Analysis
-
max time kernel
183s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
03/10/2022, 06:19
General
-
Target
71fe503021292d2802fbd957c655f47336a14f7c385f40ed74545abfa6a3116a.exe
-
Size
72KB
-
MD5
037408d3b22fce14214d6d55b45b7d3d
-
SHA1
01d8101229729c43cb27b5cea42ef73e8c289644
-
SHA256
71fe503021292d2802fbd957c655f47336a14f7c385f40ed74545abfa6a3116a
-
SHA512
299b72626e66ab573a4e1b8669e83412230bb2605cffb2a9f473b2221da6eb2942e0dce788bf37f55ef9b3651d65ea2a217840050113aea4285f2ee7fed048db
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf25:ipQNwC3BEddsEqOt/hyJF+x3BEJwRr1
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\71fe503021292d2802fbd957c655f47336a14f7c385f40ed74545abfa6a3116a.exe"C:\Users\Admin\AppData\Local\Temp\71fe503021292d2802fbd957c655f47336a14f7c385f40ed74545abfa6a3116a.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2576044659\backup.exeC:\Users\Admin\AppData\Local\Temp\2576044659\backup.exe C:\Users\Admin\AppData\Local\Temp\2576044659\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\data.exe"C:\Program Files\7-Zip\Lang\data.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\System Restore.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\System Restore.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\update.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\update.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\System Restore.exe"C:\Program Files\Common Files\microsoft shared\TextConv\System Restore.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\9⤵
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\es-ES\System Restore.exe"C:\Program Files\Common Files\System\ado\es-ES\System Restore.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\it-IT\update.exe"C:\Program Files\Common Files\System\ado\it-IT\update.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\en-US\data.exe"C:\Program Files\Common Files\System\en-US\data.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\Ole DB\it-IT\data.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\data.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\System Restore.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\System Restore.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Executes dropped EXE
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\9⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\8⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\7⤵
-
-
-
C:\Program Files\Java\jre1.8.0_66\backup.exe"C:\Program Files\Java\jre1.8.0_66\backup.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_66\bin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\update.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\update.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\plugin2\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\server\8⤵
-
-
-
C:\Program Files\Java\jre1.8.0_66\lib\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\amd64\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\lib\applet\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\applet\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\applet\8⤵
-
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
-
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
-
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\8⤵
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\8⤵
-
-
-
C:\Program Files\Microsoft Office\root\fre\backup.exe"C:\Program Files\Microsoft Office\root\fre\backup.exe" C:\Program Files\Microsoft Office\root\fre\7⤵
-
-
-
C:\Program Files\Microsoft Office\Updates\backup.exe"C:\Program Files\Microsoft Office\Updates\backup.exe" C:\Program Files\Microsoft Office\Updates\6⤵
-
-
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
-
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\6⤵
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- System policy modification
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\10⤵
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\10⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\10⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\11⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\11⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\12⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\13⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\update.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\update.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\14⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\14⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\14⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\13⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\14⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\update.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\update.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\14⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\13⤵
-
-
-
-
-
-
-
-
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\data.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\data.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\System Restore.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\System Restore.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Services\System Restore.exe"C:\Program Files (x86)\Common Files\Services\System Restore.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
-
C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\8⤵
-
-
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Internet Explorer\images\backup.exe"C:\Program Files (x86)\Internet Explorer\images\backup.exe" C:\Program Files (x86)\Internet Explorer\images\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
-
-
-
C:\Program Files (x86)\Microsoft\data.exe"C:\Program Files (x86)\Microsoft\data.exe" C:\Program Files (x86)\Microsoft\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- System policy modification
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- System policy modification
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- System policy modification
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
-
-
C:\Users\Admin\Pictures\Saved Pictures\System Restore.exe"C:\Users\Admin\Pictures\Saved Pictures\System Restore.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- System policy modification
-
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
- System policy modification
-
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
-
-
C:\Windows\appcompat\Programs\data.exeC:\Windows\appcompat\Programs\data.exe C:\Windows\appcompat\Programs\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
-
-
-
C:\Windows\AppReadiness\backup.exeC:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\5⤵
- Disables RegEdit via registry modification
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\1⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\1⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5b67be6700d4738ab5ed9e671d1f51ad5
SHA1fb132098f92e429bf84e6d88cf62bb8b48694384
SHA25627194668d1f7beb540139a819498ac6863a6476483f84a462d4803a6ec40bab7
SHA5127fdbe2e7d2aa0071cf8873d913a997f4d4d2f4d5441918ed1df4c3e913f566b4b6217900b8a6f3537d7508d1f0ebef271e9b4203dba4e40cf4d4c2f28d535fb0
-
Filesize
72KB
MD5b67be6700d4738ab5ed9e671d1f51ad5
SHA1fb132098f92e429bf84e6d88cf62bb8b48694384
SHA25627194668d1f7beb540139a819498ac6863a6476483f84a462d4803a6ec40bab7
SHA5127fdbe2e7d2aa0071cf8873d913a997f4d4d2f4d5441918ed1df4c3e913f566b4b6217900b8a6f3537d7508d1f0ebef271e9b4203dba4e40cf4d4c2f28d535fb0
-
Filesize
72KB
MD561c005aca0c7ec551ebfad7a620455f4
SHA19cad656860c67dc76b90e1e0a6143c1573e67d32
SHA2569401ebd20025fd3b84f81c64d2871e4ef76387347963b2605f81e83aafd18e9e
SHA512d5392a32eb4b3702a957930d9af8ea99c931424f068b7ed5d58e6bc4a2749424809f20ba531280dfcf0660b4153aa9ed1f1f843b2a803dd90a0075ffb7b0d363
-
Filesize
72KB
MD561c005aca0c7ec551ebfad7a620455f4
SHA19cad656860c67dc76b90e1e0a6143c1573e67d32
SHA2569401ebd20025fd3b84f81c64d2871e4ef76387347963b2605f81e83aafd18e9e
SHA512d5392a32eb4b3702a957930d9af8ea99c931424f068b7ed5d58e6bc4a2749424809f20ba531280dfcf0660b4153aa9ed1f1f843b2a803dd90a0075ffb7b0d363
-
Filesize
72KB
MD535a0e7097bff8d93bb883a030d0ef98e
SHA17571d16ce49dc6b59ffacfeb39449c6b5e9f8090
SHA256845c2b1e3c8331d3d8c7417d32f705608a9e1598161edd461f81a4627aab4fd5
SHA512f06f69f98eeb5f8cb481a8db88c9680360c1f0127c2e088696c2bc4c18acb1f8f041572578b98844965b3d770d73b09ea91abca6a55a4f3ea675600df547b5e7
-
Filesize
72KB
MD535a0e7097bff8d93bb883a030d0ef98e
SHA17571d16ce49dc6b59ffacfeb39449c6b5e9f8090
SHA256845c2b1e3c8331d3d8c7417d32f705608a9e1598161edd461f81a4627aab4fd5
SHA512f06f69f98eeb5f8cb481a8db88c9680360c1f0127c2e088696c2bc4c18acb1f8f041572578b98844965b3d770d73b09ea91abca6a55a4f3ea675600df547b5e7
-
Filesize
72KB
MD5fedea783935b34708adb9e347755ec41
SHA18a24c020fda92bbb078225744e013f3f06fc74a2
SHA2564d1067c3c740cdb8a5d15cf55a0abd61685dd6038f75ca1e452ecd7c009b8fb0
SHA512c4d0a4cdc6bdb4c1e16ee41e6ac2ace23fe3786290bb8589536b80a2b7d59a4e941213e36616071d4d09090f255aabca04533dfeaba9da7f1a858b19edb7f1aa
-
Filesize
72KB
MD5fedea783935b34708adb9e347755ec41
SHA18a24c020fda92bbb078225744e013f3f06fc74a2
SHA2564d1067c3c740cdb8a5d15cf55a0abd61685dd6038f75ca1e452ecd7c009b8fb0
SHA512c4d0a4cdc6bdb4c1e16ee41e6ac2ace23fe3786290bb8589536b80a2b7d59a4e941213e36616071d4d09090f255aabca04533dfeaba9da7f1a858b19edb7f1aa
-
Filesize
72KB
MD5eb8ed7b5bbd000a9c98d0fe28ecad7f7
SHA1d5eef16741c91e6d42ff7e4323bb575d9e5fee7a
SHA256c789544967190203926a84946ff267e277f6e62ad95b05dd7e87d99f0ec989e2
SHA512c1a1b59e55017ba2de673a6ca79a0901b8ccb034e185694c738cd8f692fe1dd46a1cf8aba688da559c028e32f4086464ae7ea3306397132c38d1a77ece52660b
-
Filesize
72KB
MD5eb8ed7b5bbd000a9c98d0fe28ecad7f7
SHA1d5eef16741c91e6d42ff7e4323bb575d9e5fee7a
SHA256c789544967190203926a84946ff267e277f6e62ad95b05dd7e87d99f0ec989e2
SHA512c1a1b59e55017ba2de673a6ca79a0901b8ccb034e185694c738cd8f692fe1dd46a1cf8aba688da559c028e32f4086464ae7ea3306397132c38d1a77ece52660b
-
Filesize
72KB
MD5c6546132cce23dbfb5c3cacb9de9d6b6
SHA1a30c9edada3f4a0f9590b6734f6867eaefca0ee8
SHA2567859a1638e1c4f144fa4cee76b77d734ec7599bf726c6da6c30d6f80c8f7f39b
SHA5129305653160ba8141aaf37b1696f3a6bc666f577c61f6c7f460a7950597097c3dae7212bdbec7a0105400029c38d8c9535b0c82c5bdb77818b060760bc1181520
-
Filesize
72KB
MD5c6546132cce23dbfb5c3cacb9de9d6b6
SHA1a30c9edada3f4a0f9590b6734f6867eaefca0ee8
SHA2567859a1638e1c4f144fa4cee76b77d734ec7599bf726c6da6c30d6f80c8f7f39b
SHA5129305653160ba8141aaf37b1696f3a6bc666f577c61f6c7f460a7950597097c3dae7212bdbec7a0105400029c38d8c9535b0c82c5bdb77818b060760bc1181520
-
Filesize
72KB
MD5e6abe92dcb00236696a39df57d257f0a
SHA1b3f15f1db3703fd7d4872d4b182da1eecde5ee41
SHA256c5386430c0428a0321b5aaafcc15e58bfbc86ce413d6906c151d46d2b2b40e32
SHA5127efc00dbc1acf54f8f3e77d3a1e70c9874a8bf42ae328f28ff134879a60e91794133e3d777352f71b930b0f21a402a7540d06d54ab8fb0c1b290634596ac10a2
-
Filesize
72KB
MD5e6abe92dcb00236696a39df57d257f0a
SHA1b3f15f1db3703fd7d4872d4b182da1eecde5ee41
SHA256c5386430c0428a0321b5aaafcc15e58bfbc86ce413d6906c151d46d2b2b40e32
SHA5127efc00dbc1acf54f8f3e77d3a1e70c9874a8bf42ae328f28ff134879a60e91794133e3d777352f71b930b0f21a402a7540d06d54ab8fb0c1b290634596ac10a2
-
Filesize
72KB
MD541c586942f4effdf2f0b26d4a32ce72d
SHA13c766fddb667daf0fe1087ef535ffeca41190757
SHA25699d03564a83d308ceaa55314432d1ff2609ebb84339f561bd7a545b1a901bc49
SHA512aaf03794574d4351e6c1b131ae74e7cc208601794b2376707185644063df87e713789c681365af4b995a4a369c01c68a04ba3b0ba189cb3fedeeafefc509133b
-
Filesize
72KB
MD541c586942f4effdf2f0b26d4a32ce72d
SHA13c766fddb667daf0fe1087ef535ffeca41190757
SHA25699d03564a83d308ceaa55314432d1ff2609ebb84339f561bd7a545b1a901bc49
SHA512aaf03794574d4351e6c1b131ae74e7cc208601794b2376707185644063df87e713789c681365af4b995a4a369c01c68a04ba3b0ba189cb3fedeeafefc509133b
-
Filesize
72KB
MD54d6c965f9af2e9e9b1fdc4d00514f9f6
SHA16eca6cbea6a1f4f4b388537cfa1b11ab8b62488c
SHA256c91a018427e73bfc955557e3e67db4c21c50f1aa3c9930533aaddb8e591f97ca
SHA5125c84a4c1235619f6936bd1c8c6216d4d84f7ffa2adc3d698797a98e7b42206037a8b65f97d61993082db5fb8bd807c2167e2c148e86a91fecf2926390cbd86d7
-
Filesize
72KB
MD54d6c965f9af2e9e9b1fdc4d00514f9f6
SHA16eca6cbea6a1f4f4b388537cfa1b11ab8b62488c
SHA256c91a018427e73bfc955557e3e67db4c21c50f1aa3c9930533aaddb8e591f97ca
SHA5125c84a4c1235619f6936bd1c8c6216d4d84f7ffa2adc3d698797a98e7b42206037a8b65f97d61993082db5fb8bd807c2167e2c148e86a91fecf2926390cbd86d7
-
Filesize
72KB
MD5e96e9bbe6f85c10cfd99f6939e1b9790
SHA1bfdf54b4008882f8845feab15c901b3626cb8ab3
SHA2561a67d8629687dada683bc6858deb7f547bb347e820e113c61ad3267bd3ffd271
SHA512353e8e0ede09d31b4a733fdd60e7235e6b63065170aebec9df0222e4549b471ac20024dcf777dd7fd1fc04a6161768f6b0b36b5285a971c7b3dc7a72b31d51d9
-
Filesize
72KB
MD5e96e9bbe6f85c10cfd99f6939e1b9790
SHA1bfdf54b4008882f8845feab15c901b3626cb8ab3
SHA2561a67d8629687dada683bc6858deb7f547bb347e820e113c61ad3267bd3ffd271
SHA512353e8e0ede09d31b4a733fdd60e7235e6b63065170aebec9df0222e4549b471ac20024dcf777dd7fd1fc04a6161768f6b0b36b5285a971c7b3dc7a72b31d51d9
-
Filesize
72KB
MD5954e8cc76493bea44916f89bb342f2e9
SHA1006b9d163056f45b5d4cdf8466b88f220841c891
SHA2565087e88763ad346c8cf25ea6928b3543159edefd16363287af2ebf4fe266122d
SHA51266ffba4817143e432049d3821a482ce0eae962a274162b644fc35edbe1d2f6bd22911f131aaa7bf803993621bf6f87e6fce82c433b7107e420921ac6abd29954
-
Filesize
72KB
MD5954e8cc76493bea44916f89bb342f2e9
SHA1006b9d163056f45b5d4cdf8466b88f220841c891
SHA2565087e88763ad346c8cf25ea6928b3543159edefd16363287af2ebf4fe266122d
SHA51266ffba4817143e432049d3821a482ce0eae962a274162b644fc35edbe1d2f6bd22911f131aaa7bf803993621bf6f87e6fce82c433b7107e420921ac6abd29954
-
Filesize
72KB
MD5c816f2b6e8b7557133d8626fd6d32bf2
SHA14e4cc89d05703cf361b5eb2d26a2f8fc685ba791
SHA2564cf52c089153249db066de3d2e3b25e637b9907ac4908e157b693b29c7057e1a
SHA512d67965e7b3772d3a41caa0a608587495c5453738b0a1c91129fd7f7d6877d6388352937c698a1329e161b8ceecc2145ec3b4350b286b2e3e36480d3385ab40cb
-
Filesize
72KB
MD5c816f2b6e8b7557133d8626fd6d32bf2
SHA14e4cc89d05703cf361b5eb2d26a2f8fc685ba791
SHA2564cf52c089153249db066de3d2e3b25e637b9907ac4908e157b693b29c7057e1a
SHA512d67965e7b3772d3a41caa0a608587495c5453738b0a1c91129fd7f7d6877d6388352937c698a1329e161b8ceecc2145ec3b4350b286b2e3e36480d3385ab40cb
-
Filesize
72KB
MD597464c6b8f4046a4ef5983fff2a430a7
SHA1d7b9e0391b1c1cfc926d5053d5ce50cb77331bd0
SHA256accf44f57205849f1abab09fdc19ce472d7fc301b85603e5bc3fec7dafff61ed
SHA5127bd7d9e10073aeb07d2cc08f00d76233a3286a42a4ee415d751493de9476c6e3bd09721f7bf1eda90d074acf00b190b0589560aed05a5ccec15ebfa76fdb1e52
-
Filesize
72KB
MD597464c6b8f4046a4ef5983fff2a430a7
SHA1d7b9e0391b1c1cfc926d5053d5ce50cb77331bd0
SHA256accf44f57205849f1abab09fdc19ce472d7fc301b85603e5bc3fec7dafff61ed
SHA5127bd7d9e10073aeb07d2cc08f00d76233a3286a42a4ee415d751493de9476c6e3bd09721f7bf1eda90d074acf00b190b0589560aed05a5ccec15ebfa76fdb1e52
-
Filesize
72KB
MD5e6abe92dcb00236696a39df57d257f0a
SHA1b3f15f1db3703fd7d4872d4b182da1eecde5ee41
SHA256c5386430c0428a0321b5aaafcc15e58bfbc86ce413d6906c151d46d2b2b40e32
SHA5127efc00dbc1acf54f8f3e77d3a1e70c9874a8bf42ae328f28ff134879a60e91794133e3d777352f71b930b0f21a402a7540d06d54ab8fb0c1b290634596ac10a2
-
Filesize
72KB
MD5e6abe92dcb00236696a39df57d257f0a
SHA1b3f15f1db3703fd7d4872d4b182da1eecde5ee41
SHA256c5386430c0428a0321b5aaafcc15e58bfbc86ce413d6906c151d46d2b2b40e32
SHA5127efc00dbc1acf54f8f3e77d3a1e70c9874a8bf42ae328f28ff134879a60e91794133e3d777352f71b930b0f21a402a7540d06d54ab8fb0c1b290634596ac10a2
-
Filesize
72KB
MD50887ead0e254e1e6154078996418fda7
SHA1a608453dc36aa6c3d3c84b00f9a7a12ac4ad838c
SHA2567c115a6e108d19db9b02f8241e77e8a5f3396cb88dd65ba4922ffed48485bf52
SHA51246c35e93e6c7828705cabb99140a2420b9dc5c2c89ecdd9ffbe5e00bff0c19319750875662029403fdb2ea43deaabc90920e8137cc9261748b51c9d5e137133c
-
Filesize
72KB
MD50887ead0e254e1e6154078996418fda7
SHA1a608453dc36aa6c3d3c84b00f9a7a12ac4ad838c
SHA2567c115a6e108d19db9b02f8241e77e8a5f3396cb88dd65ba4922ffed48485bf52
SHA51246c35e93e6c7828705cabb99140a2420b9dc5c2c89ecdd9ffbe5e00bff0c19319750875662029403fdb2ea43deaabc90920e8137cc9261748b51c9d5e137133c
-
Filesize
72KB
MD5954e8cc76493bea44916f89bb342f2e9
SHA1006b9d163056f45b5d4cdf8466b88f220841c891
SHA2565087e88763ad346c8cf25ea6928b3543159edefd16363287af2ebf4fe266122d
SHA51266ffba4817143e432049d3821a482ce0eae962a274162b644fc35edbe1d2f6bd22911f131aaa7bf803993621bf6f87e6fce82c433b7107e420921ac6abd29954
-
Filesize
72KB
MD5954e8cc76493bea44916f89bb342f2e9
SHA1006b9d163056f45b5d4cdf8466b88f220841c891
SHA2565087e88763ad346c8cf25ea6928b3543159edefd16363287af2ebf4fe266122d
SHA51266ffba4817143e432049d3821a482ce0eae962a274162b644fc35edbe1d2f6bd22911f131aaa7bf803993621bf6f87e6fce82c433b7107e420921ac6abd29954
-
Filesize
72KB
MD5b5900b45bbe6f26db899d7f952e68561
SHA169af93b5237b6cc7ef5506f53c5e96ad8e0c255e
SHA25641a0ed25563b8d8330161cf7f5454735ebdd1128ae3a4ceac51d7f36711a9e70
SHA5121334c9e373596040f94265fae8ae92aa2faa355dc83af5df77c88272d8507bb3ac01c87ca0a2257a300809db248038cbe8c3ac849687d684cf0c67367a1bb67a
-
Filesize
72KB
MD5b5900b45bbe6f26db899d7f952e68561
SHA169af93b5237b6cc7ef5506f53c5e96ad8e0c255e
SHA25641a0ed25563b8d8330161cf7f5454735ebdd1128ae3a4ceac51d7f36711a9e70
SHA5121334c9e373596040f94265fae8ae92aa2faa355dc83af5df77c88272d8507bb3ac01c87ca0a2257a300809db248038cbe8c3ac849687d684cf0c67367a1bb67a
-
Filesize
72KB
MD50d8ddcdf6968139ca11c0189e02ef3af
SHA193eb881c996e4455897da8d8ae351a2bf67f9417
SHA256314ee499cc210a9a0e71985df2d96a34044bcb197836025a12b69b894b686682
SHA51290763e6e920c38e49b1a05f97b5d87ae33c2c0d897e048619f543e22725d876367306c3c4c90b4a646b68bb897c28a7c0d36a9de0a2329ebb7d69cabe11fca58
-
Filesize
72KB
MD50d8ddcdf6968139ca11c0189e02ef3af
SHA193eb881c996e4455897da8d8ae351a2bf67f9417
SHA256314ee499cc210a9a0e71985df2d96a34044bcb197836025a12b69b894b686682
SHA51290763e6e920c38e49b1a05f97b5d87ae33c2c0d897e048619f543e22725d876367306c3c4c90b4a646b68bb897c28a7c0d36a9de0a2329ebb7d69cabe11fca58
-
Filesize
72KB
MD539bd3e5062b3a4d880ca5050bd2223c1
SHA16168e228921ef0c10a026557e9ff796006cd20a0
SHA256f00d89ec60916d3980311bd2291f5e7d03326038ce9d76175a82b541af0fedd0
SHA5125fad0238d7e4192408e7ddc6effd73f9f09cdc3535d3cca0873a1795497a3ba7953d510847881781bfa396fae7c44f76de531674d42985c284f727baa84d5132
-
Filesize
72KB
MD539bd3e5062b3a4d880ca5050bd2223c1
SHA16168e228921ef0c10a026557e9ff796006cd20a0
SHA256f00d89ec60916d3980311bd2291f5e7d03326038ce9d76175a82b541af0fedd0
SHA5125fad0238d7e4192408e7ddc6effd73f9f09cdc3535d3cca0873a1795497a3ba7953d510847881781bfa396fae7c44f76de531674d42985c284f727baa84d5132
-
Filesize
72KB
MD55b8cffec6288b445e4ac978792edce32
SHA10ae1618654cbbcf89036cf035745211f1c859852
SHA25675cd6f208a3ec0ef7835c85b811d77643d3298ca23ce59c1cfeac4096360cb19
SHA5123fe3640962f57b958a4864406e1a3b7144deded092eb72f987a1ead7aa2bb1ed2f359ce18bd136fa753b76e04b89f034dcedac23e24640ecfcecfefa3ef75c9f
-
Filesize
72KB
MD55b8cffec6288b445e4ac978792edce32
SHA10ae1618654cbbcf89036cf035745211f1c859852
SHA25675cd6f208a3ec0ef7835c85b811d77643d3298ca23ce59c1cfeac4096360cb19
SHA5123fe3640962f57b958a4864406e1a3b7144deded092eb72f987a1ead7aa2bb1ed2f359ce18bd136fa753b76e04b89f034dcedac23e24640ecfcecfefa3ef75c9f
-
Filesize
72KB
MD57a1226cd6a24235c93d4df7913c21ca0
SHA15bc671bfad6a5fb3e4e77ab5903323035e44f4b0
SHA256e115332deb8dc56cd207534bf2d50e6eff668e60320734126c29851371f2dd80
SHA5127d7494b2d74dbb9be154c46e9eafb812a8e24fb880d1d1f80fc5587ba3819a880262d48eab793b82bc315fd82b9309cedfe12fad285b87d1aaab0e140d4c14eb
-
Filesize
72KB
MD57a1226cd6a24235c93d4df7913c21ca0
SHA15bc671bfad6a5fb3e4e77ab5903323035e44f4b0
SHA256e115332deb8dc56cd207534bf2d50e6eff668e60320734126c29851371f2dd80
SHA5127d7494b2d74dbb9be154c46e9eafb812a8e24fb880d1d1f80fc5587ba3819a880262d48eab793b82bc315fd82b9309cedfe12fad285b87d1aaab0e140d4c14eb
-
Filesize
72KB
MD569da635cb2950b478d7d2ae4c0c6df73
SHA1e893b3179752afc728388fc371eb27cab2442bae
SHA256c03c5f191a19b4a3ee40a5d5cf737a5eb3104a2548dc7d05f7da4c6cb46900e2
SHA51219df8d20cbf85de9bb452e7c0a0315f53e8ea7ac2f5dd346cb626bdcc74703dc2913ad2325bbeb5f7f88477662b50508b51e82b9135a75e3bcb7a5a29322f77e
-
Filesize
72KB
MD569da635cb2950b478d7d2ae4c0c6df73
SHA1e893b3179752afc728388fc371eb27cab2442bae
SHA256c03c5f191a19b4a3ee40a5d5cf737a5eb3104a2548dc7d05f7da4c6cb46900e2
SHA51219df8d20cbf85de9bb452e7c0a0315f53e8ea7ac2f5dd346cb626bdcc74703dc2913ad2325bbeb5f7f88477662b50508b51e82b9135a75e3bcb7a5a29322f77e
-
Filesize
72KB
MD5b67be6700d4738ab5ed9e671d1f51ad5
SHA1fb132098f92e429bf84e6d88cf62bb8b48694384
SHA25627194668d1f7beb540139a819498ac6863a6476483f84a462d4803a6ec40bab7
SHA5127fdbe2e7d2aa0071cf8873d913a997f4d4d2f4d5441918ed1df4c3e913f566b4b6217900b8a6f3537d7508d1f0ebef271e9b4203dba4e40cf4d4c2f28d535fb0
-
Filesize
72KB
MD5b67be6700d4738ab5ed9e671d1f51ad5
SHA1fb132098f92e429bf84e6d88cf62bb8b48694384
SHA25627194668d1f7beb540139a819498ac6863a6476483f84a462d4803a6ec40bab7
SHA5127fdbe2e7d2aa0071cf8873d913a997f4d4d2f4d5441918ed1df4c3e913f566b4b6217900b8a6f3537d7508d1f0ebef271e9b4203dba4e40cf4d4c2f28d535fb0
-
Filesize
72KB
MD5e2423520368b91122de60093eb8a7da5
SHA108a058a7e4938e7b92e6f72b5c1fca5261c8826f
SHA256830172b8a5180b3d4dbbd19f4840ad10a6d55f1573e283da95ef33d2f3b96454
SHA51200e3eb73cc13bcd1074b1310017db4139daf1159ef81cc14357cc12ede395c201118cd9083c5ea4005bd25365c578f36eb005cb880f48206c08e170a1cce80f9
-
Filesize
72KB
MD5e2423520368b91122de60093eb8a7da5
SHA108a058a7e4938e7b92e6f72b5c1fca5261c8826f
SHA256830172b8a5180b3d4dbbd19f4840ad10a6d55f1573e283da95ef33d2f3b96454
SHA51200e3eb73cc13bcd1074b1310017db4139daf1159ef81cc14357cc12ede395c201118cd9083c5ea4005bd25365c578f36eb005cb880f48206c08e170a1cce80f9
-
Filesize
72KB
MD59daa7a25f0c64fc302109d9a216e10a5
SHA125f4c74dae79e6d8cb96963848ea6ad07e71e564
SHA256d4c5bb24b3e5083e8e1a1195985a87492c66f1258e8c55828392032736cd6c2f
SHA512b6827c4f6f3a46575fb2838a0cc8176d670d76440c1c445fb22561c2fa6ed5e331aa09861a28863c7f54de85daff92b35212ffdc5ca24d8e4397b4206eaf6f4c
-
Filesize
72KB
MD59daa7a25f0c64fc302109d9a216e10a5
SHA125f4c74dae79e6d8cb96963848ea6ad07e71e564
SHA256d4c5bb24b3e5083e8e1a1195985a87492c66f1258e8c55828392032736cd6c2f
SHA512b6827c4f6f3a46575fb2838a0cc8176d670d76440c1c445fb22561c2fa6ed5e331aa09861a28863c7f54de85daff92b35212ffdc5ca24d8e4397b4206eaf6f4c
-
Filesize
72KB
MD59daa7a25f0c64fc302109d9a216e10a5
SHA125f4c74dae79e6d8cb96963848ea6ad07e71e564
SHA256d4c5bb24b3e5083e8e1a1195985a87492c66f1258e8c55828392032736cd6c2f
SHA512b6827c4f6f3a46575fb2838a0cc8176d670d76440c1c445fb22561c2fa6ed5e331aa09861a28863c7f54de85daff92b35212ffdc5ca24d8e4397b4206eaf6f4c
-
Filesize
72KB
MD59daa7a25f0c64fc302109d9a216e10a5
SHA125f4c74dae79e6d8cb96963848ea6ad07e71e564
SHA256d4c5bb24b3e5083e8e1a1195985a87492c66f1258e8c55828392032736cd6c2f
SHA512b6827c4f6f3a46575fb2838a0cc8176d670d76440c1c445fb22561c2fa6ed5e331aa09861a28863c7f54de85daff92b35212ffdc5ca24d8e4397b4206eaf6f4c
-
Filesize
72KB
MD59daa7a25f0c64fc302109d9a216e10a5
SHA125f4c74dae79e6d8cb96963848ea6ad07e71e564
SHA256d4c5bb24b3e5083e8e1a1195985a87492c66f1258e8c55828392032736cd6c2f
SHA512b6827c4f6f3a46575fb2838a0cc8176d670d76440c1c445fb22561c2fa6ed5e331aa09861a28863c7f54de85daff92b35212ffdc5ca24d8e4397b4206eaf6f4c
-
Filesize
72KB
MD59daa7a25f0c64fc302109d9a216e10a5
SHA125f4c74dae79e6d8cb96963848ea6ad07e71e564
SHA256d4c5bb24b3e5083e8e1a1195985a87492c66f1258e8c55828392032736cd6c2f
SHA512b6827c4f6f3a46575fb2838a0cc8176d670d76440c1c445fb22561c2fa6ed5e331aa09861a28863c7f54de85daff92b35212ffdc5ca24d8e4397b4206eaf6f4c
-
Filesize
72KB
MD5e2423520368b91122de60093eb8a7da5
SHA108a058a7e4938e7b92e6f72b5c1fca5261c8826f
SHA256830172b8a5180b3d4dbbd19f4840ad10a6d55f1573e283da95ef33d2f3b96454
SHA51200e3eb73cc13bcd1074b1310017db4139daf1159ef81cc14357cc12ede395c201118cd9083c5ea4005bd25365c578f36eb005cb880f48206c08e170a1cce80f9
-
Filesize
72KB
MD5e2423520368b91122de60093eb8a7da5
SHA108a058a7e4938e7b92e6f72b5c1fca5261c8826f
SHA256830172b8a5180b3d4dbbd19f4840ad10a6d55f1573e283da95ef33d2f3b96454
SHA51200e3eb73cc13bcd1074b1310017db4139daf1159ef81cc14357cc12ede395c201118cd9083c5ea4005bd25365c578f36eb005cb880f48206c08e170a1cce80f9
-
Filesize
72KB
MD59daa7a25f0c64fc302109d9a216e10a5
SHA125f4c74dae79e6d8cb96963848ea6ad07e71e564
SHA256d4c5bb24b3e5083e8e1a1195985a87492c66f1258e8c55828392032736cd6c2f
SHA512b6827c4f6f3a46575fb2838a0cc8176d670d76440c1c445fb22561c2fa6ed5e331aa09861a28863c7f54de85daff92b35212ffdc5ca24d8e4397b4206eaf6f4c
-
Filesize
72KB
MD59daa7a25f0c64fc302109d9a216e10a5
SHA125f4c74dae79e6d8cb96963848ea6ad07e71e564
SHA256d4c5bb24b3e5083e8e1a1195985a87492c66f1258e8c55828392032736cd6c2f
SHA512b6827c4f6f3a46575fb2838a0cc8176d670d76440c1c445fb22561c2fa6ed5e331aa09861a28863c7f54de85daff92b35212ffdc5ca24d8e4397b4206eaf6f4c
-
Filesize
72KB
MD505373ec59cf1762d235bd2d90aa8fc97
SHA1d354af190e132ca0ae52664fc9ecb2aa38be36bf
SHA2560799d478b73703327f7eb2b60be5f4c007de934c953f441344ec28339f2e2c15
SHA512b747be26e180a332400b7133ee5e0d6d1829859fbe4eb862b0525f426268958ee4f8cc420831d77dd635be49ae4629a3edbfe46bac7038fdd461ecedb24e656b
-
Filesize
72KB
MD505373ec59cf1762d235bd2d90aa8fc97
SHA1d354af190e132ca0ae52664fc9ecb2aa38be36bf
SHA2560799d478b73703327f7eb2b60be5f4c007de934c953f441344ec28339f2e2c15
SHA512b747be26e180a332400b7133ee5e0d6d1829859fbe4eb862b0525f426268958ee4f8cc420831d77dd635be49ae4629a3edbfe46bac7038fdd461ecedb24e656b
-
Filesize
72KB
MD5b25bf0904513df512dacba1f880a258f
SHA13e90e66a4d8a5be0ba83736a46ffab5e0604bafd
SHA256d72ff4d7bc8356e9b6b1e89b89c79f5731cc8afef7b3b672c16907123c3b2c9b
SHA512bd404ca6cefd731522c5594b6a5115a86e47bfdc45db2fd9737c2031a8eb48c603ba908ff3fdc92499792a9c05a505e2e524ea63d77fa341e1f0e89a77c3103a
-
Filesize
72KB
MD5b25bf0904513df512dacba1f880a258f
SHA13e90e66a4d8a5be0ba83736a46ffab5e0604bafd
SHA256d72ff4d7bc8356e9b6b1e89b89c79f5731cc8afef7b3b672c16907123c3b2c9b
SHA512bd404ca6cefd731522c5594b6a5115a86e47bfdc45db2fd9737c2031a8eb48c603ba908ff3fdc92499792a9c05a505e2e524ea63d77fa341e1f0e89a77c3103a
-
Filesize
72KB
MD5b67be6700d4738ab5ed9e671d1f51ad5
SHA1fb132098f92e429bf84e6d88cf62bb8b48694384
SHA25627194668d1f7beb540139a819498ac6863a6476483f84a462d4803a6ec40bab7
SHA5127fdbe2e7d2aa0071cf8873d913a997f4d4d2f4d5441918ed1df4c3e913f566b4b6217900b8a6f3537d7508d1f0ebef271e9b4203dba4e40cf4d4c2f28d535fb0
-
Filesize
72KB
MD5b67be6700d4738ab5ed9e671d1f51ad5
SHA1fb132098f92e429bf84e6d88cf62bb8b48694384
SHA25627194668d1f7beb540139a819498ac6863a6476483f84a462d4803a6ec40bab7
SHA5127fdbe2e7d2aa0071cf8873d913a997f4d4d2f4d5441918ed1df4c3e913f566b4b6217900b8a6f3537d7508d1f0ebef271e9b4203dba4e40cf4d4c2f28d535fb0