Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
156s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
19/09/2022, 01:29
General
-
Target
12faba8ba924c8548e51b02ce2a60da1f6c6e09fdc78e5e2fe5596aeaa8d3617.exe
-
Size
72KB
-
MD5
0052b04a19aadcfffd9e608c1628df94
-
SHA1
0fd0a7cf1d7c507073403e0295fe653ea36bcd02
-
SHA256
12faba8ba924c8548e51b02ce2a60da1f6c6e09fdc78e5e2fe5596aeaa8d3617
-
SHA512
01eb2c0f35d26834324d0bb711cfca211fa52ea7bd0b27e2211cfd82cc402014ade290bb502ab058e9cbffd8018ec17a858fe320f7398a2b56e2a19adb71196c
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2G:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPy
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12faba8ba924c8548e51b02ce2a60da1f6c6e09fdc78e5e2fe5596aeaa8d3617.exe"C:\Users\Admin\AppData\Local\Temp\12faba8ba924c8548e51b02ce2a60da1f6c6e09fdc78e5e2fe5596aeaa8d3617.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\3336227372\backup.exeC:\Users\Admin\AppData\Local\Temp\3336227372\backup.exe C:\Users\Admin\AppData\Local\Temp\3336227372\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\data.exeC:\PerfLogs\data.exe C:\PerfLogs\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\data.exe"C:\Program Files\Common Files\data.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\data.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\data.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Drops file in Program Files directory
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\System Restore.exe"C:\Program Files\Common Files\System\ado\es-ES\System Restore.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\it-IT\System Restore.exe"C:\Program Files\DVD Maker\it-IT\System Restore.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\data.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\data.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\update.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\update.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\update.exeC:\Windows\update.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD52feadde7bb57bada892623cbceb1f67b
SHA1a59c68d2dd994b43a3200bce304f3a20a7b46064
SHA256122901f2ac000131b740d6d8efe482d0e890f49e8ae7e0a60ff4be05d4731010
SHA51242c8d205b5862b34eb1d04fe079961dd46d07bbc07e74b80b4708a7054c334f06974e83556588a032296fd14da15c9646937763d77b476de23fc426f3692e2c4
-
Filesize
72KB
MD5021644f0046122cb9eaa50ba3e34dacb
SHA1767af60e9732370fc31d1e2b576cb446040d0a84
SHA256f3ddb7fc0bf8773087f5059af523c713eb9b3022886f973ccbaa5588cc89781b
SHA512a4362bf318c0fa819252f997ccb863252c3f6f4abd86996820ddf43d372f1324149bdd3840e3a60c647515ba7dd88bda0a1a2396e1ac4c7b8bb0e7aaf898b1a0
-
Filesize
72KB
MD5021644f0046122cb9eaa50ba3e34dacb
SHA1767af60e9732370fc31d1e2b576cb446040d0a84
SHA256f3ddb7fc0bf8773087f5059af523c713eb9b3022886f973ccbaa5588cc89781b
SHA512a4362bf318c0fa819252f997ccb863252c3f6f4abd86996820ddf43d372f1324149bdd3840e3a60c647515ba7dd88bda0a1a2396e1ac4c7b8bb0e7aaf898b1a0
-
Filesize
72KB
MD5b63f6c8ae0d5621f98c0d9cd4dc7028e
SHA140b59bed40079a42702ec3623ca8dc5266055eb5
SHA256a1f58da03a0c14140162c3c74c3513fef94c9bbb736ddee4452882ba77cf5ef9
SHA51218dc5bf06dec3c5d7a071ab8a055758f7676bdcd02bd1a24f2f298143a10b1fc807a45835b748b3c4d37b432bf36a5caeec60a1f34ab86b92f1af6728acd56bc
-
Filesize
72KB
MD594c30fa21e811dd9d87acd28ec46ed3d
SHA1e2b6c8a78359bf34f7106a8fdf5b7d6acf084b7f
SHA256e438876322c08000dbe0057f597cd833f19d3a205e98169d3232e42bf8818649
SHA512c0196d4658d3177228613da28ddda41f1111a00eba710412121bfdac436774976c8cec4eb82d801192e6c1d079238cf9e922fb8a49044a3c2ac3859d73dd486c
-
Filesize
72KB
MD594c30fa21e811dd9d87acd28ec46ed3d
SHA1e2b6c8a78359bf34f7106a8fdf5b7d6acf084b7f
SHA256e438876322c08000dbe0057f597cd833f19d3a205e98169d3232e42bf8818649
SHA512c0196d4658d3177228613da28ddda41f1111a00eba710412121bfdac436774976c8cec4eb82d801192e6c1d079238cf9e922fb8a49044a3c2ac3859d73dd486c
-
Filesize
72KB
MD564c87b08cfb922a5b74c0b2c2b3f56c3
SHA19601c919b7364768c6e47d954c4b5d0ccb074ca0
SHA2567cfc42bc3820bb2b42bb2f720334f39c365b9f0c94ccc270f9c164fc62150d4d
SHA5123787c395436a371265f07adfe1ab4b64a8ddb5368c44597fdc7645ed82203e1ef129506ac3b4dfa1ef993f13d8c5902e6803c73507859d65332b93e2a649bf49
-
Filesize
72KB
MD5b63f6c8ae0d5621f98c0d9cd4dc7028e
SHA140b59bed40079a42702ec3623ca8dc5266055eb5
SHA256a1f58da03a0c14140162c3c74c3513fef94c9bbb736ddee4452882ba77cf5ef9
SHA51218dc5bf06dec3c5d7a071ab8a055758f7676bdcd02bd1a24f2f298143a10b1fc807a45835b748b3c4d37b432bf36a5caeec60a1f34ab86b92f1af6728acd56bc
-
Filesize
72KB
MD5b63f6c8ae0d5621f98c0d9cd4dc7028e
SHA140b59bed40079a42702ec3623ca8dc5266055eb5
SHA256a1f58da03a0c14140162c3c74c3513fef94c9bbb736ddee4452882ba77cf5ef9
SHA51218dc5bf06dec3c5d7a071ab8a055758f7676bdcd02bd1a24f2f298143a10b1fc807a45835b748b3c4d37b432bf36a5caeec60a1f34ab86b92f1af6728acd56bc
-
Filesize
72KB
MD57bd9f31965a1015bf60f6a15f9979527
SHA1770fd08713855a85d399199b9c335267b99c5929
SHA256509f2ff6f2af63adc2f415986760b2e03fe92d4b559d9aeca03e3dbc4440fff6
SHA5129e5f097e09f243587434925ab26aa962203caea482f5f6e38e2ba51b5ee784b6e3f9a96c4a4946c62249b478542da1c33a165f14be6bcc9f8b5aa70b8b51623e
-
Filesize
72KB
MD55c5bf26afec6e06fdc635c914af56e15
SHA1d3c6b862923e89e1bee6379fdf975760a2c195a4
SHA256c02ef25b55c3e49b94db2a9fd7a4c05cee2509aedee3374012d02b31fa8903e6
SHA5128c5aefe5e474604e6becce182a0c9b52e4acc0cf11a53b58503037fee37a40be8560f9b9ee8e14cb4fadbd3599ab2d954b840fcaef9392c0363f69553c4f3f31
-
Filesize
72KB
MD55c5bf26afec6e06fdc635c914af56e15
SHA1d3c6b862923e89e1bee6379fdf975760a2c195a4
SHA256c02ef25b55c3e49b94db2a9fd7a4c05cee2509aedee3374012d02b31fa8903e6
SHA5128c5aefe5e474604e6becce182a0c9b52e4acc0cf11a53b58503037fee37a40be8560f9b9ee8e14cb4fadbd3599ab2d954b840fcaef9392c0363f69553c4f3f31
-
Filesize
72KB
MD57bd9f31965a1015bf60f6a15f9979527
SHA1770fd08713855a85d399199b9c335267b99c5929
SHA256509f2ff6f2af63adc2f415986760b2e03fe92d4b559d9aeca03e3dbc4440fff6
SHA5129e5f097e09f243587434925ab26aa962203caea482f5f6e38e2ba51b5ee784b6e3f9a96c4a4946c62249b478542da1c33a165f14be6bcc9f8b5aa70b8b51623e
-
Filesize
72KB
MD594c30fa21e811dd9d87acd28ec46ed3d
SHA1e2b6c8a78359bf34f7106a8fdf5b7d6acf084b7f
SHA256e438876322c08000dbe0057f597cd833f19d3a205e98169d3232e42bf8818649
SHA512c0196d4658d3177228613da28ddda41f1111a00eba710412121bfdac436774976c8cec4eb82d801192e6c1d079238cf9e922fb8a49044a3c2ac3859d73dd486c
-
Filesize
72KB
MD594c30fa21e811dd9d87acd28ec46ed3d
SHA1e2b6c8a78359bf34f7106a8fdf5b7d6acf084b7f
SHA256e438876322c08000dbe0057f597cd833f19d3a205e98169d3232e42bf8818649
SHA512c0196d4658d3177228613da28ddda41f1111a00eba710412121bfdac436774976c8cec4eb82d801192e6c1d079238cf9e922fb8a49044a3c2ac3859d73dd486c
-
Filesize
72KB
MD5021644f0046122cb9eaa50ba3e34dacb
SHA1767af60e9732370fc31d1e2b576cb446040d0a84
SHA256f3ddb7fc0bf8773087f5059af523c713eb9b3022886f973ccbaa5588cc89781b
SHA512a4362bf318c0fa819252f997ccb863252c3f6f4abd86996820ddf43d372f1324149bdd3840e3a60c647515ba7dd88bda0a1a2396e1ac4c7b8bb0e7aaf898b1a0
-
Filesize
72KB
MD5021644f0046122cb9eaa50ba3e34dacb
SHA1767af60e9732370fc31d1e2b576cb446040d0a84
SHA256f3ddb7fc0bf8773087f5059af523c713eb9b3022886f973ccbaa5588cc89781b
SHA512a4362bf318c0fa819252f997ccb863252c3f6f4abd86996820ddf43d372f1324149bdd3840e3a60c647515ba7dd88bda0a1a2396e1ac4c7b8bb0e7aaf898b1a0
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5742fe2b33d4b2a9d7566cf305c0848e3
SHA1af6cbafc74395bcce2c456e5be6ddb6a852d9091
SHA256a28711a3a7a7a9c3f6578516ad1935c507cd6784ab98da359548f0d8f1abc396
SHA512c993c5f643589750c018792c871a17bdd0b76e33aad8a16f1ee2713e248b2177eb2dc6ac3b3c86c959da32aed3e66534f8e657406821b9188e62c1118a923fbc
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5742fe2b33d4b2a9d7566cf305c0848e3
SHA1af6cbafc74395bcce2c456e5be6ddb6a852d9091
SHA256a28711a3a7a7a9c3f6578516ad1935c507cd6784ab98da359548f0d8f1abc396
SHA512c993c5f643589750c018792c871a17bdd0b76e33aad8a16f1ee2713e248b2177eb2dc6ac3b3c86c959da32aed3e66534f8e657406821b9188e62c1118a923fbc
-
Filesize
72KB
MD5074428bcfe0f5b999265a247aaf66698
SHA16c93bd1e5396683419a3b2a22faa868a9a3aadce
SHA25619af0d318acaf348de7ed9beed07a323983359aa6c4ad2f6d06e9b45208a89c5
SHA5122d998716fcec457a235b69a076d3ce29e74fec0f50ff89507fcee7ae166f53e00cd8eabdbf4a620f43527a640c3aba156e54eb70d3f44b3edc98ab06f408a36c
-
Filesize
72KB
MD5074428bcfe0f5b999265a247aaf66698
SHA16c93bd1e5396683419a3b2a22faa868a9a3aadce
SHA25619af0d318acaf348de7ed9beed07a323983359aa6c4ad2f6d06e9b45208a89c5
SHA5122d998716fcec457a235b69a076d3ce29e74fec0f50ff89507fcee7ae166f53e00cd8eabdbf4a620f43527a640c3aba156e54eb70d3f44b3edc98ab06f408a36c
-
Filesize
72KB
MD52feadde7bb57bada892623cbceb1f67b
SHA1a59c68d2dd994b43a3200bce304f3a20a7b46064
SHA256122901f2ac000131b740d6d8efe482d0e890f49e8ae7e0a60ff4be05d4731010
SHA51242c8d205b5862b34eb1d04fe079961dd46d07bbc07e74b80b4708a7054c334f06974e83556588a032296fd14da15c9646937763d77b476de23fc426f3692e2c4
-
Filesize
72KB
MD52feadde7bb57bada892623cbceb1f67b
SHA1a59c68d2dd994b43a3200bce304f3a20a7b46064
SHA256122901f2ac000131b740d6d8efe482d0e890f49e8ae7e0a60ff4be05d4731010
SHA51242c8d205b5862b34eb1d04fe079961dd46d07bbc07e74b80b4708a7054c334f06974e83556588a032296fd14da15c9646937763d77b476de23fc426f3692e2c4
-
Filesize
72KB
MD5021644f0046122cb9eaa50ba3e34dacb
SHA1767af60e9732370fc31d1e2b576cb446040d0a84
SHA256f3ddb7fc0bf8773087f5059af523c713eb9b3022886f973ccbaa5588cc89781b
SHA512a4362bf318c0fa819252f997ccb863252c3f6f4abd86996820ddf43d372f1324149bdd3840e3a60c647515ba7dd88bda0a1a2396e1ac4c7b8bb0e7aaf898b1a0
-
Filesize
72KB
MD5021644f0046122cb9eaa50ba3e34dacb
SHA1767af60e9732370fc31d1e2b576cb446040d0a84
SHA256f3ddb7fc0bf8773087f5059af523c713eb9b3022886f973ccbaa5588cc89781b
SHA512a4362bf318c0fa819252f997ccb863252c3f6f4abd86996820ddf43d372f1324149bdd3840e3a60c647515ba7dd88bda0a1a2396e1ac4c7b8bb0e7aaf898b1a0
-
Filesize
72KB
MD5b63f6c8ae0d5621f98c0d9cd4dc7028e
SHA140b59bed40079a42702ec3623ca8dc5266055eb5
SHA256a1f58da03a0c14140162c3c74c3513fef94c9bbb736ddee4452882ba77cf5ef9
SHA51218dc5bf06dec3c5d7a071ab8a055758f7676bdcd02bd1a24f2f298143a10b1fc807a45835b748b3c4d37b432bf36a5caeec60a1f34ab86b92f1af6728acd56bc
-
Filesize
72KB
MD5b63f6c8ae0d5621f98c0d9cd4dc7028e
SHA140b59bed40079a42702ec3623ca8dc5266055eb5
SHA256a1f58da03a0c14140162c3c74c3513fef94c9bbb736ddee4452882ba77cf5ef9
SHA51218dc5bf06dec3c5d7a071ab8a055758f7676bdcd02bd1a24f2f298143a10b1fc807a45835b748b3c4d37b432bf36a5caeec60a1f34ab86b92f1af6728acd56bc
-
Filesize
72KB
MD594c30fa21e811dd9d87acd28ec46ed3d
SHA1e2b6c8a78359bf34f7106a8fdf5b7d6acf084b7f
SHA256e438876322c08000dbe0057f597cd833f19d3a205e98169d3232e42bf8818649
SHA512c0196d4658d3177228613da28ddda41f1111a00eba710412121bfdac436774976c8cec4eb82d801192e6c1d079238cf9e922fb8a49044a3c2ac3859d73dd486c
-
Filesize
72KB
MD594c30fa21e811dd9d87acd28ec46ed3d
SHA1e2b6c8a78359bf34f7106a8fdf5b7d6acf084b7f
SHA256e438876322c08000dbe0057f597cd833f19d3a205e98169d3232e42bf8818649
SHA512c0196d4658d3177228613da28ddda41f1111a00eba710412121bfdac436774976c8cec4eb82d801192e6c1d079238cf9e922fb8a49044a3c2ac3859d73dd486c
-
Filesize
72KB
MD564c87b08cfb922a5b74c0b2c2b3f56c3
SHA19601c919b7364768c6e47d954c4b5d0ccb074ca0
SHA2567cfc42bc3820bb2b42bb2f720334f39c365b9f0c94ccc270f9c164fc62150d4d
SHA5123787c395436a371265f07adfe1ab4b64a8ddb5368c44597fdc7645ed82203e1ef129506ac3b4dfa1ef993f13d8c5902e6803c73507859d65332b93e2a649bf49
-
Filesize
72KB
MD564c87b08cfb922a5b74c0b2c2b3f56c3
SHA19601c919b7364768c6e47d954c4b5d0ccb074ca0
SHA2567cfc42bc3820bb2b42bb2f720334f39c365b9f0c94ccc270f9c164fc62150d4d
SHA5123787c395436a371265f07adfe1ab4b64a8ddb5368c44597fdc7645ed82203e1ef129506ac3b4dfa1ef993f13d8c5902e6803c73507859d65332b93e2a649bf49
-
Filesize
72KB
MD5b63f6c8ae0d5621f98c0d9cd4dc7028e
SHA140b59bed40079a42702ec3623ca8dc5266055eb5
SHA256a1f58da03a0c14140162c3c74c3513fef94c9bbb736ddee4452882ba77cf5ef9
SHA51218dc5bf06dec3c5d7a071ab8a055758f7676bdcd02bd1a24f2f298143a10b1fc807a45835b748b3c4d37b432bf36a5caeec60a1f34ab86b92f1af6728acd56bc
-
Filesize
72KB
MD5b63f6c8ae0d5621f98c0d9cd4dc7028e
SHA140b59bed40079a42702ec3623ca8dc5266055eb5
SHA256a1f58da03a0c14140162c3c74c3513fef94c9bbb736ddee4452882ba77cf5ef9
SHA51218dc5bf06dec3c5d7a071ab8a055758f7676bdcd02bd1a24f2f298143a10b1fc807a45835b748b3c4d37b432bf36a5caeec60a1f34ab86b92f1af6728acd56bc
-
Filesize
72KB
MD57bd9f31965a1015bf60f6a15f9979527
SHA1770fd08713855a85d399199b9c335267b99c5929
SHA256509f2ff6f2af63adc2f415986760b2e03fe92d4b559d9aeca03e3dbc4440fff6
SHA5129e5f097e09f243587434925ab26aa962203caea482f5f6e38e2ba51b5ee784b6e3f9a96c4a4946c62249b478542da1c33a165f14be6bcc9f8b5aa70b8b51623e
-
Filesize
72KB
MD57bd9f31965a1015bf60f6a15f9979527
SHA1770fd08713855a85d399199b9c335267b99c5929
SHA256509f2ff6f2af63adc2f415986760b2e03fe92d4b559d9aeca03e3dbc4440fff6
SHA5129e5f097e09f243587434925ab26aa962203caea482f5f6e38e2ba51b5ee784b6e3f9a96c4a4946c62249b478542da1c33a165f14be6bcc9f8b5aa70b8b51623e
-
Filesize
72KB
MD55c5bf26afec6e06fdc635c914af56e15
SHA1d3c6b862923e89e1bee6379fdf975760a2c195a4
SHA256c02ef25b55c3e49b94db2a9fd7a4c05cee2509aedee3374012d02b31fa8903e6
SHA5128c5aefe5e474604e6becce182a0c9b52e4acc0cf11a53b58503037fee37a40be8560f9b9ee8e14cb4fadbd3599ab2d954b840fcaef9392c0363f69553c4f3f31
-
Filesize
72KB
MD55c5bf26afec6e06fdc635c914af56e15
SHA1d3c6b862923e89e1bee6379fdf975760a2c195a4
SHA256c02ef25b55c3e49b94db2a9fd7a4c05cee2509aedee3374012d02b31fa8903e6
SHA5128c5aefe5e474604e6becce182a0c9b52e4acc0cf11a53b58503037fee37a40be8560f9b9ee8e14cb4fadbd3599ab2d954b840fcaef9392c0363f69553c4f3f31
-
Filesize
72KB
MD57bd9f31965a1015bf60f6a15f9979527
SHA1770fd08713855a85d399199b9c335267b99c5929
SHA256509f2ff6f2af63adc2f415986760b2e03fe92d4b559d9aeca03e3dbc4440fff6
SHA5129e5f097e09f243587434925ab26aa962203caea482f5f6e38e2ba51b5ee784b6e3f9a96c4a4946c62249b478542da1c33a165f14be6bcc9f8b5aa70b8b51623e
-
Filesize
72KB
MD57bd9f31965a1015bf60f6a15f9979527
SHA1770fd08713855a85d399199b9c335267b99c5929
SHA256509f2ff6f2af63adc2f415986760b2e03fe92d4b559d9aeca03e3dbc4440fff6
SHA5129e5f097e09f243587434925ab26aa962203caea482f5f6e38e2ba51b5ee784b6e3f9a96c4a4946c62249b478542da1c33a165f14be6bcc9f8b5aa70b8b51623e
-
Filesize
72KB
MD57bd9f31965a1015bf60f6a15f9979527
SHA1770fd08713855a85d399199b9c335267b99c5929
SHA256509f2ff6f2af63adc2f415986760b2e03fe92d4b559d9aeca03e3dbc4440fff6
SHA5129e5f097e09f243587434925ab26aa962203caea482f5f6e38e2ba51b5ee784b6e3f9a96c4a4946c62249b478542da1c33a165f14be6bcc9f8b5aa70b8b51623e
-
Filesize
72KB
MD594c30fa21e811dd9d87acd28ec46ed3d
SHA1e2b6c8a78359bf34f7106a8fdf5b7d6acf084b7f
SHA256e438876322c08000dbe0057f597cd833f19d3a205e98169d3232e42bf8818649
SHA512c0196d4658d3177228613da28ddda41f1111a00eba710412121bfdac436774976c8cec4eb82d801192e6c1d079238cf9e922fb8a49044a3c2ac3859d73dd486c
-
Filesize
72KB
MD594c30fa21e811dd9d87acd28ec46ed3d
SHA1e2b6c8a78359bf34f7106a8fdf5b7d6acf084b7f
SHA256e438876322c08000dbe0057f597cd833f19d3a205e98169d3232e42bf8818649
SHA512c0196d4658d3177228613da28ddda41f1111a00eba710412121bfdac436774976c8cec4eb82d801192e6c1d079238cf9e922fb8a49044a3c2ac3859d73dd486c
-
Filesize
72KB
MD5021644f0046122cb9eaa50ba3e34dacb
SHA1767af60e9732370fc31d1e2b576cb446040d0a84
SHA256f3ddb7fc0bf8773087f5059af523c713eb9b3022886f973ccbaa5588cc89781b
SHA512a4362bf318c0fa819252f997ccb863252c3f6f4abd86996820ddf43d372f1324149bdd3840e3a60c647515ba7dd88bda0a1a2396e1ac4c7b8bb0e7aaf898b1a0
-
Filesize
72KB
MD5021644f0046122cb9eaa50ba3e34dacb
SHA1767af60e9732370fc31d1e2b576cb446040d0a84
SHA256f3ddb7fc0bf8773087f5059af523c713eb9b3022886f973ccbaa5588cc89781b
SHA512a4362bf318c0fa819252f997ccb863252c3f6f4abd86996820ddf43d372f1324149bdd3840e3a60c647515ba7dd88bda0a1a2396e1ac4c7b8bb0e7aaf898b1a0
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5742fe2b33d4b2a9d7566cf305c0848e3
SHA1af6cbafc74395bcce2c456e5be6ddb6a852d9091
SHA256a28711a3a7a7a9c3f6578516ad1935c507cd6784ab98da359548f0d8f1abc396
SHA512c993c5f643589750c018792c871a17bdd0b76e33aad8a16f1ee2713e248b2177eb2dc6ac3b3c86c959da32aed3e66534f8e657406821b9188e62c1118a923fbc
-
Filesize
72KB
MD5742fe2b33d4b2a9d7566cf305c0848e3
SHA1af6cbafc74395bcce2c456e5be6ddb6a852d9091
SHA256a28711a3a7a7a9c3f6578516ad1935c507cd6784ab98da359548f0d8f1abc396
SHA512c993c5f643589750c018792c871a17bdd0b76e33aad8a16f1ee2713e248b2177eb2dc6ac3b3c86c959da32aed3e66534f8e657406821b9188e62c1118a923fbc
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5ce6076cf782d57f7f337be7d5bca7bd8
SHA1616444c5295fe9a15f794547ca954c4d102c3c4b
SHA256310d9ad4a25f299abc2e335eeea6199633b7baf7128cee60eb1b955d42ccae3c
SHA512557bd0c8c19c28e235d7de580eed5970d43b37e6c7786a1205ac4b00955268fc26b5ef778491da9bfeae54953447b3bdb5d31ecbfef96e1a0fb9dcf68a324342
-
Filesize
72KB
MD5742fe2b33d4b2a9d7566cf305c0848e3
SHA1af6cbafc74395bcce2c456e5be6ddb6a852d9091
SHA256a28711a3a7a7a9c3f6578516ad1935c507cd6784ab98da359548f0d8f1abc396
SHA512c993c5f643589750c018792c871a17bdd0b76e33aad8a16f1ee2713e248b2177eb2dc6ac3b3c86c959da32aed3e66534f8e657406821b9188e62c1118a923fbc
-
Filesize
72KB
MD5742fe2b33d4b2a9d7566cf305c0848e3
SHA1af6cbafc74395bcce2c456e5be6ddb6a852d9091
SHA256a28711a3a7a7a9c3f6578516ad1935c507cd6784ab98da359548f0d8f1abc396
SHA512c993c5f643589750c018792c871a17bdd0b76e33aad8a16f1ee2713e248b2177eb2dc6ac3b3c86c959da32aed3e66534f8e657406821b9188e62c1118a923fbc
-
Filesize
8KB
-
Filesize
8KB