d8464d2db35896ea59554e4741f35a9ca62aa49a0e05efa170074a49ad0afcaebb84772b6761f1d7d0a2311860bb06034993e67751d3fe93f4fb
-
Filesize
72KB
MD54571ec91cc3005fef4d7e39a37859a4e
SHA104f27ef220a595fd668519048ed056f6cad7f82d
SHA256d6345672f5d4c21c8489821fda43243e395de6c1b175c08812fed5c0898ded2b
SHA5123c6b22b245ee9c9dd9cb83dbcb51a756a37aa21c2093f8f884c6f1b4d5e6c33a1547a65209641f17338afc78cb72432c6dd080b667cfe98110bcf45ff87ae160
-
Filesize
72KB
MD54571ec91cc3005fef4d7e39a37859a4e
SHA104f27ef220a595fd668519048ed056f6cad7f82d
SHA256d6345672f5d4c21c8489821fda43243e395de6c1b175c08812fed5c0898ded2b
SHA5123c6b22b245ee9c9dd9cb83dbcb51a756a37aa21c2093f8f884c6f1b4d5e6c33a1547a65209641f17338afc78cb72432c6dd080b667cfe98110bcf45ff87ae160
-
Filesize
72KB
MD58e960ce632b2cc946bcb0e907409c4fb
SHA11a7f1886b01ee96d7944265da942ba9d1130a022
SHA2566b40a5e571a3c59f36c048c5e8f22eaa77562c485fad992b6b91dc8ef1fc700e
SHA512c2482c59d852c47ebf69740e1d813470fb8b83e058070ec36bc49bb3bcb1d24097245908207586240b6a0bb393ec20627eb7e3b0252f4de3479793c82d116d09
-
Filesize
72KB
MD58e960ce632b2cc946bcb0e907409c4fb
SHA11a7f1886b01ee96d7944265da942ba9d1130a022
SHA2566b40a5e571a3c59f36c048c5e8f22eaa77562c485fad992b6b91dc8ef1fc700e
SHA512c2482c59d852c47ebf69740e1d813470fb8b83e058070ec36bc49bb3bcb1d24097245908207586240b6a0bb393ec20627eb7e3b0252f4de3479793c82d116d09
-
Filesize
72KB
MD527bf7f44161c0071b06ae20bc352c575
SHA1698c2764838e9bf38d75a40ff007ff73fe5a2625
SHA256245b663ee0ef73edd046878dd6a13ce74600388a4ac6ff923307e001f2df8f88
SHA51200d42f1bce7df3d1f0b82a066636b5af6e0892096e69760caf829e49ce1bdadcf262f08837ef7b969e0f298f4eb95d7313a5e82d87ec7a27459153549c859a04
-
Filesize
72KB
MD527bf7f44161c0071b06ae20bc352c575
SHA1698c2764838e9bf38d75a40ff007ff73fe5a2625
SHA256245b663ee0ef73edd046878dd6a13ce74600388a4ac6ff923307e001f2df8f88
SHA51200d42f1bce7df3d1f0b82a066636b5af6e0892096e69760caf829e49ce1bdadcf262f08837ef7b969e0f298f4eb95d7313a5e82d87ec7a27459153549c859a04
-
Filesize
72KB
MD534dedcad701f4aabf00d4bba0dd1385d
SHA1d7a8bf6fce2d4fbf3152a4a2d551882d9d408a4c
SHA25624eec5cdf58be17543af90a9393c81b52b16f3abe4bb5e26d0207dd36e9dd100
SHA5120a008180543c8ef20d90fbcfe53787acb00c883a7101a3888323585535c5d6ebaad4dc5e46f14cec4531f69f1e78b419631a4f80fc75e54cbd5942a35b8b2831
-
Filesize
72KB
MD534dedcad701f4aabf00d4bba0dd1385d
SHA1d7a8bf6fce2d4fbf3152a4a2d551882d9d408a4c
SHA25624eec5cdf58be17543af90a9393c81b52b16f3abe4bb5e26d0207dd36e9dd100
SHA5120a008180543c8ef20d90fbcfe53787acb00c883a7101a3888323585535c5d6ebaad4dc5e46f14cec4531f69f1e78b419631a4f80fc75e54cbd5942a35b8b2831
-
Filesize
72KB
MD58b469b60af71d4f0331b32f8fce7101c
SHA17ae25ec963ac677a8d79bec06a5439385056f30b
SHA256675019b6c32a96986fdbdef8ffd0efb014aa0f7909161f7fc9cc065e60f30d5a
SHA512f6909fec0936b81afe1b74a33070ac3f104d0ba0b673459216addc2c0d77086acaccd46306254921b2edd03497cef3f649cc466a22271c8bf87992024befda05
-
Filesize
72KB
MD58b469b60af71d4f0331b32f8fce7101c
SHA17ae25ec963ac677a8d79bec06a5439385056f30b
SHA256675019b6c32a96986fdbdef8ffd0efb014aa0f7909161f7fc9cc065e60f30d5a
SHA512f6909fec0936b81afe1b74a33070ac3f104d0ba0b673459216addc2c0d77086acaccd46306254921b2edd03497cef3f649cc466a22271c8bf87992024befda05
-
Filesize
72KB
MD527bf7f44161c0071b06ae20bc352c575
SHA1698c2764838e9bf38d75a40ff007ff73fe5a2625
SHA256245b663ee0ef73edd046878dd6a13ce74600388a4ac6ff923307e001f2df8f88
SHA51200d42f1bce7df3d1f0b82a066636b5af6e0892096e69760caf829e49ce1bdadcf262f08837ef7b969e0f298f4eb95d7313a5e82d87ec7a27459153549c859a04
-
Filesize
72KB
MD527bf7f44161c0071b06ae20bc352c575
SHA1698c2764838e9bf38d75a40ff007ff73fe5a2625
SHA256245b663ee0ef73edd046878dd6a13ce74600388a4ac6ff923307e001f2df8f88
SHA51200d42f1bce7df3d1f0b82a066636b5af6e0892096e69760caf829e49ce1bdadcf262f08837ef7b969e0f298f4eb95d7313a5e82d87ec7a27459153549c859a04
-
Filesize
72KB
MD5adaa3f3702582f26615d5e89e2a657c4
SHA18d3e0ba6f075254783644dfa7ae9c9344d0bebb8
SHA256bd0c573038eb12e933fccf589721ce798a51217b8b5c3e58043dbe7386df7502
SHA51276e0a342556a200c5567bdd8ca3312ca427fb4bbc749f9c4eddcfa50e5660a9aa61b5d97b27f5e5081166abb4fcc20076b2ac89b2a7dcc0c812327d2c24ada61
-
Filesize
72KB
MD5adaa3f3702582f26615d5e89e2a657c4
SHA18d3e0ba6f075254783644dfa7ae9c9344d0bebb8
SHA256bd0c573038eb12e933fccf589721ce798a51217b8b5c3e58043dbe7386df7502
SHA51276e0a342556a200c5567bdd8ca3312ca427fb4bbc749f9c4eddcfa50e5660a9aa61b5d97b27f5e5081166abb4fcc20076b2ac89b2a7dcc0c812327d2c24ada61
-
Filesize
72KB
MD58b469b60af71d4f0331b32f8fce7101c
SHA17ae25ec963ac677a8d79bec06a5439385056f30b
SHA256675019b6c32a96986fdbdef8ffd0efb014aa0f7909161f7fc9cc065e60f30d5a
SHA512f6909fec0936b81afe1b74a33070ac3f104d0ba0b673459216addc2c0d77086acaccd46306254921b2edd03497cef3f649cc466a22271c8bf87992024befda05
-
Filesize
72KB
MD58b469b60af71d4f0331b32f8fce7101c
SHA17ae25ec963ac677a8d79bec06a5439385056f30b
SHA256675019b6c32a96986fdbdef8ffd0efb014aa0f7909161f7fc9cc065e60f30d5a
SHA512f6909fec0936b81afe1b74a33070ac3f104d0ba0b673459216addc2c0d77086acaccd46306254921b2edd03497cef3f649cc466a22271c8bf87992024befda05
-
Filesize
72KB
MD5adaa3f3702582f26615d5e89e2a657c4
SHA18d3e0ba6f075254783644dfa7ae9c9344d0bebb8
SHA256bd0c573038eb12e933fccf589721ce798a51217b8b5c3e58043dbe7386df7502
SHA51276e0a342556a200c5567bdd8ca3312ca427fb4bbc749f9c4eddcfa50e5660a9aa61b5d97b27f5e5081166abb4fcc20076b2ac89b2a7dcc0c812327d2c24ada61
-
Filesize
72KB
MD5adaa3f3702582f26615d5e89e2a657c4
SHA18d3e0ba6f075254783644dfa7ae9c9344d0bebb8
SHA256bd0c573038eb12e933fccf589721ce798a51217b8b5c3e58043dbe7386df7502
SHA51276e0a342556a200c5567bdd8ca3312ca427fb4bbc749f9c4eddcfa50e5660a9aa61b5d97b27f5e5081166abb4fcc20076b2ac89b2a7dcc0c812327d2c24ada61
-
Filesize
72KB
MD5adaa3f3702582f26615d5e89e2a657c4
SHA18d3e0ba6f075254783644dfa7ae9c9344d0bebb8
SHA256bd0c573038eb12e933fccf589721ce798a51217b8b5c3e58043dbe7386df7502
SHA51276e0a342556a200c5567bdd8ca3312ca427fb4bbc749f9c4eddcfa50e5660a9aa61b5d97b27f5e5081166abb4fcc20076b2ac89b2a7dcc0c812327d2c24ada61
-
Filesize
72KB
MD5adaa3f3702582f26615d5e89e2a657c4
SHA18d3e0ba6f075254783644dfa7ae9c9344d0bebb8
SHA256bd0c573038eb12e933fccf589721ce798a51217b8b5c3e58043dbe7386df7502
SHA51276e0a342556a200c5567bdd8ca3312ca427fb4bbc749f9c4eddcfa50e5660a9aa61b5d97b27f5e5081166abb4fcc20076b2ac89b2a7dcc0c812327d2c24ada61
-
Filesize
72KB
MD5ed4a40eef81eff25c45431790a7ee28a
SHA1eafc090be71533db6ad1f2a88b1cbc5c7d653701
SHA256bd6feb5a2f6c0cce7968e3f1928b000cf1e1b0144b04bd51c4eb000c5af33cb3
SHA512b3aa77c7f91b61e7cb9d737a96a546588405cfd969e1b882b42dbb1fe2361050f95cc9c95d4b9c3ee71a2040871b53df0cee3f3a939676d9a5578204715fc01d
-
Filesize
72KB
MD5ed4a40eef81eff25c45431790a7ee28a
SHA1eafc090be71533db6ad1f2a88b1cbc5c7d653701
SHA256bd6feb5a2f6c0cce7968e3f1928b000cf1e1b0144b04bd51c4eb000c5af33cb3
SHA512b3aa77c7f91b61e7cb9d737a96a546588405cfd969e1b882b42dbb1fe2361050f95cc9c95d4b9c3ee71a2040871b53df0cee3f3a939676d9a5578204715fc01d
-
Filesize
72KB
MD5ed4a40eef81eff25c45431790a7ee28a
SHA1eafc090be71533db6ad1f2a88b1cbc5c7d653701
SHA256bd6feb5a2f6c0cce7968e3f1928b000cf1e1b0144b04bd51c4eb000c5af33cb3
SHA512b3aa77c7f91b61e7cb9d737a96a546588405cfd969e1b882b42dbb1fe2361050f95cc9c95d4b9c3ee71a2040871b53df0cee3f3a939676d9a5578204715fc01d
-
Filesize
72KB
MD5ed4a40eef81eff25c45431790a7ee28a
SHA1eafc090be71533db6ad1f2a88b1cbc5c7d653701
SHA256bd6feb5a2f6c0cce7968e3f1928b000cf1e1b0144b04bd51c4eb000c5af33cb3
SHA512b3aa77c7f91b61e7cb9d737a96a546588405cfd969e1b882b42dbb1fe2361050f95cc9c95d4b9c3ee71a2040871b53df0cee3f3a939676d9a5578204715fc01d
-
Filesize
72KB
MD5ed4a40eef81eff25c45431790a7ee28a
SHA1eafc090be71533db6ad1f2a88b1cbc5c7d653701
SHA256bd6feb5a2f6c0cce7968e3f1928b000cf1e1b0144b04bd51c4eb000c5af33cb3
SHA512b3aa77c7f91b61e7cb9d737a96a546588405cfd969e1b882b42dbb1fe2361050f95cc9c95d4b9c3ee71a2040871b53df0cee3f3a939676d9a5578204715fc01d
-
Filesize
72KB
MD5ed4a40eef81eff25c45431790a7ee28a
SHA1eafc090be71533db6ad1f2a88b1cbc5c7d653701
SHA256bd6feb5a2f6c0cce7968e3f1928b000cf1e1b0144b04bd51c4eb000c5af33cb3
SHA512b3aa77c7f91b61e7cb9d737a96a546588405cfd969e1b882b42dbb1fe2361050f95cc9c95d4b9c3ee71a2040871b53df0cee3f3a939676d9a5578204715fc01d
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD561b6c22df86e7d7dc6281158d20f9ae1
SHA1a86483c78f81536840d7939db4a1754bb3a2d5f0
SHA25635db8c7b0beb2ffaae49a5b852260214a6938e4cd0fcf866f521b7aa105dfaee
SHA512548786d6cbce0124ffb196d3d6282cdf199da0906f97aeedfc699e33b824c2af5062546f84c273a62c65c978892dd725bd0a85a706c1eae0b55ca9581da15ba5
-
Filesize
72KB
MD5c6176b12d6f2831f6d08b5f88fbeb74d
SHA14437e181fcb34fa98d355b5a939eb5dc20d15f36
SHA256aec8fafe8d71b6fcd335feed255fd828dc3fe56885a2025a8ce5e603fea5ee2f
SHA512a8cf2a5be6369a28c2e45009b659069f69d04b760c7ca99c2e69a3cd852625ea68e1617a08409e96ffb892be47743d5f1fbc829de67d75041781d50c7a6dc090
-
Filesize
72KB
MD5c6176b12d6f2831f6d08b5f88fbeb74d
SHA14437e181fcb34fa98d355b5a939eb5dc20d15f36
SHA256aec8fafe8d71b6fcd335feed255fd828dc3fe56885a2025a8ce5e603fea5ee2f
SHA512a8cf2a5be6369a28c2e45009b659069f69d04b760c7ca99c2e69a3cd852625ea68e1617a08409e96ffb892be47743d5f1fbc829de67d75041781d50c7a6dc090
-
Filesize
72KB
MD58cbf2a7808862687c433f1c3ff1fdfcc
SHA1f9f223fcfbdbac920fb8564a965e55e75647a677
SHA2568d491a418cf4c3c5a9be2d68b1b03762257287eff293a418475e94c25e3636e0
SHA51200194e35b12d364aafa89cb688b1520df36d8b9462134ed86c1f5bbb585db5cf946dcb08ed9d5c91ad61f5517b6b97667612f15f2ad016a5d7dcab390fe7ffaf
-
Filesize
72KB
MD58cbf2a7808862687c433f1c3ff1fdfcc
SHA1f9f223fcfbdbac920fb8564a965e55e75647a677
SHA2568d491a418cf4c3c5a9be2d68b1b03762257287eff293a418475e94c25e3636e0
SHA51200194e35b12d364aafa89cb688b1520df36d8b9462134ed86c1f5bbb585db5cf946dcb08ed9d5c91ad61f5517b6b97667612f15f2ad016a5d7dcab390fe7ffaf
-
Filesize
72KB
MD5b0b610117fab4b7b0b37a48fbcce79a7
SHA165bffc59ab2a2344e73dcddcd89519c7caad4259
SHA25699fe8717e8b0d09649065de907af124d4fedce26c86ec1796d248c6d617848ab
SHA5122131c699aa70888e646c853c0807cd5c7be6cb29a980c6d87d13978dc45393d25b673ccd6e669d3caf875a4a7060cc51ec2d4f1fa9609ab578162f112a8cff1a
-
Filesize
72KB
MD5b0b610117fab4b7b0b37a48fbcce79a7
SHA165bffc59ab2a2344e73dcddcd89519c7caad4259
SHA25699fe8717e8b0d09649065de907af124d4fedce26c86ec1796d248c6d617848ab
SHA5122131c699aa70888e646c853c0807cd5c7be6cb29a980c6d87d13978dc45393d25b673ccd6e669d3caf875a4a7060cc51ec2d4f1fa9609ab578162f112a8cff1a
-
Filesize
72KB
MD5b0b610117fab4b7b0b37a48fbcce79a7
SHA165bffc59ab2a2344e73dcddcd89519c7caad4259
SHA25699fe8717e8b0d09649065de907af124d4fedce26c86ec1796d248c6d617848ab
SHA5122131c699aa70888e646c853c0807cd5c7be6cb29a980c6d87d13978dc45393d25b673ccd6e669d3caf875a4a7060cc51ec2d4f1fa9609ab578162f112a8cff1a
-
Filesize
72KB
MD5b0b610117fab4b7b0b37a48fbcce79a7
SHA165bffc59ab2a2344e73dcddcd89519c7caad4259
SHA25699fe8717e8b0d09649065de907af124d4fedce26c86ec1796d248c6d617848ab
SHA5122131c699aa70888e646c853c0807cd5c7be6cb29a980c6d87d13978dc45393d25b673ccd6e669d3caf875a4a7060cc51ec2d4f1fa9609ab578162f112a8cff1a
-
Filesize
72KB
MD5b0b610117fab4b7b0b37a48fbcce79a7
SHA165bffc59ab2a2344e73dcddcd89519c7caad4259
SHA25699fe8717e8b0d09649065de907af124d4fedce26c86ec1796d248c6d617848ab
SHA5122131c699aa70888e646c853c0807cd5c7be6cb29a980c6d87d13978dc45393d25b673ccd6e669d3caf875a4a7060cc51ec2d4f1fa9609ab578162f112a8cff1a
-
Filesize
72KB
MD5b0b610117fab4b7b0b37a48fbcce79a7
SHA165bffc59ab2a2344e73dcddcd89519c7caad4259
SHA25699fe8717e8b0d09649065de907af124d4fedce26c86ec1796d248c6d617848ab
SHA5122131c699aa70888e646c853c0807cd5c7be6cb29a980c6d87d13978dc45393d25b673ccd6e669d3caf875a4a7060cc51ec2d4f1fa9609ab578162f112a8cff1a
-
Filesize
72KB
MD5b0e31a7d8ca6576631338484b0333fa9
SHA13995ad6ddbce4c434637e967da76a9fc774244d6
SHA256e995465bc70443f2d55dad83c51822e523c94522b004485c54464e3d6da558a5
SHA5121217e2d15cfbe11f777b58731be4bd3dbc087d5e459d03f3b81bab62d3b5ba4c4e62aa495bdcc567e09d04cfd1b0ee15fd07dbd17f2dd3a007c89089e35023ff
-
Filesize
72KB
MD5b0e31a7d8ca6576631338484b0333fa9
SHA13995ad6ddbce4c434637e967da76a9fc774244d6
SHA256e995465bc70443f2d55dad83c51822e523c94522b004485c54464e3d6da558a5
SHA5121217e2d15cfbe11f777b58731be4bd3dbc087d5e459d03f3b81bab62d3b5ba4c4e62aa495bdcc567e09d04cfd1b0ee15fd07dbd17f2dd3a007c89089e35023ff
-
Filesize
72KB
MD5b0e31a7d8ca6576631338484b0333fa9
SHA13995ad6ddbce4c434637e967da76a9fc774244d6
SHA256e995465bc70443f2d55dad83c51822e523c94522b004485c54464e3d6da558a5
SHA5121217e2d15cfbe11f777b58731be4bd3dbc087d5e459d03f3b81bab62d3b5ba4c4e62aa495bdcc567e09d04cfd1b0ee15fd07dbd17f2dd3a007c89089e35023ff
-
Filesize
72KB
MD5b0e31a7d8ca6576631338484b0333fa9
SHA13995ad6ddbce4c434637e967da76a9fc774244d6
SHA256e995465bc70443f2d55dad83c51822e523c94522b004485c54464e3d6da558a5
SHA5121217e2d15cfbe11f777b58731be4bd3dbc087d5e459d03f3b81bab62d3b5ba4c4e62aa495bdcc567e09d04cfd1b0ee15fd07dbd17f2dd3a007c89089e35023ff
-
Filesize
72KB
MD5b0b610117fab4b7b0b37a48fbcce79a7
SHA165bffc59ab2a2344e73dcddcd89519c7caad4259
SHA25699fe8717e8b0d09649065de907af124d4fedce26c86ec1796d248c6d617848ab
SHA5122131c699aa70888e646c853c0807cd5c7be6cb29a980c6d87d13978dc45393d25b673ccd6e669d3caf875a4a7060cc51ec2d4f1fa9609ab578162f112a8cff1a
-
Filesize
72KB
MD5b0b610117fab4b7b0b37a48fbcce79a7
SHA165bffc59ab2a2344e73dcddcd89519c7caad4259
SHA25699fe8717e8b0d09649065de907af124d4fedce26c86ec1796d248c6d617848ab
SHA5122131c699aa70888e646c853c0807cd5c7be6cb29a980c6d87d13978dc45393d25b673ccd6e669d3caf875a4a7060cc51ec2d4f1fa9609ab578162f112a8cff1a
-
Filesize
72KB
MD584a385b4ab9069ac0b45359c6fe9f33b
SHA1121acee6a513434668e0d8d87e89d4350a2e4139
SHA25673422dfe1b3bee83cca8096dbbf6fde590c7f30bc2fdea808a797ca68c5b41a4
SHA512efb7262af1d74da0e5e003987bf1847d832cf38fd1dd29ea611ca40ef2b13b222688129a5c5585f40a59181948a9752f52ca1397c210fd6ecf08a369d153d0e3
-
Filesize
72KB
MD584a385b4ab9069ac0b45359c6fe9f33b
SHA1121acee6a513434668e0d8d87e89d4350a2e4139
SHA25673422dfe1b3bee83cca8096dbbf6fde590c7f30bc2fdea808a797ca68c5b41a4
SHA512efb7262af1d74da0e5e003987bf1847d832cf38fd1dd29ea611ca40ef2b13b222688129a5c5585f40a59181948a9752f52ca1397c210fd6ecf08a369d153d0e3
-
Filesize
72KB
MD5f1325632a7d5629fec2abf8d19af784a
SHA1c77c26e42cd254d87c85312159c9e7cf69dfbd7a
SHA2561fa9809749a16cb26bd562cfe3212d8c3ed1b62fb8fc63a8009eef58beddcfc6
SHA51265333f629326d8464d2db35896ea59554e4741f35a9ca62aa49a0e05efa170074a49ad0afcaebb84772b6761f1d7d0a2311860bb06034993e67751d3fe93f4fb
-
Filesize
72KB
MD5f1325632a7d5629fec2abf8d19af784a
SHA1c77c26e42cd254d87c85312159c9e7cf69dfbd7a
SHA2561fa9809749a16cb26bd562cfe3212d8c3ed1b62fb8fc63a8009eef58beddcfc6
SHA51265333f629326d8464d2db35896ea59554e4741f35a9ca62aa49a0e05efa170074a49ad0afcaebb84772b6761f1d7d0a2311860bb06034993e67751d3fe93f4fb