Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8ed5a80f48...a7.exe

windows7-x64

10

8ed5a80f48...a7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    208s
  • max time network
    209s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ed5a80f48044a9dc8e53ae925986661fa0f1d387b568971dcb23cfdf77d06a7.exe

  • Size

    72KB

  • MD5

    02f43a1a807967963f2050a73ce816b6

  • SHA1

    7d00a84adcb2a5ad5434c3744164687041146aa6

  • SHA256

    8ed5a80f48044a9dc8e53ae925986661fa0f1d387b568971dcb23cfdf77d06a7

  • SHA512

    a108f23c8249a1a443ff21cf06b071eaea37e8c9d50a0209d380c28603205fa75c5d53acd2322fc772279847b38f3dab65ed15fb818bddb4fbb64f5cef68ab07

  • SSDEEP

    384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2v:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrP7

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
    evasion
  • Disables RegEdit via registry modification 64 IoCs
    evasion
  • Executes dropped EXE 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 64 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ed5a80f48044a9dc8e53ae925986661fa0f1d387b568971dcb23cfdf77d06a7.exe
    "C:\Users\Admin\AppData\Local\Temp\8ed5a80f48044a9dc8e53ae925986661fa0f1d387b568971dcb23cfdf77d06a7.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:4772
    • C:\Users\Admin\AppData\Local\Temp\1833319251\backup.exe
      C:\Users\Admin\AppData\Local\Temp\1833319251\backup.exe C:\Users\Admin\AppData\Local\Temp\1833319251\
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1188
      • C:\backup.exe
        \backup.exe \
        3⤵
        • Disables RegEdit via registry modification
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:4324
        • C:\odt\backup.exe
          C:\odt\backup.exe C:\odt\
          4⤵
          • Modifies visibility of file extensions in Explorer
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:2680
        • C:\PerfLogs\backup.exe
          C:\PerfLogs\backup.exe C:\PerfLogs\
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:1664
        • C:\Program Files\backup.exe
          "C:\Program Files\backup.exe" C:\Program Files\
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2768
          • C:\Program Files\7-Zip\backup.exe
            "C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
            5⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:1040
            • C:\Program Files\7-Zip\Lang\backup.exe
              "C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
              6⤵
              • Modifies visibility of file extensions in Explorer
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:4456
          • C:\Program Files\Common Files\data.exe
            "C:\Program Files\Common Files\data.exe" C:\Program Files\Common Files\
            5⤵
            • Modifies visibility of file extensions in Explorer
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1960
            • C:\Program Files\Common Files\DESIGNER\backup.exe
              "C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:2112
            • C:\Program Files\Common Files\microsoft shared\backup.exe
              "C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\
              6⤵
              • Modifies visibility of file extensions in Explorer
              • Executes dropped EXE
              • Drops file in Program Files directory
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:832
              • C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe
                "C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\
                7⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:176
              • C:\Program Files\Common Files\microsoft shared\ink\backup.exe
                "C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\
                7⤵
                • Modifies visibility of file extensions in Explorer
                • Executes dropped EXE
                • Drops file in Program Files directory
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:4616
                • C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:2372
                • C:\Program Files\Common Files\microsoft shared\ink\bg-BG\update.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\bg-BG\update.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:2880
                • C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1732
                • C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\
                  8⤵
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:3180
                • C:\Program Files\Common Files\microsoft shared\ink\de-DE\update.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\de-DE\update.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:4100
                • C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\
                  8⤵
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:3516
                • C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:3528
                • C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:360
                • C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:4116
                • C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1316
                • C:\Program Files\Common Files\microsoft shared\ink\et-EE\System Restore.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\et-EE\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:3756
                • C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:3888
                • C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • System policy modification
                  PID:3728
                • C:\Program Files\Common Files\microsoft shared\ink\fr-FR\data.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\fr-FR\data.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\
                  8⤵
                  • Disables RegEdit via registry modification
                  PID:2580
                • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe
                  "C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\
                  8⤵
                  • Drops file in Program Files directory
                  • System policy modification
                  PID:3800
                  • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\data.exe
                    "C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\data.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\
                    9⤵
                      PID:2348
                    • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe
                      "C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\
                      9⤵
                        PID:1400
                      • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe
                        "C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\
                        9⤵
                        • Disables RegEdit via registry modification
                        • System policy modification
                        PID:2744
                      • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe
                        "C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\
                        9⤵
                        • Disables RegEdit via registry modification
                        PID:2540
                      • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe
                        "C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\
                        9⤵
                        • Modifies visibility of file extensions in Explorer
                        • Disables RegEdit via registry modification
                        • System policy modification
                        PID:4548
                      • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe
                        "C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\
                        9⤵
                          PID:2112
                        • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe
                          "C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\
                          9⤵
                          • Disables RegEdit via registry modification
                          PID:4100
                        • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe
                          "C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\
                          9⤵
                          • Disables RegEdit via registry modification
                          PID:4052
                        • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe
                          "C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\
                          9⤵
                            PID:2272
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe
                            "C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\
                            9⤵
                            • Modifies visibility of file extensions in Explorer
                            PID:520
                        • C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe
                          "C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\
                          8⤵
                          • Disables RegEdit via registry modification
                          PID:3416
                        • C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe
                          "C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\
                          8⤵
                          • Modifies visibility of file extensions in Explorer
                          PID:1472
                        • C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe
                          "C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\
                          8⤵
                          • System policy modification
                          PID:2904
                        • C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe
                          "C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\
                          8⤵
                            PID:3220
                          • C:\Program Files\Common Files\microsoft shared\ink\hu-HU\System Restore.exe
                            "C:\Program Files\Common Files\microsoft shared\ink\hu-HU\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\
                            8⤵
                            • Modifies visibility of file extensions in Explorer
                            PID:2180
                          • C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe
                            "C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\
                            8⤵
                            • Modifies visibility of file extensions in Explorer
                            PID:5012
                          • C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe
                            "C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\
                            8⤵
                            • Modifies visibility of file extensions in Explorer
                            PID:1304
                          • C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe
                            "C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\
                            8⤵
                              PID:1956
                            • C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\
                              8⤵
                              • Disables RegEdit via registry modification
                              PID:4548
                          • C:\Program Files\Common Files\microsoft shared\MSInfo\update.exe
                            "C:\Program Files\Common Files\microsoft shared\MSInfo\update.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\
                            7⤵
                            • Disables RegEdit via registry modification
                            • Executes dropped EXE
                            • Drops file in Program Files directory
                            • Suspicious use of SetWindowsHookEx
                            PID:4700
                            • C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\
                              8⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:3632
                            • C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\
                              8⤵
                              • Modifies visibility of file extensions in Explorer
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:3032
                            • C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\
                              8⤵
                              • Modifies visibility of file extensions in Explorer
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              • System policy modification
                              PID:3608
                            • C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\
                              8⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:3548
                            • C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\
                              8⤵
                              • Disables RegEdit via registry modification
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              • System policy modification
                              PID:3000
                            • C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\update.exe
                              "C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\update.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\
                              8⤵
                              • Modifies visibility of file extensions in Explorer
                              • Disables RegEdit via registry modification
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:1120
                          • C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe
                            "C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\
                            7⤵
                            • Modifies visibility of file extensions in Explorer
                            • Executes dropped EXE
                            PID:4804
                            • C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\
                              8⤵
                                PID:1864
                            • C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\
                              7⤵
                              • Modifies visibility of file extensions in Explorer
                              • Disables RegEdit via registry modification
                              • System policy modification
                              PID:4356
                            • C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\
                              7⤵
                              • Modifies visibility of file extensions in Explorer
                              PID:1268
                            • C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\
                              7⤵
                              • Disables RegEdit via registry modification
                              • System policy modification
                              PID:4472
                            • C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\
                              7⤵
                              • Disables RegEdit via registry modification
                              • Drops file in Program Files directory
                              PID:1652
                              • C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe
                                "C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\
                                8⤵
                                • Modifies visibility of file extensions in Explorer
                                PID:4104
                            • C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\
                              7⤵
                              • Drops file in Program Files directory
                              • System policy modification
                              PID:4480
                            • C:\Program Files\Common Files\microsoft shared\VC\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\
                              7⤵
                              • Modifies visibility of file extensions in Explorer
                              • System policy modification
                              PID:3060
                            • C:\Program Files\Common Files\microsoft shared\VGX\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\
                              7⤵
                              • Disables RegEdit via registry modification
                              • System policy modification
                              PID:3824
                            • C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe
                              "C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\
                              7⤵
                                PID:548
                                • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe
                                  "C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\
                                  8⤵
                                  • Modifies visibility of file extensions in Explorer
                                  PID:2500
                            • C:\Program Files\Common Files\Services\backup.exe
                              "C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\
                              6⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:4244
                            • C:\Program Files\Common Files\System\backup.exe
                              "C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\
                              6⤵
                              • Modifies visibility of file extensions in Explorer
                              • Executes dropped EXE
                              • Drops file in Program Files directory
                              • Suspicious use of SetWindowsHookEx
                              • System policy modification
                              PID:1656
                              • C:\Program Files\Common Files\System\ado\backup.exe
                                "C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\
                                7⤵
                                • Modifies visibility of file extensions in Explorer
                                • Disables RegEdit via registry modification
                                • Executes dropped EXE
                                • Drops file in Program Files directory
                                • Suspicious use of SetWindowsHookEx
                                PID:1668
                                • C:\Program Files\Common Files\System\ado\de-DE\backup.exe
                                  "C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\
                                  8⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  PID:3008
                                • C:\Program Files\Common Files\System\ado\en-US\backup.exe
                                  "C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\
                                  8⤵
                                  • Modifies visibility of file extensions in Explorer
                                  • Disables RegEdit via registry modification
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  • System policy modification
                                  PID:5052
                                • C:\Program Files\Common Files\System\ado\fr-FR\backup.exe
                                  "C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\
                                  8⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2472
                                • C:\Program Files\Common Files\System\ado\it-IT\backup.exe
                                  "C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\
                                  8⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2372
                                • C:\Program Files\Common Files\System\ado\ja-JP\System Restore.exe
                                  "C:\Program Files\Common Files\System\ado\ja-JP\System Restore.exe" C:\Program Files\Common Files\System\ado\ja-JP\
                                  8⤵
                                  • System policy modification
                                  PID:4652
                                • C:\Program Files\Common Files\System\ado\es-ES\backup.exe
                                  "C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\
                                  8⤵
                                  • Modifies visibility of file extensions in Explorer
                                  • Disables RegEdit via registry modification
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  PID:1460
                              • C:\Program Files\Common Files\System\de-DE\backup.exe
                                "C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\
                                7⤵
                                • Modifies visibility of file extensions in Explorer
                                PID:1404
                              • C:\Program Files\Common Files\System\en-US\backup.exe
                                "C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\
                                7⤵
                                • Disables RegEdit via registry modification
                                PID:2004
                              • C:\Program Files\Common Files\System\es-ES\backup.exe
                                "C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\
                                7⤵
                                • System policy modification
                                PID:3060
                              • C:\Program Files\Common Files\System\fr-FR\update.exe
                                "C:\Program Files\Common Files\System\fr-FR\update.exe" C:\Program Files\Common Files\System\fr-FR\
                                7⤵
                                • System policy modification
                                PID:3164
                              • C:\Program Files\Common Files\System\it-IT\backup.exe
                                "C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\
                                7⤵
                                • Disables RegEdit via registry modification
                                PID:4044
                              • C:\Program Files\Common Files\System\ja-JP\backup.exe
                                "C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\
                                7⤵
                                • Modifies visibility of file extensions in Explorer
                                • System policy modification
                                PID:4880
                              • C:\Program Files\Common Files\System\msadc\backup.exe
                                "C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\
                                7⤵
                                • Drops file in Program Files directory
                                PID:1460
                                • C:\Program Files\Common Files\System\msadc\en-US\backup.exe
                                  "C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\
                                  8⤵
                                  • Disables RegEdit via registry modification
                                  PID:1488
                                • C:\Program Files\Common Files\System\msadc\es-ES\backup.exe
                                  "C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\
                                  8⤵
                                    PID:4404
                                  • C:\Program Files\Common Files\System\msadc\de-DE\backup.exe
                                    "C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\
                                    8⤵
                                    • Modifies visibility of file extensions in Explorer
                                    • System policy modification
                                    PID:2124
                                  • C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe
                                    "C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\
                                    8⤵
                                    • Modifies visibility of file extensions in Explorer
                                    • System policy modification
                                    PID:1400
                                  • C:\Program Files\Common Files\System\msadc\it-IT\backup.exe
                                    "C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\
                                    8⤵
                                      PID:3492
                                    • C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe
                                      "C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\
                                      8⤵
                                      • Modifies visibility of file extensions in Explorer
                                      • Disables RegEdit via registry modification
                                      • System policy modification
                                      PID:3048
                                  • C:\Program Files\Common Files\System\Ole DB\backup.exe
                                    "C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\
                                    7⤵
                                    • Modifies visibility of file extensions in Explorer
                                    • Drops file in Program Files directory
                                    • System policy modification
                                    PID:1920
                              • C:\Program Files\Google\System Restore.exe
                                "C:\Program Files\Google\System Restore.exe" C:\Program Files\Google\
                                5⤵
                                • Executes dropped EXE
                                • Drops file in Program Files directory
                                • Suspicious use of SetWindowsHookEx
                                PID:4576
                                • C:\Program Files\Google\Chrome\backup.exe
                                  "C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\
                                  6⤵
                                  • Executes dropped EXE
                                  • Drops file in Program Files directory
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4820
                                  • C:\Program Files\Google\Chrome\Application\backup.exe
                                    "C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\
                                    7⤵
                                    • Executes dropped EXE
                                    • Drops file in Program Files directory
                                    • Suspicious use of SetWindowsHookEx
                                    PID:4284
                                    • C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe
                                      "C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\
                                      8⤵
                                      • Executes dropped EXE
                                      • Drops file in Program Files directory
                                      • Suspicious use of SetWindowsHookEx
                                      • System policy modification
                                      PID:1544
                                      • C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe
                                        "C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\
                                        9⤵
                                        • Modifies visibility of file extensions in Explorer
                                        • Executes dropped EXE
                                        • Suspicious use of SetWindowsHookEx
                                        PID:852
                                      • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe
                                        "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\
                                        9⤵
                                        • Modifies visibility of file extensions in Explorer
                                        • Executes dropped EXE
                                        • Suspicious use of SetWindowsHookEx
                                        PID:4296
                                      • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe
                                        "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\
                                        9⤵
                                        • Executes dropped EXE
                                        • Suspicious use of SetWindowsHookEx
                                        PID:4124
                                      • C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe
                                        "C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\
                                        9⤵
                                        • Modifies visibility of file extensions in Explorer
                                        • Disables RegEdit via registry modification
                                        • Executes dropped EXE
                                        • Suspicious use of SetWindowsHookEx
                                        • System policy modification
                                        PID:3748
                                      • C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe
                                        "C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\
                                        9⤵
                                        • System policy modification
                                        PID:4216
                                      • C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe
                                        "C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\
                                        9⤵
                                        • Modifies visibility of file extensions in Explorer
                                        PID:4956
                                      • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe
                                        "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\
                                        9⤵
                                        • Executes dropped EXE
                                        • Suspicious use of SetWindowsHookEx
                                        PID:792
                                      • C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe
                                        "C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\
                                        9⤵
                                          PID:4392
                                          • C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\System Restore.exe
                                            "C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\
                                            10⤵
                                            • Modifies visibility of file extensions in Explorer
                                            PID:3824
                                            • C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe
                                              "C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\
                                              11⤵
                                              • System policy modification
                                              PID:1456
                                      • C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe
                                        "C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\
                                        8⤵
                                        • Disables RegEdit via registry modification
                                        • System policy modification
                                        PID:4360
                                • C:\Program Files\Internet Explorer\backup.exe
                                  "C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\
                                  5⤵
                                  • Drops file in Program Files directory
                                  PID:4068
                                  • C:\Program Files\Internet Explorer\de-DE\backup.exe
                                    "C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\
                                    6⤵
                                    • Disables RegEdit via registry modification
                                    PID:2292
                                  • C:\Program Files\Internet Explorer\fr-FR\backup.exe
                                    "C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\
                                    6⤵
                                      PID:4800
                                    • C:\Program Files\Internet Explorer\es-ES\backup.exe
                                      "C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\
                                      6⤵
                                        PID:4040
                                      • C:\Program Files\Internet Explorer\en-US\backup.exe
                                        "C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\
                                        6⤵
                                        • System policy modification
                                        PID:3000
                                      • C:\Program Files\Internet Explorer\images\backup.exe
                                        "C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\
                                        6⤵
                                        • Modifies visibility of file extensions in Explorer
                                        • Disables RegEdit via registry modification
                                        • System policy modification
                                        PID:3724
                                      • C:\Program Files\Internet Explorer\it-IT\backup.exe
                                        "C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\
                                        6⤵
                                          PID:4212
                                        • C:\Program Files\Internet Explorer\ja-JP\backup.exe
                                          "C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\
                                          6⤵
                                          • Modifies visibility of file extensions in Explorer
                                          PID:1800
                                        • C:\Program Files\Internet Explorer\SIGNUP\backup.exe
                                          "C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\
                                          6⤵
                                          • System policy modification
                                          PID:3488
                                      • C:\Program Files\Java\backup.exe
                                        "C:\Program Files\Java\backup.exe" C:\Program Files\Java\
                                        5⤵
                                          PID:2316
                                          • C:\Program Files\Java\jdk1.8.0_66\backup.exe
                                            "C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\
                                            6⤵
                                              PID:4380
                                        • C:\Program Files (x86)\backup.exe
                                          "C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\
                                          4⤵
                                          • Modifies visibility of file extensions in Explorer
                                          • Disables RegEdit via registry modification
                                          • Executes dropped EXE
                                          • Drops file in Program Files directory
                                          • Suspicious use of SetWindowsHookEx
                                          • System policy modification
                                          PID:4608
                                          • C:\Program Files (x86)\Adobe\backup.exe
                                            "C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\
                                            5⤵
                                            • Modifies visibility of file extensions in Explorer
                                            • Executes dropped EXE
                                            • Drops file in Program Files directory
                                            • Suspicious use of SetWindowsHookEx
                                            PID:4448
                                            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe
                                              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\
                                              6⤵
                                              • Executes dropped EXE
                                              • Drops file in Program Files directory
                                              • Suspicious use of SetWindowsHookEx
                                              PID:3484
                                              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe
                                                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\
                                                7⤵
                                                • Modifies visibility of file extensions in Explorer
                                                • Disables RegEdit via registry modification
                                                • Executes dropped EXE
                                                • Suspicious use of SetWindowsHookEx
                                                • System policy modification
                                                PID:4260
                                              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe
                                                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\
                                                7⤵
                                                • Executes dropped EXE
                                                • Drops file in Program Files directory
                                                • Suspicious use of SetWindowsHookEx
                                                • System policy modification
                                                PID:800
                                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe
                                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\
                                                  8⤵
                                                  • Modifies visibility of file extensions in Explorer
                                                  • Executes dropped EXE
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2180
                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe
                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\
                                                    9⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:728
                                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe
                                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\
                                                  8⤵
                                                  • Disables RegEdit via registry modification
                                                  • System policy modification
                                                  PID:764
                                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe
                                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\
                                                  8⤵
                                                  • Disables RegEdit via registry modification
                                                  • Executes dropped EXE
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2216
                                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe
                                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\
                                                  8⤵
                                                  • System policy modification
                                                  PID:2196
                                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe
                                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\
                                                  8⤵
                                                    PID:4152
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\data.exe
                                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\
                                                      9⤵
                                                        PID:1492
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\data.exe
                                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\
                                                      8⤵
                                                      • Modifies visibility of file extensions in Explorer
                                                      • System policy modification
                                                      PID:4060
                                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe
                                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\
                                                        9⤵
                                                        • Modifies visibility of file extensions in Explorer
                                                        • Disables RegEdit via registry modification
                                                        PID:2224
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe
                                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\
                                                      8⤵
                                                        PID:4280
                                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe
                                                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\
                                                          9⤵
                                                          • Modifies visibility of file extensions in Explorer
                                                          • Disables RegEdit via registry modification
                                                          PID:1988
                                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\data.exe
                                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\
                                                        8⤵
                                                        • Modifies visibility of file extensions in Explorer
                                                        PID:1000
                                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe
                                                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\
                                                          9⤵
                                                          • Disables RegEdit via registry modification
                                                          PID:1296
                                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe
                                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\
                                                        8⤵
                                                        • Modifies visibility of file extensions in Explorer
                                                        • System policy modification
                                                        PID:2772
                                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe
                                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\
                                                        8⤵
                                                        • Disables RegEdit via registry modification
                                                        • Drops file in Program Files directory
                                                        PID:1664
                                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\update.exe
                                                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\
                                                          9⤵
                                                          • Modifies visibility of file extensions in Explorer
                                                          • Drops file in Program Files directory
                                                          PID:780
                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe
                                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\
                                                            10⤵
                                                            • Modifies visibility of file extensions in Explorer
                                                            PID:1512
                                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe
                                                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\
                                                          9⤵
                                                          • Disables RegEdit via registry modification
                                                          PID:4112
                                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\data.exe
                                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\
                                                        8⤵
                                                        • Modifies visibility of file extensions in Explorer
                                                        • Drops file in Program Files directory
                                                        PID:4744
                                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe
                                                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\
                                                          9⤵
                                                            PID:3576
                                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe
                                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\
                                                        7⤵
                                                        • Drops file in Program Files directory
                                                        PID:3228
                                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe
                                                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\
                                                          8⤵
                                                          • Modifies visibility of file extensions in Explorer
                                                          • Drops file in Program Files directory
                                                          • System policy modification
                                                          PID:3320
                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe
                                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\
                                                            9⤵
                                                              PID:4124
                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe
                                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\
                                                            8⤵
                                                            • Modifies visibility of file extensions in Explorer
                                                            • System policy modification
                                                            PID:4328
                                                            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe
                                                              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\
                                                              9⤵
                                                              • Disables RegEdit via registry modification
                                                              • Drops file in Program Files directory
                                                              • System policy modification
                                                              PID:4796
                                                              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe
                                                                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\
                                                                10⤵
                                                                  PID:3164
                                                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe
                                                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\
                                                                  10⤵
                                                                  • Disables RegEdit via registry modification
                                                                  • Drops file in Program Files directory
                                                                  PID:3240
                                                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\update.exe
                                                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\
                                                                    11⤵
                                                                      PID:480
                                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe
                                                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\
                                                                      11⤵
                                                                      • Disables RegEdit via registry modification
                                                                      PID:3504
                                                              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe
                                                                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\
                                                                8⤵
                                                                • Modifies visibility of file extensions in Explorer
                                                                • Disables RegEdit via registry modification
                                                                PID:3748
                                                            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe
                                                              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\
                                                              7⤵
                                                              • System policy modification
                                                              PID:2904
                                                        • C:\Program Files (x86)\Common Files\backup.exe
                                                          "C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\
                                                          5⤵
                                                          • Disables RegEdit via registry modification
                                                          • Drops file in Program Files directory
                                                          PID:4304
                                                          • C:\Program Files (x86)\Common Files\Adobe\backup.exe
                                                            "C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\
                                                            6⤵
                                                            • Modifies visibility of file extensions in Explorer
                                                            • Drops file in Program Files directory
                                                            PID:1152
                                                            • C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe
                                                              "C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\
                                                              7⤵
                                                                PID:1356
                                                                • C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe
                                                                  "C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\
                                                                  8⤵
                                                                  • Disables RegEdit via registry modification
                                                                  • System policy modification
                                                                  PID:4756
                                                              • C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe
                                                                "C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\
                                                                7⤵
                                                                • Modifies visibility of file extensions in Explorer
                                                                • Disables RegEdit via registry modification
                                                                PID:3420
                                                              • C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe
                                                                "C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\
                                                                7⤵
                                                                • Modifies visibility of file extensions in Explorer
                                                                PID:1912
                                                              • C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe
                                                                "C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\
                                                                7⤵
                                                                • Disables RegEdit via registry modification
                                                                PID:4524
                                                                • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe
                                                                  "C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\
                                                                  8⤵
                                                                    PID:1416
                                                                    • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe
                                                                      "C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\
                                                                      9⤵
                                                                        PID:940
                                                                • C:\Program Files (x86)\Common Files\Java\backup.exe
                                                                  "C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\
                                                                  6⤵
                                                                  • Disables RegEdit via registry modification
                                                                  PID:3896
                                                              • C:\Program Files (x86)\Google\backup.exe
                                                                "C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\
                                                                5⤵
                                                                • Modifies visibility of file extensions in Explorer
                                                                • System policy modification
                                                                PID:3852
                                                            • C:\Users\backup.exe
                                                              C:\Users\backup.exe C:\Users\
                                                              4⤵
                                                              • System policy modification
                                                              PID:3032
                                                              • C:\Users\Admin\backup.exe
                                                                C:\Users\Admin\backup.exe C:\Users\Admin\
                                                                5⤵
                                                                • Modifies visibility of file extensions in Explorer
                                                                • System policy modification
                                                                PID:4688
                                                                • C:\Users\Admin\3D Objects\backup.exe
                                                                  "C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\
                                                                  6⤵
                                                                  • System policy modification
                                                                  PID:4780
                                                                • C:\Users\Admin\Contacts\backup.exe
                                                                  C:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\
                                                                  6⤵
                                                                    PID:3424
                                                                  • C:\Users\Admin\Desktop\backup.exe
                                                                    C:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\
                                                                    6⤵
                                                                      PID:5108
                                                                    • C:\Users\Admin\Documents\update.exe
                                                                      C:\Users\Admin\Documents\update.exe C:\Users\Admin\Documents\
                                                                      6⤵
                                                                        PID:3968
                                                                      • C:\Users\Admin\Downloads\backup.exe
                                                                        C:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\
                                                                        6⤵
                                                                        • Modifies visibility of file extensions in Explorer
                                                                        PID:2120
                                                                      • C:\Users\Admin\Favorites\backup.exe
                                                                        C:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\
                                                                        6⤵
                                                                          PID:1480
                                                                        • C:\Users\Admin\Links\backup.exe
                                                                          C:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\
                                                                          6⤵
                                                                          • Disables RegEdit via registry modification
                                                                          PID:628
                                                                        • C:\Users\Admin\Music\backup.exe
                                                                          C:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\
                                                                          6⤵
                                                                          • Modifies visibility of file extensions in Explorer
                                                                          • Disables RegEdit via registry modification
                                                                          PID:2580
                                                                      • C:\Users\Public\backup.exe
                                                                        C:\Users\Public\backup.exe C:\Users\Public\
                                                                        5⤵
                                                                        • Modifies visibility of file extensions in Explorer
                                                                        PID:3536
                                                                    • C:\Windows\backup.exe
                                                                      C:\Windows\backup.exe C:\Windows\
                                                                      4⤵
                                                                      • Drops file in Windows directory
                                                                      PID:3624
                                                                • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:4152
                                                                • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  • System policy modification
                                                                  PID:1340
                                                                • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:2124
                                                                • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                                                                  "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\
                                                                  2⤵
                                                                  • Disables RegEdit via registry modification
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:376
                                                                • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
                                                                  "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\
                                                                  2⤵
                                                                  • Disables RegEdit via registry modification
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:1536
                                                                • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  • System policy modification
                                                                  PID:3716
                                                              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe
                                                                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:3420
                                                                • C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe
                                                                  "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\
                                                                  2⤵
                                                                  • Disables RegEdit via registry modification
                                                                  PID:4200
                                                              • C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe
                                                                "C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\
                                                                1⤵
                                                                  PID:4492

                                                                Network

                                                                MITRE ATT&CK Enterprise v6

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\PerfLogs\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  18feb709bd29764f3cc0c27484d6cc03

                                                                  SHA1

                                                                  7b912af793bcac124b3885d808d175ddfc6fa645

                                                                  SHA256

                                                                  62dfe5d25b5bc7f54e8cc02dcd4afe0642ca2e4d8324b77c6de665fbd164b4ad

                                                                  SHA512

                                                                  da2a4ceeef726c3e1d890b1e9eba9a1954d135957d625ea1960179de3bb913651ff430d186fc98e4d903bc8afca3ddbb48f6f9441328cd1a786256f9f12730b4

                                                                  Download Submit

                                                                • C:\PerfLogs\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  18feb709bd29764f3cc0c27484d6cc03

                                                                  SHA1

                                                                  7b912af793bcac124b3885d808d175ddfc6fa645

                                                                  SHA256

                                                                  62dfe5d25b5bc7f54e8cc02dcd4afe0642ca2e4d8324b77c6de665fbd164b4ad

                                                                  SHA512

                                                                  da2a4ceeef726c3e1d890b1e9eba9a1954d135957d625ea1960179de3bb913651ff430d186fc98e4d903bc8afca3ddbb48f6f9441328cd1a786256f9f12730b4

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Adobe\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  a97b8bffed44500ac7f2fb89b5b5c1f8

                                                                  SHA1

                                                                  4a6081d4a59ad67e2f0304bf2c478badaf7a9114

                                                                  SHA256

                                                                  553090fa40587446f0d0356c347174c516bcf4b7a0a2e080da0332fdc2240fcd

                                                                  SHA512

                                                                  f0effa54fcc5609e4eec6b1576ee7425d4609e557bd45db11b5748655b0d928107682f697f011e5a310e3f921c3cfdf931b046518c382c918a1443ebe4f91fb2

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Adobe\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  a97b8bffed44500ac7f2fb89b5b5c1f8

                                                                  SHA1

                                                                  4a6081d4a59ad67e2f0304bf2c478badaf7a9114

                                                                  SHA256

                                                                  553090fa40587446f0d0356c347174c516bcf4b7a0a2e080da0332fdc2240fcd

                                                                  SHA512

                                                                  f0effa54fcc5609e4eec6b1576ee7425d4609e557bd45db11b5748655b0d928107682f697f011e5a310e3f921c3cfdf931b046518c382c918a1443ebe4f91fb2

                                                                  Download Submit

                                                                • C:\Program Files (x86)\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  20834f53770a0d8a7a731ee4775f5510

                                                                  SHA1

                                                                  120ce3c7ad7a6968035cf1f779880f8b43d3bdf0

                                                                  SHA256

                                                                  e4add00edea1a39e78d5ec61349cdb0c1537bafa6f571bc6ce00f5b16a7a93e2

                                                                  SHA512

                                                                  a91e24754ddfee34a6d9fd512f887fa95da67aee23936212e74adb428108067df15179165ad1860a1f3cd985e9253d80d469c2abcbe50a76645596f3289b1191

                                                                  Download Submit

                                                                • C:\Program Files (x86)\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  20834f53770a0d8a7a731ee4775f5510

                                                                  SHA1

                                                                  120ce3c7ad7a6968035cf1f779880f8b43d3bdf0

                                                                  SHA256

                                                                  e4add00edea1a39e78d5ec61349cdb0c1537bafa6f571bc6ce00f5b16a7a93e2

                                                                  SHA512

                                                                  a91e24754ddfee34a6d9fd512f887fa95da67aee23936212e74adb428108067df15179165ad1860a1f3cd985e9253d80d469c2abcbe50a76645596f3289b1191

                                                                  Download Submit

                                                                • C:\Program Files\7-Zip\Lang\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  a0b9f09b410d2ec32856d0937fddcdb1

                                                                  SHA1

                                                                  50bcb170a18e00296867328975becf64e8e77076

                                                                  SHA256

                                                                  055b4e187259cd04058aa838278b85565410ed22f4eb49137da3cbf5d6407a14

                                                                  SHA512

                                                                  2bf5c9dc2a71870e16d5428a06e3114625c7090e6d514ec4eed4870b3e79eef0d9ffaa5e2b2ae1591eff0deffab21a392022bbf7a327d2a91f44c343b244ab3d

                                                                  Download Submit

                                                                • C:\Program Files\7-Zip\Lang\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  a0b9f09b410d2ec32856d0937fddcdb1

                                                                  SHA1

                                                                  50bcb170a18e00296867328975becf64e8e77076

                                                                  SHA256

                                                                  055b4e187259cd04058aa838278b85565410ed22f4eb49137da3cbf5d6407a14

                                                                  SHA512

                                                                  2bf5c9dc2a71870e16d5428a06e3114625c7090e6d514ec4eed4870b3e79eef0d9ffaa5e2b2ae1591eff0deffab21a392022bbf7a327d2a91f44c343b244ab3d

                                                                  Download Submit

                                                                • C:\Program Files\7-Zip\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  46c6afc72b231d0fbca9c94558b06f39

                                                                  SHA1

                                                                  54639577046711c691ef113ed3970c77fa0644d5

                                                                  SHA256

                                                                  a69b62b3b61f6a469c82b0b9e27bb717b3b426d67c731faa3023f074f2e1ab6b

                                                                  SHA512

                                                                  6e82d06843f86dbbc7c0a77dfc1231aeef563575663c95b1673b96d60eb1be67d19dd411b3e256173a4da02e8ae6cb41016d79328fbd7ed19a053c3428a14d73

                                                                  Download Submit

                                                                • C:\Program Files\7-Zip\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  46c6afc72b231d0fbca9c94558b06f39

                                                                  SHA1

                                                                  54639577046711c691ef113ed3970c77fa0644d5

                                                                  SHA256

                                                                  a69b62b3b61f6a469c82b0b9e27bb717b3b426d67c731faa3023f074f2e1ab6b

                                                                  SHA512

                                                                  6e82d06843f86dbbc7c0a77dfc1231aeef563575663c95b1673b96d60eb1be67d19dd411b3e256173a4da02e8ae6cb41016d79328fbd7ed19a053c3428a14d73

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\DESIGNER\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  bdf1fa039da35caba46f38d5417fe6e6

                                                                  SHA1

                                                                  d663c7e13b691aad61b4b77a15ff4b9b9f2c4202

                                                                  SHA256

                                                                  f0522466888013b39141c0d6b159e205e906eb6a81f2cefcf52eb38531108347

                                                                  SHA512

                                                                  7d2227b00fa9b63bde24e3c2b2aef123f533b832548a60e9bfe119e348527f23011aa14d73904278a277307b97367016700ba5988e5cf330d3b229c9055efafb

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\DESIGNER\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  bdf1fa039da35caba46f38d5417fe6e6

                                                                  SHA1

                                                                  d663c7e13b691aad61b4b77a15ff4b9b9f2c4202

                                                                  SHA256

                                                                  f0522466888013b39141c0d6b159e205e906eb6a81f2cefcf52eb38531108347

                                                                  SHA512

                                                                  7d2227b00fa9b63bde24e3c2b2aef123f533b832548a60e9bfe119e348527f23011aa14d73904278a277307b97367016700ba5988e5cf330d3b229c9055efafb

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\Services\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  d2a10e1395327bfb874b900c09030cb1

                                                                  SHA1

                                                                  d314910b68efb69979fde55023541cf51dd1abc0

                                                                  SHA256

                                                                  76517df392e55c2bac9d525e8672e7a4cff9f42d674f63df28fbbba6b69cf067

                                                                  SHA512

                                                                  dc54144a48828e6ce99d7ad8fa11edcffca1c0dd2b99fdddeb0d419a23871cffe7b2a8e842e394f03ef92add815e8e381893c27507e78f082bb43b7b5ffeff86

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\Services\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  d2a10e1395327bfb874b900c09030cb1

                                                                  SHA1

                                                                  d314910b68efb69979fde55023541cf51dd1abc0

                                                                  SHA256

                                                                  76517df392e55c2bac9d525e8672e7a4cff9f42d674f63df28fbbba6b69cf067

                                                                  SHA512

                                                                  dc54144a48828e6ce99d7ad8fa11edcffca1c0dd2b99fdddeb0d419a23871cffe7b2a8e842e394f03ef92add815e8e381893c27507e78f082bb43b7b5ffeff86

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\System\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  74931a6a0f80f793c77bbff98898d1fc

                                                                  SHA1

                                                                  a8716fa1a71bd6ad22bb98cb70d4ad2b0ecb25c8

                                                                  SHA256

                                                                  fb9915e0007e1f4866a4c45b276b01f762901990e875a4c896469a1bc3a3ae94

                                                                  SHA512

                                                                  f8b47d673be636a8183f2ef2ff839504014e15e2634acac189fd71f98f52cf3f1514dcbe079cd97ad7ed26dc043f4e8328021f3eef57d9da0ee5f0cb68665ff2

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\System\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  74931a6a0f80f793c77bbff98898d1fc

                                                                  SHA1

                                                                  a8716fa1a71bd6ad22bb98cb70d4ad2b0ecb25c8

                                                                  SHA256

                                                                  fb9915e0007e1f4866a4c45b276b01f762901990e875a4c896469a1bc3a3ae94

                                                                  SHA512

                                                                  f8b47d673be636a8183f2ef2ff839504014e15e2634acac189fd71f98f52cf3f1514dcbe079cd97ad7ed26dc043f4e8328021f3eef57d9da0ee5f0cb68665ff2

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\data.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  eb0a4ccd2cf06eae11b3b6dba01e84ba

                                                                  SHA1

                                                                  64d430339da42fdccab1e57029f0e7dea04a5b61

                                                                  SHA256

                                                                  8e497f57ad57baa02693e277e45a3d3fac14c013511a5de7822b5306de63aa4d

                                                                  SHA512

                                                                  0c3472d67fc625b3697574e1d6880869c8bf072511b26f10b872f31ca1d2f97c86029fc28ed00824ce1793d9a89767cec78e7b9e8d59d231a5e0c2e29ee70e08

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\data.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  eb0a4ccd2cf06eae11b3b6dba01e84ba

                                                                  SHA1

                                                                  64d430339da42fdccab1e57029f0e7dea04a5b61

                                                                  SHA256

                                                                  8e497f57ad57baa02693e277e45a3d3fac14c013511a5de7822b5306de63aa4d

                                                                  SHA512

                                                                  0c3472d67fc625b3697574e1d6880869c8bf072511b26f10b872f31ca1d2f97c86029fc28ed00824ce1793d9a89767cec78e7b9e8d59d231a5e0c2e29ee70e08

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  b0a807e576a514bfc132b93514121c20

                                                                  SHA1

                                                                  5d71080df53ffb514d4b426849d3259d89284287

                                                                  SHA256

                                                                  9a35c03e71e7e7063902e493a740a3d6137bd3c3bb3fe820efef33f790965cc2

                                                                  SHA512

                                                                  a03b05f66ee852315f5d7f8b350550ab351530809619e2c289d57c8edfa972b9f475d7d85b2b09be232511eaf6609ec9da707ce29592769ce8d501774d1afc16

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  b0a807e576a514bfc132b93514121c20

                                                                  SHA1

                                                                  5d71080df53ffb514d4b426849d3259d89284287

                                                                  SHA256

                                                                  9a35c03e71e7e7063902e493a740a3d6137bd3c3bb3fe820efef33f790965cc2

                                                                  SHA512

                                                                  a03b05f66ee852315f5d7f8b350550ab351530809619e2c289d57c8edfa972b9f475d7d85b2b09be232511eaf6609ec9da707ce29592769ce8d501774d1afc16

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  51e2422c33e08be4d0b9c073f95df601

                                                                  SHA1

                                                                  447f977cc9d5e0ad0d650b40fa1f6bbd09337a5f

                                                                  SHA256

                                                                  03901e3dc236414dcfb40a908437d4910f63a342cb81de7568d64f8c101044af

                                                                  SHA512

                                                                  3f0b9893373d5264f92094f8b876cc3c3732614f8742cbf19274a791b2071716660bf07390e26d19c7d3ceb4dca6544a04132229ce47c3a1f1a62494794d1fc2

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  51e2422c33e08be4d0b9c073f95df601

                                                                  SHA1

                                                                  447f977cc9d5e0ad0d650b40fa1f6bbd09337a5f

                                                                  SHA256

                                                                  03901e3dc236414dcfb40a908437d4910f63a342cb81de7568d64f8c101044af

                                                                  SHA512

                                                                  3f0b9893373d5264f92094f8b876cc3c3732614f8742cbf19274a791b2071716660bf07390e26d19c7d3ceb4dca6544a04132229ce47c3a1f1a62494794d1fc2

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\MSInfo\update.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  d083c3d8703b392d74e53473921a8ec6

                                                                  SHA1

                                                                  25f82c0df6181de196d5b2af154cad5337a7ccb2

                                                                  SHA256

                                                                  7d7c2bb97b841c6dd13eeefc4862376be58b9ea9d455cdfb169a687d94048f5d

                                                                  SHA512

                                                                  5d8d19de41c3250ff08843107d31d01bcad24efc94bfd5a33744ff5d11e52d95c11b0410cb57b141151b52513d69382faad761d43b304201240ee9f63e7fa4f7

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\MSInfo\update.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  d083c3d8703b392d74e53473921a8ec6

                                                                  SHA1

                                                                  25f82c0df6181de196d5b2af154cad5337a7ccb2

                                                                  SHA256

                                                                  7d7c2bb97b841c6dd13eeefc4862376be58b9ea9d455cdfb169a687d94048f5d

                                                                  SHA512

                                                                  5d8d19de41c3250ff08843107d31d01bcad24efc94bfd5a33744ff5d11e52d95c11b0410cb57b141151b52513d69382faad761d43b304201240ee9f63e7fa4f7

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  bdf1fa039da35caba46f38d5417fe6e6

                                                                  SHA1

                                                                  d663c7e13b691aad61b4b77a15ff4b9b9f2c4202

                                                                  SHA256

                                                                  f0522466888013b39141c0d6b159e205e906eb6a81f2cefcf52eb38531108347

                                                                  SHA512

                                                                  7d2227b00fa9b63bde24e3c2b2aef123f533b832548a60e9bfe119e348527f23011aa14d73904278a277307b97367016700ba5988e5cf330d3b229c9055efafb

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  bdf1fa039da35caba46f38d5417fe6e6

                                                                  SHA1

                                                                  d663c7e13b691aad61b4b77a15ff4b9b9f2c4202

                                                                  SHA256

                                                                  f0522466888013b39141c0d6b159e205e906eb6a81f2cefcf52eb38531108347

                                                                  SHA512

                                                                  7d2227b00fa9b63bde24e3c2b2aef123f533b832548a60e9bfe119e348527f23011aa14d73904278a277307b97367016700ba5988e5cf330d3b229c9055efafb

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ae7aeb4d0e42abb42e63a37dc482b9bb

                                                                  SHA1

                                                                  4e509dd6e4d707732fd02714ec3daeced4d3698f

                                                                  SHA256

                                                                  2c62d4e7742a7265742f02bd2fab5f6ee719d26be8dc3c1e072d1aa494d48418

                                                                  SHA512

                                                                  28b97d3a31f1c39e18ab7e09f4dcf222a6a7a67f9ff1f4c9642c5614018d71bf03a236674a1895a30eca49cb63af699fa24c122330b4c1686edef7ba676bdd25

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ae7aeb4d0e42abb42e63a37dc482b9bb

                                                                  SHA1

                                                                  4e509dd6e4d707732fd02714ec3daeced4d3698f

                                                                  SHA256

                                                                  2c62d4e7742a7265742f02bd2fab5f6ee719d26be8dc3c1e072d1aa494d48418

                                                                  SHA512

                                                                  28b97d3a31f1c39e18ab7e09f4dcf222a6a7a67f9ff1f4c9642c5614018d71bf03a236674a1895a30eca49cb63af699fa24c122330b4c1686edef7ba676bdd25

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  b0a807e576a514bfc132b93514121c20

                                                                  SHA1

                                                                  5d71080df53ffb514d4b426849d3259d89284287

                                                                  SHA256

                                                                  9a35c03e71e7e7063902e493a740a3d6137bd3c3bb3fe820efef33f790965cc2

                                                                  SHA512

                                                                  a03b05f66ee852315f5d7f8b350550ab351530809619e2c289d57c8edfa972b9f475d7d85b2b09be232511eaf6609ec9da707ce29592769ce8d501774d1afc16

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  b0a807e576a514bfc132b93514121c20

                                                                  SHA1

                                                                  5d71080df53ffb514d4b426849d3259d89284287

                                                                  SHA256

                                                                  9a35c03e71e7e7063902e493a740a3d6137bd3c3bb3fe820efef33f790965cc2

                                                                  SHA512

                                                                  a03b05f66ee852315f5d7f8b350550ab351530809619e2c289d57c8edfa972b9f475d7d85b2b09be232511eaf6609ec9da707ce29592769ce8d501774d1afc16

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\bg-BG\update.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ae7aeb4d0e42abb42e63a37dc482b9bb

                                                                  SHA1

                                                                  4e509dd6e4d707732fd02714ec3daeced4d3698f

                                                                  SHA256

                                                                  2c62d4e7742a7265742f02bd2fab5f6ee719d26be8dc3c1e072d1aa494d48418

                                                                  SHA512

                                                                  28b97d3a31f1c39e18ab7e09f4dcf222a6a7a67f9ff1f4c9642c5614018d71bf03a236674a1895a30eca49cb63af699fa24c122330b4c1686edef7ba676bdd25

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\bg-BG\update.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ae7aeb4d0e42abb42e63a37dc482b9bb

                                                                  SHA1

                                                                  4e509dd6e4d707732fd02714ec3daeced4d3698f

                                                                  SHA256

                                                                  2c62d4e7742a7265742f02bd2fab5f6ee719d26be8dc3c1e072d1aa494d48418

                                                                  SHA512

                                                                  28b97d3a31f1c39e18ab7e09f4dcf222a6a7a67f9ff1f4c9642c5614018d71bf03a236674a1895a30eca49cb63af699fa24c122330b4c1686edef7ba676bdd25

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ae7aeb4d0e42abb42e63a37dc482b9bb

                                                                  SHA1

                                                                  4e509dd6e4d707732fd02714ec3daeced4d3698f

                                                                  SHA256

                                                                  2c62d4e7742a7265742f02bd2fab5f6ee719d26be8dc3c1e072d1aa494d48418

                                                                  SHA512

                                                                  28b97d3a31f1c39e18ab7e09f4dcf222a6a7a67f9ff1f4c9642c5614018d71bf03a236674a1895a30eca49cb63af699fa24c122330b4c1686edef7ba676bdd25

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ae7aeb4d0e42abb42e63a37dc482b9bb

                                                                  SHA1

                                                                  4e509dd6e4d707732fd02714ec3daeced4d3698f

                                                                  SHA256

                                                                  2c62d4e7742a7265742f02bd2fab5f6ee719d26be8dc3c1e072d1aa494d48418

                                                                  SHA512

                                                                  28b97d3a31f1c39e18ab7e09f4dcf222a6a7a67f9ff1f4c9642c5614018d71bf03a236674a1895a30eca49cb63af699fa24c122330b4c1686edef7ba676bdd25

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ae7aeb4d0e42abb42e63a37dc482b9bb

                                                                  SHA1

                                                                  4e509dd6e4d707732fd02714ec3daeced4d3698f

                                                                  SHA256

                                                                  2c62d4e7742a7265742f02bd2fab5f6ee719d26be8dc3c1e072d1aa494d48418

                                                                  SHA512

                                                                  28b97d3a31f1c39e18ab7e09f4dcf222a6a7a67f9ff1f4c9642c5614018d71bf03a236674a1895a30eca49cb63af699fa24c122330b4c1686edef7ba676bdd25

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ae7aeb4d0e42abb42e63a37dc482b9bb

                                                                  SHA1

                                                                  4e509dd6e4d707732fd02714ec3daeced4d3698f

                                                                  SHA256

                                                                  2c62d4e7742a7265742f02bd2fab5f6ee719d26be8dc3c1e072d1aa494d48418

                                                                  SHA512

                                                                  28b97d3a31f1c39e18ab7e09f4dcf222a6a7a67f9ff1f4c9642c5614018d71bf03a236674a1895a30eca49cb63af699fa24c122330b4c1686edef7ba676bdd25

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\de-DE\update.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  aaf91aae744c78407c6f0714ef225442

                                                                  SHA1

                                                                  7c5689979bf6db8f0c2177650ebbe90cdd7907ab

                                                                  SHA256

                                                                  6f33b15c5b9e7ed3bb7c36d95539ceea4ca6e874faa396a41880cfef45b6a289

                                                                  SHA512

                                                                  1a4fbc8879ea33cd91824be9b4783e46908a0e451452735f52cf7de9c769dea005f6d5f8c6412c3cb1dcff34f9304e96f7dae8c96d1d6846558fe35e599d655f

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\de-DE\update.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  aaf91aae744c78407c6f0714ef225442

                                                                  SHA1

                                                                  7c5689979bf6db8f0c2177650ebbe90cdd7907ab

                                                                  SHA256

                                                                  6f33b15c5b9e7ed3bb7c36d95539ceea4ca6e874faa396a41880cfef45b6a289

                                                                  SHA512

                                                                  1a4fbc8879ea33cd91824be9b4783e46908a0e451452735f52cf7de9c769dea005f6d5f8c6412c3cb1dcff34f9304e96f7dae8c96d1d6846558fe35e599d655f

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  41b7208fee1751bf46e30d58dd7f9adb

                                                                  SHA1

                                                                  91e75d450a47534d9e89f9735f3d048669e7f389

                                                                  SHA256

                                                                  bf67f7dda248fe779ae1fbd8b75da8c39c99c8a216bb3df053f6ccd9b9a71276

                                                                  SHA512

                                                                  83975fe0fe30e2add3e7aa2d2a5ef4840667d3ed849c6314baaa9dca4da413444a177c372d47f9b207b3317a3c211ade3cf84c638811b89b0c5bc1513f11098a

                                                                  Download Submit

                                                                • C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  41b7208fee1751bf46e30d58dd7f9adb

                                                                  SHA1

                                                                  91e75d450a47534d9e89f9735f3d048669e7f389

                                                                  SHA256

                                                                  bf67f7dda248fe779ae1fbd8b75da8c39c99c8a216bb3df053f6ccd9b9a71276

                                                                  SHA512

                                                                  83975fe0fe30e2add3e7aa2d2a5ef4840667d3ed849c6314baaa9dca4da413444a177c372d47f9b207b3317a3c211ade3cf84c638811b89b0c5bc1513f11098a

                                                                  Download Submit

                                                                • C:\Program Files\Google\Chrome\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  a6297c090421f1d5cbf49202138db6ef

                                                                  SHA1

                                                                  d5ef2c0740084cfee3c3d2a5d56f17764fec0799

                                                                  SHA256

                                                                  7b151dcb60192503f971c129d5d8d8d854978b272565985efd2aab337a9dab3b

                                                                  SHA512

                                                                  913cd5dd030975dd64938d64f415ff540a2db02764621b321344a52bc1bed56099bfa748c55b85e60539baafd3d84908d8bddd1eaadfe63d2e97180956cdddaf

                                                                  Download Submit

                                                                • C:\Program Files\Google\Chrome\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  a6297c090421f1d5cbf49202138db6ef

                                                                  SHA1

                                                                  d5ef2c0740084cfee3c3d2a5d56f17764fec0799

                                                                  SHA256

                                                                  7b151dcb60192503f971c129d5d8d8d854978b272565985efd2aab337a9dab3b

                                                                  SHA512

                                                                  913cd5dd030975dd64938d64f415ff540a2db02764621b321344a52bc1bed56099bfa748c55b85e60539baafd3d84908d8bddd1eaadfe63d2e97180956cdddaf

                                                                  Download Submit

                                                                • C:\Program Files\Google\System Restore.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  4787d503883cd6c1b0f9aef451871420

                                                                  SHA1

                                                                  92f755144480003d9ce8164915dca6a14fe044b7

                                                                  SHA256

                                                                  76ac8bc57be09ab2381cb457ab70392564ac9b864cd24b1c1830992d9af287a4

                                                                  SHA512

                                                                  37ce8c5fcd4fc80da95b8b9b4485c1240baf680ff8a1f6b0781c4a2f7d06ac27586b5a457db31245bac93db4562f41774710663c6cf31ae20bd170f6d34eab79

                                                                  Download Submit

                                                                • C:\Program Files\Google\System Restore.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  4787d503883cd6c1b0f9aef451871420

                                                                  SHA1

                                                                  92f755144480003d9ce8164915dca6a14fe044b7

                                                                  SHA256

                                                                  76ac8bc57be09ab2381cb457ab70392564ac9b864cd24b1c1830992d9af287a4

                                                                  SHA512

                                                                  37ce8c5fcd4fc80da95b8b9b4485c1240baf680ff8a1f6b0781c4a2f7d06ac27586b5a457db31245bac93db4562f41774710663c6cf31ae20bd170f6d34eab79

                                                                  Download Submit

                                                                • C:\Program Files\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  18feb709bd29764f3cc0c27484d6cc03

                                                                  SHA1

                                                                  7b912af793bcac124b3885d808d175ddfc6fa645

                                                                  SHA256

                                                                  62dfe5d25b5bc7f54e8cc02dcd4afe0642ca2e4d8324b77c6de665fbd164b4ad

                                                                  SHA512

                                                                  da2a4ceeef726c3e1d890b1e9eba9a1954d135957d625ea1960179de3bb913651ff430d186fc98e4d903bc8afca3ddbb48f6f9441328cd1a786256f9f12730b4

                                                                  Download Submit

                                                                • C:\Program Files\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  18feb709bd29764f3cc0c27484d6cc03

                                                                  SHA1

                                                                  7b912af793bcac124b3885d808d175ddfc6fa645

                                                                  SHA256

                                                                  62dfe5d25b5bc7f54e8cc02dcd4afe0642ca2e4d8324b77c6de665fbd164b4ad

                                                                  SHA512

                                                                  da2a4ceeef726c3e1d890b1e9eba9a1954d135957d625ea1960179de3bb913651ff430d186fc98e4d903bc8afca3ddbb48f6f9441328cd1a786256f9f12730b4

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\1833319251\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ad2a857955f05f88cefca56152d51be6

                                                                  SHA1

                                                                  f1820821ed018698666d321aaa275a5467c0e7ee

                                                                  SHA256

                                                                  3bbcb6e67d20fc217a3dfcf675ba98db770d2d8f26600f3299896b0fc5599842

                                                                  SHA512

                                                                  8eb0e413b3322951cf9fb0c53c0771dafdd016c5404d3946fd74c872fb5b7ccefaa92fe2b30817ea6a0975af75702229435e0779fd49dc6144e1eecfc9ba9a03

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\1833319251\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ad2a857955f05f88cefca56152d51be6

                                                                  SHA1

                                                                  f1820821ed018698666d321aaa275a5467c0e7ee

                                                                  SHA256

                                                                  3bbcb6e67d20fc217a3dfcf675ba98db770d2d8f26600f3299896b0fc5599842

                                                                  SHA512

                                                                  8eb0e413b3322951cf9fb0c53c0771dafdd016c5404d3946fd74c872fb5b7ccefaa92fe2b30817ea6a0975af75702229435e0779fd49dc6144e1eecfc9ba9a03

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  e963b201c9cb3cf015dc354f90611516

                                                                  SHA1

                                                                  cfde1b1ad70b314249105f9c83d463f71d2fa512

                                                                  SHA256

                                                                  5de57ecfa930331dfdc7516db2ecd4e8e39f955f1fef366093fbf66905c62674

                                                                  SHA512

                                                                  b33202cf58ae7080343e5ee82b24850903a3448a13469890cb7c8bcfb86096eff3c54a7de600e6f2874eb1d20132f0adf22cb0961c5c0775e37a9719161b48d2

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  e963b201c9cb3cf015dc354f90611516

                                                                  SHA1

                                                                  cfde1b1ad70b314249105f9c83d463f71d2fa512

                                                                  SHA256

                                                                  5de57ecfa930331dfdc7516db2ecd4e8e39f955f1fef366093fbf66905c62674

                                                                  SHA512

                                                                  b33202cf58ae7080343e5ee82b24850903a3448a13469890cb7c8bcfb86096eff3c54a7de600e6f2874eb1d20132f0adf22cb0961c5c0775e37a9719161b48d2

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  e963b201c9cb3cf015dc354f90611516

                                                                  SHA1

                                                                  cfde1b1ad70b314249105f9c83d463f71d2fa512

                                                                  SHA256

                                                                  5de57ecfa930331dfdc7516db2ecd4e8e39f955f1fef366093fbf66905c62674

                                                                  SHA512

                                                                  b33202cf58ae7080343e5ee82b24850903a3448a13469890cb7c8bcfb86096eff3c54a7de600e6f2874eb1d20132f0adf22cb0961c5c0775e37a9719161b48d2

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  e963b201c9cb3cf015dc354f90611516

                                                                  SHA1

                                                                  cfde1b1ad70b314249105f9c83d463f71d2fa512

                                                                  SHA256

                                                                  5de57ecfa930331dfdc7516db2ecd4e8e39f955f1fef366093fbf66905c62674

                                                                  SHA512

                                                                  b33202cf58ae7080343e5ee82b24850903a3448a13469890cb7c8bcfb86096eff3c54a7de600e6f2874eb1d20132f0adf22cb0961c5c0775e37a9719161b48d2

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  fc9b76f820ce8f65a125fbd99d736905

                                                                  SHA1

                                                                  10f8381da7038749f7b7fe36a0ce0c58afb56f12

                                                                  SHA256

                                                                  e3b5df3856fba98d94afc6a3aa9eb53a9a12c70de21e8aa99bec8cc558440758

                                                                  SHA512

                                                                  37b6acdaafb878c63e254cedaff4bb0f803e88287d18734a4cacc2ae8d4ac3b4f3a08bcb7681fad590e7c418cb1f37287e6f55042f732b9af60920884ccddbdf

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  fc9b76f820ce8f65a125fbd99d736905

                                                                  SHA1

                                                                  10f8381da7038749f7b7fe36a0ce0c58afb56f12

                                                                  SHA256

                                                                  e3b5df3856fba98d94afc6a3aa9eb53a9a12c70de21e8aa99bec8cc558440758

                                                                  SHA512

                                                                  37b6acdaafb878c63e254cedaff4bb0f803e88287d18734a4cacc2ae8d4ac3b4f3a08bcb7681fad590e7c418cb1f37287e6f55042f732b9af60920884ccddbdf

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ad2a857955f05f88cefca56152d51be6

                                                                  SHA1

                                                                  f1820821ed018698666d321aaa275a5467c0e7ee

                                                                  SHA256

                                                                  3bbcb6e67d20fc217a3dfcf675ba98db770d2d8f26600f3299896b0fc5599842

                                                                  SHA512

                                                                  8eb0e413b3322951cf9fb0c53c0771dafdd016c5404d3946fd74c872fb5b7ccefaa92fe2b30817ea6a0975af75702229435e0779fd49dc6144e1eecfc9ba9a03

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ad2a857955f05f88cefca56152d51be6

                                                                  SHA1

                                                                  f1820821ed018698666d321aaa275a5467c0e7ee

                                                                  SHA256

                                                                  3bbcb6e67d20fc217a3dfcf675ba98db770d2d8f26600f3299896b0fc5599842

                                                                  SHA512

                                                                  8eb0e413b3322951cf9fb0c53c0771dafdd016c5404d3946fd74c872fb5b7ccefaa92fe2b30817ea6a0975af75702229435e0779fd49dc6144e1eecfc9ba9a03

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ad2a857955f05f88cefca56152d51be6

                                                                  SHA1

                                                                  f1820821ed018698666d321aaa275a5467c0e7ee

                                                                  SHA256

                                                                  3bbcb6e67d20fc217a3dfcf675ba98db770d2d8f26600f3299896b0fc5599842

                                                                  SHA512

                                                                  8eb0e413b3322951cf9fb0c53c0771dafdd016c5404d3946fd74c872fb5b7ccefaa92fe2b30817ea6a0975af75702229435e0779fd49dc6144e1eecfc9ba9a03

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ad2a857955f05f88cefca56152d51be6

                                                                  SHA1

                                                                  f1820821ed018698666d321aaa275a5467c0e7ee

                                                                  SHA256

                                                                  3bbcb6e67d20fc217a3dfcf675ba98db770d2d8f26600f3299896b0fc5599842

                                                                  SHA512

                                                                  8eb0e413b3322951cf9fb0c53c0771dafdd016c5404d3946fd74c872fb5b7ccefaa92fe2b30817ea6a0975af75702229435e0779fd49dc6144e1eecfc9ba9a03

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  fc9b76f820ce8f65a125fbd99d736905

                                                                  SHA1

                                                                  10f8381da7038749f7b7fe36a0ce0c58afb56f12

                                                                  SHA256

                                                                  e3b5df3856fba98d94afc6a3aa9eb53a9a12c70de21e8aa99bec8cc558440758

                                                                  SHA512

                                                                  37b6acdaafb878c63e254cedaff4bb0f803e88287d18734a4cacc2ae8d4ac3b4f3a08bcb7681fad590e7c418cb1f37287e6f55042f732b9af60920884ccddbdf

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  fc9b76f820ce8f65a125fbd99d736905

                                                                  SHA1

                                                                  10f8381da7038749f7b7fe36a0ce0c58afb56f12

                                                                  SHA256

                                                                  e3b5df3856fba98d94afc6a3aa9eb53a9a12c70de21e8aa99bec8cc558440758

                                                                  SHA512

                                                                  37b6acdaafb878c63e254cedaff4bb0f803e88287d18734a4cacc2ae8d4ac3b4f3a08bcb7681fad590e7c418cb1f37287e6f55042f732b9af60920884ccddbdf

                                                                  Download Submit

                                                                • C:\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  33a31c8a27c8ecd8b5839baf938635a3

                                                                  SHA1

                                                                  f448356ec7bcce978cb517fc80913c3e0dd7af83

                                                                  SHA256

                                                                  72bae64a96ac67f6eb233f030b24ef270da5c6917f756327c87b09b1892d61a9

                                                                  SHA512

                                                                  11863b9e83d5bc6136bf84f9fbb56a5ce6356ab72e3ee0ef6f2443e196f72f2b2cca906f0212178d50deaf8e1848c2f774823e989024f514746b50325eaecf28

                                                                  Download Submit

                                                                • C:\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  33a31c8a27c8ecd8b5839baf938635a3

                                                                  SHA1

                                                                  f448356ec7bcce978cb517fc80913c3e0dd7af83

                                                                  SHA256

                                                                  72bae64a96ac67f6eb233f030b24ef270da5c6917f756327c87b09b1892d61a9

                                                                  SHA512

                                                                  11863b9e83d5bc6136bf84f9fbb56a5ce6356ab72e3ee0ef6f2443e196f72f2b2cca906f0212178d50deaf8e1848c2f774823e989024f514746b50325eaecf28

                                                                  Download Submit

                                                                • C:\odt\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  bcd4bb16a03849c9daa8918f5afe0a43

                                                                  SHA1

                                                                  2911be646bd63ab179189cb051d4ef9da87bec50

                                                                  SHA256

                                                                  4b3c79e8be9243abd496bf46b8d8d3ea035d8060a42a18cc0ba5663316b7a6fd

                                                                  SHA512

                                                                  598f66363a74281985f8b708bfb10c3d4e86149e1fa79854a63639c109d3e131c3613080edb8c068e52494ba6b351e4eb694045b465c4294466232ab64e5bedc

                                                                  Download Submit

                                                                • C:\odt\backup.exe
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  bcd4bb16a03849c9daa8918f5afe0a43

                                                                  SHA1

                                                                  2911be646bd63ab179189cb051d4ef9da87bec50

                                                                  SHA256

                                                                  4b3c79e8be9243abd496bf46b8d8d3ea035d8060a42a18cc0ba5663316b7a6fd

                                                                  SHA512

                                                                  598f66363a74281985f8b708bfb10c3d4e86149e1fa79854a63639c109d3e131c3613080edb8c068e52494ba6b351e4eb694045b465c4294466232ab64e5bedc

                                                                  Download Submit