Analysis
-
max time kernel
154s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
11/10/2022, 01:40
General
-
Target
704835f16e875fff6dde2fe3f5783a29489c4b8ab7ac69c5566f66a6386f4bdb.exe
-
Size
72KB
-
MD5
41a0b05dbe60d22ba3ffc6c955e5c672
-
SHA1
b0ad91727ca3189e8272e44bafbfcbd0045aaf20
-
SHA256
704835f16e875fff6dde2fe3f5783a29489c4b8ab7ac69c5566f66a6386f4bdb
-
SHA512
f5312205d66431a63f3af3454d31b40c5dfc222c75c255ba6c6ef8c11bbcc170b350abeba6a67ec846f17544cfe430cb775440233aacb37b3bd418894351a168
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf24:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrE
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\704835f16e875fff6dde2fe3f5783a29489c4b8ab7ac69c5566f66a6386f4bdb.exe"C:\Users\Admin\AppData\Local\Temp\704835f16e875fff6dde2fe3f5783a29489c4b8ab7ac69c5566f66a6386f4bdb.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\2193047387\update.exeC:\Users\Admin\AppData\Local\Temp\2193047387\update.exe C:\Users\Admin\AppData\Local\Temp\2193047387\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\data.exe"C:\Program Files\data.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\data.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\data.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\update.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\update.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\update.exe"C:\Program Files\Common Files\System\en-US\update.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\System Restore.exe"C:\Program Files\DVD Maker\es-ES\System Restore.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\data.exe"C:\Program Files\DVD Maker\it-IT\data.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\data.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\data.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
-
-
C:\Program Files\Java\jre7\backup.exe"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\6⤵
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\data.exe"C:\Program Files (x86)\Common Files\Adobe\Help\data.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\update.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\update.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\update.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\update.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\8⤵
-
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\data.exe"C:\Program Files (x86)\Common Files\Services\data.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\data.exe"C:\Program Files (x86)\Common Files\System\data.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Office\System Restore.exe"C:\Program Files (x86)\Microsoft Office\System Restore.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Downloads\data.exeC:\Users\Admin\Downloads\data.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\System Restore.exe"C:\Users\Admin\Favorites\System Restore.exe" C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5637ccc64cf0fd245ac2aaf93cce361f8
SHA1cf0a3039a713befbe3928bb1dcea89d9a8be136b
SHA2565b6ab0d4ff43a82d206135df15e6bd2ca70acbef2b92de7ab7c988530bd7ef39
SHA512cf247788436971f41d06a089bb3a5e274e4b6cb4f9458573b93970d46cfe3db471aeeccd6ddee3a5026e715464c95be5b6aa011ed7277e287d74b34c36e90e02
-
Filesize
72KB
MD5637ccc64cf0fd245ac2aaf93cce361f8
SHA1cf0a3039a713befbe3928bb1dcea89d9a8be136b
SHA2565b6ab0d4ff43a82d206135df15e6bd2ca70acbef2b92de7ab7c988530bd7ef39
SHA512cf247788436971f41d06a089bb3a5e274e4b6cb4f9458573b93970d46cfe3db471aeeccd6ddee3a5026e715464c95be5b6aa011ed7277e287d74b34c36e90e02
-
Filesize
72KB
MD5b436e621c305f8236d281853efa8fff7
SHA1c3f707b01c08d5c57c60313d9fcbec549ee73bd3
SHA256d5d75f044e89b5ef3cd7dd23fee44872b7141bad7de4be6b509f1ab639599612
SHA512b3d30d5df3b6452c8bd0aae288f681ed7d20434dbeca88df723068ec9f3a1aade6557c034232ebf5ffe870674b56dabb10bc5d73c31b2e4ba54da4a6b073eb95
-
Filesize
72KB
MD5b436e621c305f8236d281853efa8fff7
SHA1c3f707b01c08d5c57c60313d9fcbec549ee73bd3
SHA256d5d75f044e89b5ef3cd7dd23fee44872b7141bad7de4be6b509f1ab639599612
SHA512b3d30d5df3b6452c8bd0aae288f681ed7d20434dbeca88df723068ec9f3a1aade6557c034232ebf5ffe870674b56dabb10bc5d73c31b2e4ba54da4a6b073eb95
-
Filesize
72KB
MD58fbc72a619264ac7caa564b22ae3bda0
SHA1d88e21a3fd20ca231bf5dda6707e8d7ac00f2cc2
SHA256866900666d9f26675309e43ae0205957afd444d10148e43c32df44dc8cd6c220
SHA512112fcb402c9691a8076ec08cf61a751524ac19efd24967abcb4680e3b4ecb3fc998afd44ec844d59af7aefbd332c095c84cec32916ad8149435f8758f8387d87
-
Filesize
72KB
MD58fbc72a619264ac7caa564b22ae3bda0
SHA1d88e21a3fd20ca231bf5dda6707e8d7ac00f2cc2
SHA256866900666d9f26675309e43ae0205957afd444d10148e43c32df44dc8cd6c220
SHA512112fcb402c9691a8076ec08cf61a751524ac19efd24967abcb4680e3b4ecb3fc998afd44ec844d59af7aefbd332c095c84cec32916ad8149435f8758f8387d87
-
Filesize
72KB
MD5afc922fabffc25330f143d7245a1bda6
SHA15d29d46b5d1da64a47facb3392d7af8cb9399ccc
SHA2564c6406d9ca0eb92a325b55fb4954b7c682b4a75321a09a5323189a56b133b692
SHA5127c633d17a63da483afa420376f37334b738ab98ca85565e7a98cbb8d9cc8eeda958adfc8ad5bade723606c522e4e4e4c7091c663aa2cf7917360dbf408743ad5
-
Filesize
72KB
MD5afc922fabffc25330f143d7245a1bda6
SHA15d29d46b5d1da64a47facb3392d7af8cb9399ccc
SHA2564c6406d9ca0eb92a325b55fb4954b7c682b4a75321a09a5323189a56b133b692
SHA5127c633d17a63da483afa420376f37334b738ab98ca85565e7a98cbb8d9cc8eeda958adfc8ad5bade723606c522e4e4e4c7091c663aa2cf7917360dbf408743ad5
-
Filesize
72KB
MD5204cc1707f320302b1b140569884ace2
SHA1275737523f12d5e120c4412d11ed920006d0ee2e
SHA256703384419225c3f8ad241e39f2056a64cd8403e314868efc6810ff5857cb8c5b
SHA512a9596f9e068f0b13826915947dcb590f625a44561d82614e9dd0790d435617151b158d5699b8cbedac83ae33c8d78319e05095cf3607d54ca13acd6e1d50045d
-
Filesize
72KB
MD51625fd1321e5c0b05c37fdba8ca0d2f9
SHA1a47ebdfd65069f3c88c9eff0f44f12221c38a94f
SHA25636ac78dbf20d33c59c3cc5e6a7b01fe5a2cdca1aed07ad01a32c38408f80bb98
SHA512c3617982196bfc8b5bb0eb00b99075f27ddcdd86a7438a6be52541718b691e1f56b0c7ca6d81c5ca07642ed90a10994c69b4d60ab1a81ad666c782241f9cc3ae
-
Filesize
72KB
MD51625fd1321e5c0b05c37fdba8ca0d2f9
SHA1a47ebdfd65069f3c88c9eff0f44f12221c38a94f
SHA25636ac78dbf20d33c59c3cc5e6a7b01fe5a2cdca1aed07ad01a32c38408f80bb98
SHA512c3617982196bfc8b5bb0eb00b99075f27ddcdd86a7438a6be52541718b691e1f56b0c7ca6d81c5ca07642ed90a10994c69b4d60ab1a81ad666c782241f9cc3ae
-
Filesize
72KB
MD5ff6dfd8d46190b5c5428c8edd4909d85
SHA1351163e5c223bbd6c171a1b2bb48e65805f2df95
SHA256f3934591cee803432bbe1335f6b57148cc7914006d4e6441d170df256c96d799
SHA51252189ca71d5f1bc447ea80948219450bddc017fb28dddf40a916b5e034e281cf2b07d61e3d53793aa4a7179ee812d0328c7ce519561bc202eaec5cadb73c27f8
-
Filesize
72KB
MD5ff6dfd8d46190b5c5428c8edd4909d85
SHA1351163e5c223bbd6c171a1b2bb48e65805f2df95
SHA256f3934591cee803432bbe1335f6b57148cc7914006d4e6441d170df256c96d799
SHA51252189ca71d5f1bc447ea80948219450bddc017fb28dddf40a916b5e034e281cf2b07d61e3d53793aa4a7179ee812d0328c7ce519561bc202eaec5cadb73c27f8
-
Filesize
72KB
MD51bd11df6133a3d29bb4d52029ae89125
SHA1e221cd3288290671020dbc0be4cec37fb0d9a1c9
SHA2568bcedad3889c5ec421bafb2321216c8d030118e908a05eb0304b5e23cee940a2
SHA512a075e6f9af222b8c02851c4772b953a1b45fc5b109005ba7ee33b4cd8251423fcaf2fabc01a2c16a88e7117119d246508ddc12e497789bd87cc7ecf64e2ccdc1
-
Filesize
72KB
MD51bd11df6133a3d29bb4d52029ae89125
SHA1e221cd3288290671020dbc0be4cec37fb0d9a1c9
SHA2568bcedad3889c5ec421bafb2321216c8d030118e908a05eb0304b5e23cee940a2
SHA512a075e6f9af222b8c02851c4772b953a1b45fc5b109005ba7ee33b4cd8251423fcaf2fabc01a2c16a88e7117119d246508ddc12e497789bd87cc7ecf64e2ccdc1
-
Filesize
72KB
MD5ee35ddaabec0613886dadd6c285d2d61
SHA1a13c07015479d10a146fc5ef72db7e48dd8f76e7
SHA2568901e4cfdbefd92ebf0d04597687df3d27134fbbccf39732253e496eae30c6b9
SHA512d4ae3a5311e2efe995f9d7e26b68ead255d8b4aa289b92c5ad6df3716c555e2507ad6276843ee7513a29d100f5f03b43c4aa18eedda69c40b8420b3ca4462bb1
-
Filesize
72KB
MD5f1d7a9b3562e7b95080402515de70759
SHA1ee6380bb2fbeb067423b0a4b4bc9c8685d3e51a0
SHA256bc013bacfcd5e192577c146039796a968fd577bdafa4dcb63b9e5406d7d59f34
SHA5122e52c8dc3ea9ee92b806495cf59076abf3bc76876a8fb0a653564875559130ef0dbf35f6419522996e660ea1c3c3ab3091472188b6dc83841b47b0ff59dcf519
-
Filesize
72KB
MD568870a907d3563ffa3b7ef6e8b34d939
SHA1ac46ee919fc2bf410cf6a0752e0b2ec1a9fcb79e
SHA2569b188e0dac8a02258811bccf390527e46673432cdbe2ac28c697cb4ba4a95687
SHA512284ed205380d810d64d1ebcbc4091f9caaad727867be136ea66ef5d32824e61b70729177a5b2db9f4aa5c897db1401e56598fb8c4c548723228dbfc089113a25
-
Filesize
72KB
MD5b38c008c17d97300443c60e77e055338
SHA1111e1794d4e72e5d2658ef4afc6b4580df8f3c0f
SHA25629217c72a0f558c42a0efe4b9f78d4e81d438a9669f00b16320ff73e15335fd7
SHA512aa0f69cbf4b925570a24682187d2f4cfcebd004c6310c9108a075b5630f4a6eb04f8c92532103ddd803ba3070728554767bd30e05123928e0594f883893c6e47
-
Filesize
72KB
MD535e3d82e243f65dd3ff5a3330c615fdf
SHA19cbc1d54d5765c25f89a6f643c78f092b157134f
SHA2560331e1e1612f1821baaafd74668a07c3bed86698a6d1815f9fca24b2bfd7e599
SHA51237b49b2a6afc67b0cc5f099eedd66d56bd17b871f23dda3512881f091026832275934c0da473421648b855f111e26522030b9eb33feaf44253f756715e7bd3c6
-
Filesize
72KB
MD535e3d82e243f65dd3ff5a3330c615fdf
SHA19cbc1d54d5765c25f89a6f643c78f092b157134f
SHA2560331e1e1612f1821baaafd74668a07c3bed86698a6d1815f9fca24b2bfd7e599
SHA51237b49b2a6afc67b0cc5f099eedd66d56bd17b871f23dda3512881f091026832275934c0da473421648b855f111e26522030b9eb33feaf44253f756715e7bd3c6
-
Filesize
72KB
MD5637ccc64cf0fd245ac2aaf93cce361f8
SHA1cf0a3039a713befbe3928bb1dcea89d9a8be136b
SHA2565b6ab0d4ff43a82d206135df15e6bd2ca70acbef2b92de7ab7c988530bd7ef39
SHA512cf247788436971f41d06a089bb3a5e274e4b6cb4f9458573b93970d46cfe3db471aeeccd6ddee3a5026e715464c95be5b6aa011ed7277e287d74b34c36e90e02
-
Filesize
72KB
MD5637ccc64cf0fd245ac2aaf93cce361f8
SHA1cf0a3039a713befbe3928bb1dcea89d9a8be136b
SHA2565b6ab0d4ff43a82d206135df15e6bd2ca70acbef2b92de7ab7c988530bd7ef39
SHA512cf247788436971f41d06a089bb3a5e274e4b6cb4f9458573b93970d46cfe3db471aeeccd6ddee3a5026e715464c95be5b6aa011ed7277e287d74b34c36e90e02
-
Filesize
72KB
MD5637ccc64cf0fd245ac2aaf93cce361f8
SHA1cf0a3039a713befbe3928bb1dcea89d9a8be136b
SHA2565b6ab0d4ff43a82d206135df15e6bd2ca70acbef2b92de7ab7c988530bd7ef39
SHA512cf247788436971f41d06a089bb3a5e274e4b6cb4f9458573b93970d46cfe3db471aeeccd6ddee3a5026e715464c95be5b6aa011ed7277e287d74b34c36e90e02
-
Filesize
72KB
MD5637ccc64cf0fd245ac2aaf93cce361f8
SHA1cf0a3039a713befbe3928bb1dcea89d9a8be136b
SHA2565b6ab0d4ff43a82d206135df15e6bd2ca70acbef2b92de7ab7c988530bd7ef39
SHA512cf247788436971f41d06a089bb3a5e274e4b6cb4f9458573b93970d46cfe3db471aeeccd6ddee3a5026e715464c95be5b6aa011ed7277e287d74b34c36e90e02
-
Filesize
72KB
MD5637ccc64cf0fd245ac2aaf93cce361f8
SHA1cf0a3039a713befbe3928bb1dcea89d9a8be136b
SHA2565b6ab0d4ff43a82d206135df15e6bd2ca70acbef2b92de7ab7c988530bd7ef39
SHA512cf247788436971f41d06a089bb3a5e274e4b6cb4f9458573b93970d46cfe3db471aeeccd6ddee3a5026e715464c95be5b6aa011ed7277e287d74b34c36e90e02
-
Filesize
72KB
MD5b436e621c305f8236d281853efa8fff7
SHA1c3f707b01c08d5c57c60313d9fcbec549ee73bd3
SHA256d5d75f044e89b5ef3cd7dd23fee44872b7141bad7de4be6b509f1ab639599612
SHA512b3d30d5df3b6452c8bd0aae288f681ed7d20434dbeca88df723068ec9f3a1aade6557c034232ebf5ffe870674b56dabb10bc5d73c31b2e4ba54da4a6b073eb95
-
Filesize
72KB
MD5b436e621c305f8236d281853efa8fff7
SHA1c3f707b01c08d5c57c60313d9fcbec549ee73bd3
SHA256d5d75f044e89b5ef3cd7dd23fee44872b7141bad7de4be6b509f1ab639599612
SHA512b3d30d5df3b6452c8bd0aae288f681ed7d20434dbeca88df723068ec9f3a1aade6557c034232ebf5ffe870674b56dabb10bc5d73c31b2e4ba54da4a6b073eb95
-
Filesize
72KB
MD5b436e621c305f8236d281853efa8fff7
SHA1c3f707b01c08d5c57c60313d9fcbec549ee73bd3
SHA256d5d75f044e89b5ef3cd7dd23fee44872b7141bad7de4be6b509f1ab639599612
SHA512b3d30d5df3b6452c8bd0aae288f681ed7d20434dbeca88df723068ec9f3a1aade6557c034232ebf5ffe870674b56dabb10bc5d73c31b2e4ba54da4a6b073eb95
-
Filesize
72KB
MD5b436e621c305f8236d281853efa8fff7
SHA1c3f707b01c08d5c57c60313d9fcbec549ee73bd3
SHA256d5d75f044e89b5ef3cd7dd23fee44872b7141bad7de4be6b509f1ab639599612
SHA512b3d30d5df3b6452c8bd0aae288f681ed7d20434dbeca88df723068ec9f3a1aade6557c034232ebf5ffe870674b56dabb10bc5d73c31b2e4ba54da4a6b073eb95
-
Filesize
72KB
MD5b436e621c305f8236d281853efa8fff7
SHA1c3f707b01c08d5c57c60313d9fcbec549ee73bd3
SHA256d5d75f044e89b5ef3cd7dd23fee44872b7141bad7de4be6b509f1ab639599612
SHA512b3d30d5df3b6452c8bd0aae288f681ed7d20434dbeca88df723068ec9f3a1aade6557c034232ebf5ffe870674b56dabb10bc5d73c31b2e4ba54da4a6b073eb95
-
Filesize
72KB
MD58fbc72a619264ac7caa564b22ae3bda0
SHA1d88e21a3fd20ca231bf5dda6707e8d7ac00f2cc2
SHA256866900666d9f26675309e43ae0205957afd444d10148e43c32df44dc8cd6c220
SHA512112fcb402c9691a8076ec08cf61a751524ac19efd24967abcb4680e3b4ecb3fc998afd44ec844d59af7aefbd332c095c84cec32916ad8149435f8758f8387d87
-
Filesize
72KB
MD58fbc72a619264ac7caa564b22ae3bda0
SHA1d88e21a3fd20ca231bf5dda6707e8d7ac00f2cc2
SHA256866900666d9f26675309e43ae0205957afd444d10148e43c32df44dc8cd6c220
SHA512112fcb402c9691a8076ec08cf61a751524ac19efd24967abcb4680e3b4ecb3fc998afd44ec844d59af7aefbd332c095c84cec32916ad8149435f8758f8387d87
-
Filesize
72KB
MD58fbc72a619264ac7caa564b22ae3bda0
SHA1d88e21a3fd20ca231bf5dda6707e8d7ac00f2cc2
SHA256866900666d9f26675309e43ae0205957afd444d10148e43c32df44dc8cd6c220
SHA512112fcb402c9691a8076ec08cf61a751524ac19efd24967abcb4680e3b4ecb3fc998afd44ec844d59af7aefbd332c095c84cec32916ad8149435f8758f8387d87
-
Filesize
72KB
MD58fbc72a619264ac7caa564b22ae3bda0
SHA1d88e21a3fd20ca231bf5dda6707e8d7ac00f2cc2
SHA256866900666d9f26675309e43ae0205957afd444d10148e43c32df44dc8cd6c220
SHA512112fcb402c9691a8076ec08cf61a751524ac19efd24967abcb4680e3b4ecb3fc998afd44ec844d59af7aefbd332c095c84cec32916ad8149435f8758f8387d87
-
Filesize
72KB
MD58fbc72a619264ac7caa564b22ae3bda0
SHA1d88e21a3fd20ca231bf5dda6707e8d7ac00f2cc2
SHA256866900666d9f26675309e43ae0205957afd444d10148e43c32df44dc8cd6c220
SHA512112fcb402c9691a8076ec08cf61a751524ac19efd24967abcb4680e3b4ecb3fc998afd44ec844d59af7aefbd332c095c84cec32916ad8149435f8758f8387d87
-
Filesize
72KB
MD5afc922fabffc25330f143d7245a1bda6
SHA15d29d46b5d1da64a47facb3392d7af8cb9399ccc
SHA2564c6406d9ca0eb92a325b55fb4954b7c682b4a75321a09a5323189a56b133b692
SHA5127c633d17a63da483afa420376f37334b738ab98ca85565e7a98cbb8d9cc8eeda958adfc8ad5bade723606c522e4e4e4c7091c663aa2cf7917360dbf408743ad5
-
Filesize
72KB
MD5afc922fabffc25330f143d7245a1bda6
SHA15d29d46b5d1da64a47facb3392d7af8cb9399ccc
SHA2564c6406d9ca0eb92a325b55fb4954b7c682b4a75321a09a5323189a56b133b692
SHA5127c633d17a63da483afa420376f37334b738ab98ca85565e7a98cbb8d9cc8eeda958adfc8ad5bade723606c522e4e4e4c7091c663aa2cf7917360dbf408743ad5
-
Filesize
72KB
MD5afc922fabffc25330f143d7245a1bda6
SHA15d29d46b5d1da64a47facb3392d7af8cb9399ccc
SHA2564c6406d9ca0eb92a325b55fb4954b7c682b4a75321a09a5323189a56b133b692
SHA5127c633d17a63da483afa420376f37334b738ab98ca85565e7a98cbb8d9cc8eeda958adfc8ad5bade723606c522e4e4e4c7091c663aa2cf7917360dbf408743ad5
-
Filesize
72KB
MD5afc922fabffc25330f143d7245a1bda6
SHA15d29d46b5d1da64a47facb3392d7af8cb9399ccc
SHA2564c6406d9ca0eb92a325b55fb4954b7c682b4a75321a09a5323189a56b133b692
SHA5127c633d17a63da483afa420376f37334b738ab98ca85565e7a98cbb8d9cc8eeda958adfc8ad5bade723606c522e4e4e4c7091c663aa2cf7917360dbf408743ad5
-
Filesize
72KB
MD5afc922fabffc25330f143d7245a1bda6
SHA15d29d46b5d1da64a47facb3392d7af8cb9399ccc
SHA2564c6406d9ca0eb92a325b55fb4954b7c682b4a75321a09a5323189a56b133b692
SHA5127c633d17a63da483afa420376f37334b738ab98ca85565e7a98cbb8d9cc8eeda958adfc8ad5bade723606c522e4e4e4c7091c663aa2cf7917360dbf408743ad5
-
Filesize
72KB
MD5204cc1707f320302b1b140569884ace2
SHA1275737523f12d5e120c4412d11ed920006d0ee2e
SHA256703384419225c3f8ad241e39f2056a64cd8403e314868efc6810ff5857cb8c5b
SHA512a9596f9e068f0b13826915947dcb590f625a44561d82614e9dd0790d435617151b158d5699b8cbedac83ae33c8d78319e05095cf3607d54ca13acd6e1d50045d
-
Filesize
72KB
MD5204cc1707f320302b1b140569884ace2
SHA1275737523f12d5e120c4412d11ed920006d0ee2e
SHA256703384419225c3f8ad241e39f2056a64cd8403e314868efc6810ff5857cb8c5b
SHA512a9596f9e068f0b13826915947dcb590f625a44561d82614e9dd0790d435617151b158d5699b8cbedac83ae33c8d78319e05095cf3607d54ca13acd6e1d50045d
-
Filesize
72KB
MD51625fd1321e5c0b05c37fdba8ca0d2f9
SHA1a47ebdfd65069f3c88c9eff0f44f12221c38a94f
SHA25636ac78dbf20d33c59c3cc5e6a7b01fe5a2cdca1aed07ad01a32c38408f80bb98
SHA512c3617982196bfc8b5bb0eb00b99075f27ddcdd86a7438a6be52541718b691e1f56b0c7ca6d81c5ca07642ed90a10994c69b4d60ab1a81ad666c782241f9cc3ae
-
Filesize
72KB
MD51625fd1321e5c0b05c37fdba8ca0d2f9
SHA1a47ebdfd65069f3c88c9eff0f44f12221c38a94f
SHA25636ac78dbf20d33c59c3cc5e6a7b01fe5a2cdca1aed07ad01a32c38408f80bb98
SHA512c3617982196bfc8b5bb0eb00b99075f27ddcdd86a7438a6be52541718b691e1f56b0c7ca6d81c5ca07642ed90a10994c69b4d60ab1a81ad666c782241f9cc3ae
-
Filesize
72KB
MD51625fd1321e5c0b05c37fdba8ca0d2f9
SHA1a47ebdfd65069f3c88c9eff0f44f12221c38a94f
SHA25636ac78dbf20d33c59c3cc5e6a7b01fe5a2cdca1aed07ad01a32c38408f80bb98
SHA512c3617982196bfc8b5bb0eb00b99075f27ddcdd86a7438a6be52541718b691e1f56b0c7ca6d81c5ca07642ed90a10994c69b4d60ab1a81ad666c782241f9cc3ae
-
Filesize
72KB
MD51625fd1321e5c0b05c37fdba8ca0d2f9
SHA1a47ebdfd65069f3c88c9eff0f44f12221c38a94f
SHA25636ac78dbf20d33c59c3cc5e6a7b01fe5a2cdca1aed07ad01a32c38408f80bb98
SHA512c3617982196bfc8b5bb0eb00b99075f27ddcdd86a7438a6be52541718b691e1f56b0c7ca6d81c5ca07642ed90a10994c69b4d60ab1a81ad666c782241f9cc3ae
-
Filesize
72KB
MD51625fd1321e5c0b05c37fdba8ca0d2f9
SHA1a47ebdfd65069f3c88c9eff0f44f12221c38a94f
SHA25636ac78dbf20d33c59c3cc5e6a7b01fe5a2cdca1aed07ad01a32c38408f80bb98
SHA512c3617982196bfc8b5bb0eb00b99075f27ddcdd86a7438a6be52541718b691e1f56b0c7ca6d81c5ca07642ed90a10994c69b4d60ab1a81ad666c782241f9cc3ae
-
Filesize
72KB
MD5ff6dfd8d46190b5c5428c8edd4909d85
SHA1351163e5c223bbd6c171a1b2bb48e65805f2df95
SHA256f3934591cee803432bbe1335f6b57148cc7914006d4e6441d170df256c96d799
SHA51252189ca71d5f1bc447ea80948219450bddc017fb28dddf40a916b5e034e281cf2b07d61e3d53793aa4a7179ee812d0328c7ce519561bc202eaec5cadb73c27f8
-
Filesize
72KB
MD5ff6dfd8d46190b5c5428c8edd4909d85
SHA1351163e5c223bbd6c171a1b2bb48e65805f2df95
SHA256f3934591cee803432bbe1335f6b57148cc7914006d4e6441d170df256c96d799
SHA51252189ca71d5f1bc447ea80948219450bddc017fb28dddf40a916b5e034e281cf2b07d61e3d53793aa4a7179ee812d0328c7ce519561bc202eaec5cadb73c27f8
-
Filesize
72KB
MD5ff6dfd8d46190b5c5428c8edd4909d85
SHA1351163e5c223bbd6c171a1b2bb48e65805f2df95
SHA256f3934591cee803432bbe1335f6b57148cc7914006d4e6441d170df256c96d799
SHA51252189ca71d5f1bc447ea80948219450bddc017fb28dddf40a916b5e034e281cf2b07d61e3d53793aa4a7179ee812d0328c7ce519561bc202eaec5cadb73c27f8
-
Filesize
72KB
MD5ff6dfd8d46190b5c5428c8edd4909d85
SHA1351163e5c223bbd6c171a1b2bb48e65805f2df95
SHA256f3934591cee803432bbe1335f6b57148cc7914006d4e6441d170df256c96d799
SHA51252189ca71d5f1bc447ea80948219450bddc017fb28dddf40a916b5e034e281cf2b07d61e3d53793aa4a7179ee812d0328c7ce519561bc202eaec5cadb73c27f8
-
Filesize
72KB
MD51bd11df6133a3d29bb4d52029ae89125
SHA1e221cd3288290671020dbc0be4cec37fb0d9a1c9
SHA2568bcedad3889c5ec421bafb2321216c8d030118e908a05eb0304b5e23cee940a2
SHA512a075e6f9af222b8c02851c4772b953a1b45fc5b109005ba7ee33b4cd8251423fcaf2fabc01a2c16a88e7117119d246508ddc12e497789bd87cc7ecf64e2ccdc1
-
Filesize
72KB
MD51bd11df6133a3d29bb4d52029ae89125
SHA1e221cd3288290671020dbc0be4cec37fb0d9a1c9
SHA2568bcedad3889c5ec421bafb2321216c8d030118e908a05eb0304b5e23cee940a2
SHA512a075e6f9af222b8c02851c4772b953a1b45fc5b109005ba7ee33b4cd8251423fcaf2fabc01a2c16a88e7117119d246508ddc12e497789bd87cc7ecf64e2ccdc1
-
Filesize
72KB
MD51bd11df6133a3d29bb4d52029ae89125
SHA1e221cd3288290671020dbc0be4cec37fb0d9a1c9
SHA2568bcedad3889c5ec421bafb2321216c8d030118e908a05eb0304b5e23cee940a2
SHA512a075e6f9af222b8c02851c4772b953a1b45fc5b109005ba7ee33b4cd8251423fcaf2fabc01a2c16a88e7117119d246508ddc12e497789bd87cc7ecf64e2ccdc1
-
Filesize
72KB
MD51bd11df6133a3d29bb4d52029ae89125
SHA1e221cd3288290671020dbc0be4cec37fb0d9a1c9
SHA2568bcedad3889c5ec421bafb2321216c8d030118e908a05eb0304b5e23cee940a2
SHA512a075e6f9af222b8c02851c4772b953a1b45fc5b109005ba7ee33b4cd8251423fcaf2fabc01a2c16a88e7117119d246508ddc12e497789bd87cc7ecf64e2ccdc1
-
Filesize
72KB
MD5ee35ddaabec0613886dadd6c285d2d61
SHA1a13c07015479d10a146fc5ef72db7e48dd8f76e7
SHA2568901e4cfdbefd92ebf0d04597687df3d27134fbbccf39732253e496eae30c6b9
SHA512d4ae3a5311e2efe995f9d7e26b68ead255d8b4aa289b92c5ad6df3716c555e2507ad6276843ee7513a29d100f5f03b43c4aa18eedda69c40b8420b3ca4462bb1
-
Filesize
72KB
MD5ee35ddaabec0613886dadd6c285d2d61
SHA1a13c07015479d10a146fc5ef72db7e48dd8f76e7
SHA2568901e4cfdbefd92ebf0d04597687df3d27134fbbccf39732253e496eae30c6b9
SHA512d4ae3a5311e2efe995f9d7e26b68ead255d8b4aa289b92c5ad6df3716c555e2507ad6276843ee7513a29d100f5f03b43c4aa18eedda69c40b8420b3ca4462bb1
-
Filesize
72KB
MD5f1d7a9b3562e7b95080402515de70759
SHA1ee6380bb2fbeb067423b0a4b4bc9c8685d3e51a0
SHA256bc013bacfcd5e192577c146039796a968fd577bdafa4dcb63b9e5406d7d59f34
SHA5122e52c8dc3ea9ee92b806495cf59076abf3bc76876a8fb0a653564875559130ef0dbf35f6419522996e660ea1c3c3ab3091472188b6dc83841b47b0ff59dcf519
-
Filesize
72KB
MD5f1d7a9b3562e7b95080402515de70759
SHA1ee6380bb2fbeb067423b0a4b4bc9c8685d3e51a0
SHA256bc013bacfcd5e192577c146039796a968fd577bdafa4dcb63b9e5406d7d59f34
SHA5122e52c8dc3ea9ee92b806495cf59076abf3bc76876a8fb0a653564875559130ef0dbf35f6419522996e660ea1c3c3ab3091472188b6dc83841b47b0ff59dcf519
-
Filesize
72KB
MD568870a907d3563ffa3b7ef6e8b34d939
SHA1ac46ee919fc2bf410cf6a0752e0b2ec1a9fcb79e
SHA2569b188e0dac8a02258811bccf390527e46673432cdbe2ac28c697cb4ba4a95687
SHA512284ed205380d810d64d1ebcbc4091f9caaad727867be136ea66ef5d32824e61b70729177a5b2db9f4aa5c897db1401e56598fb8c4c548723228dbfc089113a25
-
Filesize
72KB
MD568870a907d3563ffa3b7ef6e8b34d939
SHA1ac46ee919fc2bf410cf6a0752e0b2ec1a9fcb79e
SHA2569b188e0dac8a02258811bccf390527e46673432cdbe2ac28c697cb4ba4a95687
SHA512284ed205380d810d64d1ebcbc4091f9caaad727867be136ea66ef5d32824e61b70729177a5b2db9f4aa5c897db1401e56598fb8c4c548723228dbfc089113a25
-
Filesize
72KB
MD5b38c008c17d97300443c60e77e055338
SHA1111e1794d4e72e5d2658ef4afc6b4580df8f3c0f
SHA25629217c72a0f558c42a0efe4b9f78d4e81d438a9669f00b16320ff73e15335fd7
SHA512aa0f69cbf4b925570a24682187d2f4cfcebd004c6310c9108a075b5630f4a6eb04f8c92532103ddd803ba3070728554767bd30e05123928e0594f883893c6e47
-
Filesize
72KB
MD5b38c008c17d97300443c60e77e055338
SHA1111e1794d4e72e5d2658ef4afc6b4580df8f3c0f
SHA25629217c72a0f558c42a0efe4b9f78d4e81d438a9669f00b16320ff73e15335fd7
SHA512aa0f69cbf4b925570a24682187d2f4cfcebd004c6310c9108a075b5630f4a6eb04f8c92532103ddd803ba3070728554767bd30e05123928e0594f883893c6e47
-
Filesize
40KB
-
Filesize
24KB
-
Filesize
8KB