Analysis
-
max time kernel
175s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
20-10-2022 04:36
General
-
Target
65f32762ce8e75641128331ab9ea1f5d99b4dddf8724d99b3f827ee1d2822bca.exe
-
Size
72KB
-
MD5
5aed2e00b28da796c9841b1a508de3f0
-
SHA1
808b70fd529e70bbf515b21300f2b857a341b94f
-
SHA256
65f32762ce8e75641128331ab9ea1f5d99b4dddf8724d99b3f827ee1d2822bca
-
SHA512
5ec2131b0a3f57dca3372fcf0c4d8e26f604697e8e5399260403fb6add093d5f46b53762ff3b2b67b9beb84e3e82af2f3b13f9c1c0562309ce46397966ff046e
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2M:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrg
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 16 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\65f32762ce8e75641128331ab9ea1f5d99b4dddf8724d99b3f827ee1d2822bca.exe"C:\Users\Admin\AppData\Local\Temp\65f32762ce8e75641128331ab9ea1f5d99b4dddf8724d99b3f827ee1d2822bca.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1351869655\backup.exeC:\Users\Admin\AppData\Local\Temp\1351869655\backup.exe C:\Users\Admin\AppData\Local\Temp\1351869655\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\update.exe\update.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\update.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\update.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\update.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\update.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pl-PL\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-BR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-PT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ro-RO\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ru-RU\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sk-SK\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sl-SI\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\th-TH\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sv-SE\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\tr-TR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\uk-UA\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\zh-CN\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\zh-TW\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\System Restore.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\System Restore.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\System Restore.exe"C:\Program Files\Common Files\System\ado\de-DE\System Restore.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
-
C:\Program Files\Common Files\System\ado\es-ES\update.exe"C:\Program Files\Common Files\System\ado\es-ES\update.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ja-JP\System Restore.exe"C:\Program Files\Common Files\System\ja-JP\System Restore.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\System\Ole DB\update.exe"C:\Program Files\Common Files\System\Ole DB\update.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\data.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\data.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\System Restore.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\System Restore.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Internet Explorer\de-DE\System Restore.exe"C:\Program Files\Internet Explorer\de-DE\System Restore.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- System policy modification
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
-
C:\Program Files\Internet Explorer\ja-JP\update.exe"C:\Program Files\Internet Explorer\ja-JP\update.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
- System policy modification
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\bin\data.exe"C:\Program Files\Java\jdk1.8.0_66\bin\data.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\data.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\data.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\9⤵
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\9⤵
-
-
-
-
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\10⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\10⤵
- Disables RegEdit via registry modification
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
- System policy modification
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Drops file in Program Files directory
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\data.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\data.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
- Drops file in Program Files directory
-
-
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\System Restore.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\System Restore.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\data.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\data.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\7⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- System policy modification
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
-
C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Executes dropped EXE
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- System policy modification
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
-
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
- System policy modification
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
- System policy modification
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
- System policy modification
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
-
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
-
-
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\apppatch\data.exeC:\Windows\apppatch\data.exe C:\Windows\apppatch\5⤵
- Drops file in Windows directory
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
- Drops file in Windows directory
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
- Disables RegEdit via registry modification
-
-
-
C:\Windows\apppatch\CustomSDB\System Restore.exe"C:\Windows\apppatch\CustomSDB\System Restore.exe" C:\Windows\apppatch\CustomSDB\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\apppatch\de-DE\update.exeC:\Windows\apppatch\de-DE\update.exe C:\Windows\apppatch\de-DE\6⤵
-
-
C:\Windows\apppatch\en-US\data.exeC:\Windows\apppatch\en-US\data.exe C:\Windows\apppatch\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Windows\apppatch\es-ES\backup.exeC:\Windows\apppatch\es-ES\backup.exe C:\Windows\apppatch\es-ES\6⤵
- System policy modification
-
-
C:\Windows\apppatch\fr-FR\backup.exeC:\Windows\apppatch\fr-FR\backup.exe C:\Windows\apppatch\fr-FR\6⤵
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\2⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\3⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\3⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\4⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\5⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\7⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\7⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\4⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\2⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\2⤵
- Disables RegEdit via registry modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5232a7d8c3db388d18a8a041b297ace24
SHA180dc846ae87dc7aea95c0c926bbbb4fefb5881bf
SHA25627172ceafdaf90400701f2e95b3ab0e35cb894a1872defdc99e82039b2a5f586
SHA512d40d1b51a8a4125ec2b0639acefb44a9cb268f22d75aae8b2b71c77d32f76125378a8db5309078f4c6af4d3200952c454aa978df05db714e6eefbe6fdf4a05c2
-
Filesize
72KB
MD5232a7d8c3db388d18a8a041b297ace24
SHA180dc846ae87dc7aea95c0c926bbbb4fefb5881bf
SHA25627172ceafdaf90400701f2e95b3ab0e35cb894a1872defdc99e82039b2a5f586
SHA512d40d1b51a8a4125ec2b0639acefb44a9cb268f22d75aae8b2b71c77d32f76125378a8db5309078f4c6af4d3200952c454aa978df05db714e6eefbe6fdf4a05c2
-
Filesize
72KB
MD5b1782c194ac73f9918a3bc92830a715a
SHA14faf36333b34ad035f6a1a65e4df23f87918a422
SHA256f2892b67c504526f5a3ca8ba4c4a1f5c8fcdd140ef528b58859926318f482d3f
SHA51207a1d4d0150ec710d9530c4712e493feece40dbb0190977cd0f63667727f5e9482665a4dc8cdf563afd5aed59cc553d42115a91d9c493c287cdbf1c88bc07ae2
-
Filesize
72KB
MD5b1782c194ac73f9918a3bc92830a715a
SHA14faf36333b34ad035f6a1a65e4df23f87918a422
SHA256f2892b67c504526f5a3ca8ba4c4a1f5c8fcdd140ef528b58859926318f482d3f
SHA51207a1d4d0150ec710d9530c4712e493feece40dbb0190977cd0f63667727f5e9482665a4dc8cdf563afd5aed59cc553d42115a91d9c493c287cdbf1c88bc07ae2
-
Filesize
72KB
MD5ae5063f90b48cc1eccd22deaefe8b236
SHA10aae11ab37bc8c60bb7ea248a36bad708b11acbe
SHA256f46f360ff242c20e77da6ebc713266403d87a0457741bfe31664a22f85fdb9ef
SHA512baddfe686f22d9cb02e76fceddc607ec92ac7e761af811dd451492010e9671ae4b183b037b3bba58b7c23f0b5c7e0ec4a3abd47692d80c1ca8b9aa496c8e90d2
-
Filesize
72KB
MD5ae5063f90b48cc1eccd22deaefe8b236
SHA10aae11ab37bc8c60bb7ea248a36bad708b11acbe
SHA256f46f360ff242c20e77da6ebc713266403d87a0457741bfe31664a22f85fdb9ef
SHA512baddfe686f22d9cb02e76fceddc607ec92ac7e761af811dd451492010e9671ae4b183b037b3bba58b7c23f0b5c7e0ec4a3abd47692d80c1ca8b9aa496c8e90d2
-
Filesize
72KB
MD58b4c65fbc0a213a7d2d83268c1c49738
SHA1590e807d67d857ecf265b61eb7123a39e3721d1d
SHA2567cecd207323b9fee947a0119018251875d0c24dd9c57a6ef700f99e44794f24c
SHA512d5260a22389150e296e397aed1ae4cae600d78303d2a33ea8bff48afbcb8126f31d5063221f620e2fa0e2b29dc151a222f0d4c61075c9c30a861db6544569898
-
Filesize
72KB
MD58b4c65fbc0a213a7d2d83268c1c49738
SHA1590e807d67d857ecf265b61eb7123a39e3721d1d
SHA2567cecd207323b9fee947a0119018251875d0c24dd9c57a6ef700f99e44794f24c
SHA512d5260a22389150e296e397aed1ae4cae600d78303d2a33ea8bff48afbcb8126f31d5063221f620e2fa0e2b29dc151a222f0d4c61075c9c30a861db6544569898
-
Filesize
72KB
MD5ae5063f90b48cc1eccd22deaefe8b236
SHA10aae11ab37bc8c60bb7ea248a36bad708b11acbe
SHA256f46f360ff242c20e77da6ebc713266403d87a0457741bfe31664a22f85fdb9ef
SHA512baddfe686f22d9cb02e76fceddc607ec92ac7e761af811dd451492010e9671ae4b183b037b3bba58b7c23f0b5c7e0ec4a3abd47692d80c1ca8b9aa496c8e90d2
-
Filesize
72KB
MD5ae5063f90b48cc1eccd22deaefe8b236
SHA10aae11ab37bc8c60bb7ea248a36bad708b11acbe
SHA256f46f360ff242c20e77da6ebc713266403d87a0457741bfe31664a22f85fdb9ef
SHA512baddfe686f22d9cb02e76fceddc607ec92ac7e761af811dd451492010e9671ae4b183b037b3bba58b7c23f0b5c7e0ec4a3abd47692d80c1ca8b9aa496c8e90d2
-
Filesize
72KB
MD50066c7f1082a60b9011917efb1aba9a1
SHA139c1ba3959d306be155c6b6f4d4f1383b96df76a
SHA256222931cb55b25b4879b33b7034cccf6d06b66d02ee72d3b5665d5752579f3a58
SHA512934756e917bfe6f3f2506efe69f056af7be79166dec817457d7fecfcd7d572dd503d9fd0abad0bc2078e5b2eb6eca9e839815593dffa576db1cc6066324402dd
-
Filesize
72KB
MD50066c7f1082a60b9011917efb1aba9a1
SHA139c1ba3959d306be155c6b6f4d4f1383b96df76a
SHA256222931cb55b25b4879b33b7034cccf6d06b66d02ee72d3b5665d5752579f3a58
SHA512934756e917bfe6f3f2506efe69f056af7be79166dec817457d7fecfcd7d572dd503d9fd0abad0bc2078e5b2eb6eca9e839815593dffa576db1cc6066324402dd
-
Filesize
72KB
MD58b4c65fbc0a213a7d2d83268c1c49738
SHA1590e807d67d857ecf265b61eb7123a39e3721d1d
SHA2567cecd207323b9fee947a0119018251875d0c24dd9c57a6ef700f99e44794f24c
SHA512d5260a22389150e296e397aed1ae4cae600d78303d2a33ea8bff48afbcb8126f31d5063221f620e2fa0e2b29dc151a222f0d4c61075c9c30a861db6544569898
-
Filesize
72KB
MD58b4c65fbc0a213a7d2d83268c1c49738
SHA1590e807d67d857ecf265b61eb7123a39e3721d1d
SHA2567cecd207323b9fee947a0119018251875d0c24dd9c57a6ef700f99e44794f24c
SHA512d5260a22389150e296e397aed1ae4cae600d78303d2a33ea8bff48afbcb8126f31d5063221f620e2fa0e2b29dc151a222f0d4c61075c9c30a861db6544569898
-
Filesize
72KB
MD5d865e30c39bb934e311ef51b948f2ef2
SHA10d1e47e15d73cc06e1cd31751164c86bea8ee0e6
SHA25657424faf2cf9d6b974f7e50cf6a6c90cdc8e46c996d4d3d4cde0e06804f0e2d0
SHA512d61b766c39cfb260cf882e84310931a11b9704de7f62ce54b7c73b6412377789c6de321c4b8e5b27739801a000ad9888d7636d92641ddde3da61f09ff4fcd373
-
Filesize
72KB
MD5d865e30c39bb934e311ef51b948f2ef2
SHA10d1e47e15d73cc06e1cd31751164c86bea8ee0e6
SHA25657424faf2cf9d6b974f7e50cf6a6c90cdc8e46c996d4d3d4cde0e06804f0e2d0
SHA512d61b766c39cfb260cf882e84310931a11b9704de7f62ce54b7c73b6412377789c6de321c4b8e5b27739801a000ad9888d7636d92641ddde3da61f09ff4fcd373
-
Filesize
72KB
MD50066c7f1082a60b9011917efb1aba9a1
SHA139c1ba3959d306be155c6b6f4d4f1383b96df76a
SHA256222931cb55b25b4879b33b7034cccf6d06b66d02ee72d3b5665d5752579f3a58
SHA512934756e917bfe6f3f2506efe69f056af7be79166dec817457d7fecfcd7d572dd503d9fd0abad0bc2078e5b2eb6eca9e839815593dffa576db1cc6066324402dd
-
Filesize
72KB
MD50066c7f1082a60b9011917efb1aba9a1
SHA139c1ba3959d306be155c6b6f4d4f1383b96df76a
SHA256222931cb55b25b4879b33b7034cccf6d06b66d02ee72d3b5665d5752579f3a58
SHA512934756e917bfe6f3f2506efe69f056af7be79166dec817457d7fecfcd7d572dd503d9fd0abad0bc2078e5b2eb6eca9e839815593dffa576db1cc6066324402dd
-
Filesize
72KB
MD5d865e30c39bb934e311ef51b948f2ef2
SHA10d1e47e15d73cc06e1cd31751164c86bea8ee0e6
SHA25657424faf2cf9d6b974f7e50cf6a6c90cdc8e46c996d4d3d4cde0e06804f0e2d0
SHA512d61b766c39cfb260cf882e84310931a11b9704de7f62ce54b7c73b6412377789c6de321c4b8e5b27739801a000ad9888d7636d92641ddde3da61f09ff4fcd373
-
Filesize
72KB
MD5d865e30c39bb934e311ef51b948f2ef2
SHA10d1e47e15d73cc06e1cd31751164c86bea8ee0e6
SHA25657424faf2cf9d6b974f7e50cf6a6c90cdc8e46c996d4d3d4cde0e06804f0e2d0
SHA512d61b766c39cfb260cf882e84310931a11b9704de7f62ce54b7c73b6412377789c6de321c4b8e5b27739801a000ad9888d7636d92641ddde3da61f09ff4fcd373
-
Filesize
72KB
MD5d865e30c39bb934e311ef51b948f2ef2
SHA10d1e47e15d73cc06e1cd31751164c86bea8ee0e6
SHA25657424faf2cf9d6b974f7e50cf6a6c90cdc8e46c996d4d3d4cde0e06804f0e2d0
SHA512d61b766c39cfb260cf882e84310931a11b9704de7f62ce54b7c73b6412377789c6de321c4b8e5b27739801a000ad9888d7636d92641ddde3da61f09ff4fcd373
-
Filesize
72KB
MD5d865e30c39bb934e311ef51b948f2ef2
SHA10d1e47e15d73cc06e1cd31751164c86bea8ee0e6
SHA25657424faf2cf9d6b974f7e50cf6a6c90cdc8e46c996d4d3d4cde0e06804f0e2d0
SHA512d61b766c39cfb260cf882e84310931a11b9704de7f62ce54b7c73b6412377789c6de321c4b8e5b27739801a000ad9888d7636d92641ddde3da61f09ff4fcd373
-
Filesize
72KB
MD5d865e30c39bb934e311ef51b948f2ef2
SHA10d1e47e15d73cc06e1cd31751164c86bea8ee0e6
SHA25657424faf2cf9d6b974f7e50cf6a6c90cdc8e46c996d4d3d4cde0e06804f0e2d0
SHA512d61b766c39cfb260cf882e84310931a11b9704de7f62ce54b7c73b6412377789c6de321c4b8e5b27739801a000ad9888d7636d92641ddde3da61f09ff4fcd373
-
Filesize
72KB
MD5d865e30c39bb934e311ef51b948f2ef2
SHA10d1e47e15d73cc06e1cd31751164c86bea8ee0e6
SHA25657424faf2cf9d6b974f7e50cf6a6c90cdc8e46c996d4d3d4cde0e06804f0e2d0
SHA512d61b766c39cfb260cf882e84310931a11b9704de7f62ce54b7c73b6412377789c6de321c4b8e5b27739801a000ad9888d7636d92641ddde3da61f09ff4fcd373
-
Filesize
72KB
MD5d865e30c39bb934e311ef51b948f2ef2
SHA10d1e47e15d73cc06e1cd31751164c86bea8ee0e6
SHA25657424faf2cf9d6b974f7e50cf6a6c90cdc8e46c996d4d3d4cde0e06804f0e2d0
SHA512d61b766c39cfb260cf882e84310931a11b9704de7f62ce54b7c73b6412377789c6de321c4b8e5b27739801a000ad9888d7636d92641ddde3da61f09ff4fcd373
-
Filesize
72KB
MD5d865e30c39bb934e311ef51b948f2ef2
SHA10d1e47e15d73cc06e1cd31751164c86bea8ee0e6
SHA25657424faf2cf9d6b974f7e50cf6a6c90cdc8e46c996d4d3d4cde0e06804f0e2d0
SHA512d61b766c39cfb260cf882e84310931a11b9704de7f62ce54b7c73b6412377789c6de321c4b8e5b27739801a000ad9888d7636d92641ddde3da61f09ff4fcd373
-
Filesize
72KB
MD5340d4b866dc82ebb53548d8d9fdb4ebe
SHA1dff228e5e59b241f41b077a7968c5343009c0a81
SHA256e77084e3340adcea69ae0f42951a04c87fe5e30a2ad28ae1fc262b8d6eda8222
SHA512e38463149087a651f41a5c70560f4b8f034c88e96f085efae6aa1d19cc0b5fdb214e94618e3c7903e44c08193ac19dd19892475462ec8b068cd18005b5328948
-
Filesize
72KB
MD5340d4b866dc82ebb53548d8d9fdb4ebe
SHA1dff228e5e59b241f41b077a7968c5343009c0a81
SHA256e77084e3340adcea69ae0f42951a04c87fe5e30a2ad28ae1fc262b8d6eda8222
SHA512e38463149087a651f41a5c70560f4b8f034c88e96f085efae6aa1d19cc0b5fdb214e94618e3c7903e44c08193ac19dd19892475462ec8b068cd18005b5328948
-
Filesize
72KB
MD5340d4b866dc82ebb53548d8d9fdb4ebe
SHA1dff228e5e59b241f41b077a7968c5343009c0a81
SHA256e77084e3340adcea69ae0f42951a04c87fe5e30a2ad28ae1fc262b8d6eda8222
SHA512e38463149087a651f41a5c70560f4b8f034c88e96f085efae6aa1d19cc0b5fdb214e94618e3c7903e44c08193ac19dd19892475462ec8b068cd18005b5328948
-
Filesize
72KB
MD5340d4b866dc82ebb53548d8d9fdb4ebe
SHA1dff228e5e59b241f41b077a7968c5343009c0a81
SHA256e77084e3340adcea69ae0f42951a04c87fe5e30a2ad28ae1fc262b8d6eda8222
SHA512e38463149087a651f41a5c70560f4b8f034c88e96f085efae6aa1d19cc0b5fdb214e94618e3c7903e44c08193ac19dd19892475462ec8b068cd18005b5328948
-
Filesize
72KB
MD5340d4b866dc82ebb53548d8d9fdb4ebe
SHA1dff228e5e59b241f41b077a7968c5343009c0a81
SHA256e77084e3340adcea69ae0f42951a04c87fe5e30a2ad28ae1fc262b8d6eda8222
SHA512e38463149087a651f41a5c70560f4b8f034c88e96f085efae6aa1d19cc0b5fdb214e94618e3c7903e44c08193ac19dd19892475462ec8b068cd18005b5328948
-
Filesize
72KB
MD5340d4b866dc82ebb53548d8d9fdb4ebe
SHA1dff228e5e59b241f41b077a7968c5343009c0a81
SHA256e77084e3340adcea69ae0f42951a04c87fe5e30a2ad28ae1fc262b8d6eda8222
SHA512e38463149087a651f41a5c70560f4b8f034c88e96f085efae6aa1d19cc0b5fdb214e94618e3c7903e44c08193ac19dd19892475462ec8b068cd18005b5328948
-
Filesize
72KB
MD5340d4b866dc82ebb53548d8d9fdb4ebe
SHA1dff228e5e59b241f41b077a7968c5343009c0a81
SHA256e77084e3340adcea69ae0f42951a04c87fe5e30a2ad28ae1fc262b8d6eda8222
SHA512e38463149087a651f41a5c70560f4b8f034c88e96f085efae6aa1d19cc0b5fdb214e94618e3c7903e44c08193ac19dd19892475462ec8b068cd18005b5328948
-
Filesize
72KB
MD5340d4b866dc82ebb53548d8d9fdb4ebe
SHA1dff228e5e59b241f41b077a7968c5343009c0a81
SHA256e77084e3340adcea69ae0f42951a04c87fe5e30a2ad28ae1fc262b8d6eda8222
SHA512e38463149087a651f41a5c70560f4b8f034c88e96f085efae6aa1d19cc0b5fdb214e94618e3c7903e44c08193ac19dd19892475462ec8b068cd18005b5328948
-
Filesize
72KB
MD5929fbdd3b39972be09ef20380b8b4157
SHA1f77029aef858fe51d7634815449acd1dc8a65c4c
SHA2567ee1d4780f34bf9324e0f0415584fb6414bd1503ba19a234103899488ff03fad
SHA5126ad72bcdd9c4df0249ac72fc5bbda1b20fc91cd3d3408fa1103883e9a2ba309d60968668b2c927d9df91bad5b8987cb2f899ef3f768f6f4ee57ae5e6d1b43788
-
Filesize
72KB
MD5929fbdd3b39972be09ef20380b8b4157
SHA1f77029aef858fe51d7634815449acd1dc8a65c4c
SHA2567ee1d4780f34bf9324e0f0415584fb6414bd1503ba19a234103899488ff03fad
SHA5126ad72bcdd9c4df0249ac72fc5bbda1b20fc91cd3d3408fa1103883e9a2ba309d60968668b2c927d9df91bad5b8987cb2f899ef3f768f6f4ee57ae5e6d1b43788
-
Filesize
72KB
MD5929fbdd3b39972be09ef20380b8b4157
SHA1f77029aef858fe51d7634815449acd1dc8a65c4c
SHA2567ee1d4780f34bf9324e0f0415584fb6414bd1503ba19a234103899488ff03fad
SHA5126ad72bcdd9c4df0249ac72fc5bbda1b20fc91cd3d3408fa1103883e9a2ba309d60968668b2c927d9df91bad5b8987cb2f899ef3f768f6f4ee57ae5e6d1b43788
-
Filesize
72KB
MD5929fbdd3b39972be09ef20380b8b4157
SHA1f77029aef858fe51d7634815449acd1dc8a65c4c
SHA2567ee1d4780f34bf9324e0f0415584fb6414bd1503ba19a234103899488ff03fad
SHA5126ad72bcdd9c4df0249ac72fc5bbda1b20fc91cd3d3408fa1103883e9a2ba309d60968668b2c927d9df91bad5b8987cb2f899ef3f768f6f4ee57ae5e6d1b43788
-
Filesize
72KB
MD5cf5c7c4ec617396c7966885a0547c751
SHA109f4934da0d23b48b38f6462119f672b34a0369b
SHA256526f9224ba822818c7313761b9b5d0b1baf12152fd036ded416d263ee5a59da4
SHA512addd73e60da0a529b4c4b3755f2ebd0e0c2cfc9b60eaf15d9232556041951ce285eb046cd2b81d5a43a19375ec3d2c743268f6a90c60484a74aff057e2ce7d50
-
Filesize
72KB
MD5cf5c7c4ec617396c7966885a0547c751
SHA109f4934da0d23b48b38f6462119f672b34a0369b
SHA256526f9224ba822818c7313761b9b5d0b1baf12152fd036ded416d263ee5a59da4
SHA512addd73e60da0a529b4c4b3755f2ebd0e0c2cfc9b60eaf15d9232556041951ce285eb046cd2b81d5a43a19375ec3d2c743268f6a90c60484a74aff057e2ce7d50
-
Filesize
72KB
MD5cf5c7c4ec617396c7966885a0547c751
SHA109f4934da0d23b48b38f6462119f672b34a0369b
SHA256526f9224ba822818c7313761b9b5d0b1baf12152fd036ded416d263ee5a59da4
SHA512addd73e60da0a529b4c4b3755f2ebd0e0c2cfc9b60eaf15d9232556041951ce285eb046cd2b81d5a43a19375ec3d2c743268f6a90c60484a74aff057e2ce7d50
-
Filesize
72KB
MD5cf5c7c4ec617396c7966885a0547c751
SHA109f4934da0d23b48b38f6462119f672b34a0369b
SHA256526f9224ba822818c7313761b9b5d0b1baf12152fd036ded416d263ee5a59da4
SHA512addd73e60da0a529b4c4b3755f2ebd0e0c2cfc9b60eaf15d9232556041951ce285eb046cd2b81d5a43a19375ec3d2c743268f6a90c60484a74aff057e2ce7d50
-
Filesize
72KB
MD5cf5c7c4ec617396c7966885a0547c751
SHA109f4934da0d23b48b38f6462119f672b34a0369b
SHA256526f9224ba822818c7313761b9b5d0b1baf12152fd036ded416d263ee5a59da4
SHA512addd73e60da0a529b4c4b3755f2ebd0e0c2cfc9b60eaf15d9232556041951ce285eb046cd2b81d5a43a19375ec3d2c743268f6a90c60484a74aff057e2ce7d50
-
Filesize
72KB
MD5cf5c7c4ec617396c7966885a0547c751
SHA109f4934da0d23b48b38f6462119f672b34a0369b
SHA256526f9224ba822818c7313761b9b5d0b1baf12152fd036ded416d263ee5a59da4
SHA512addd73e60da0a529b4c4b3755f2ebd0e0c2cfc9b60eaf15d9232556041951ce285eb046cd2b81d5a43a19375ec3d2c743268f6a90c60484a74aff057e2ce7d50
-
Filesize
72KB
MD5a22ec38b59864d03913a5135a97969c0
SHA18abd4ca7dd42604e0ad06acad173df2958b16eb5
SHA25632a4d9e62907a0e053c4b5d4728dbb77393cc2c4ff7e00c60cbb82405a222eb8
SHA51244da38eec60bef570f343d1a2d4d4ce55b8f165e4c3270365c94be1941531db7bec96176f4e05c48d4902463b862fec93472e5472b9673bf0edfe626b844f302
-
Filesize
72KB
MD5a22ec38b59864d03913a5135a97969c0
SHA18abd4ca7dd42604e0ad06acad173df2958b16eb5
SHA25632a4d9e62907a0e053c4b5d4728dbb77393cc2c4ff7e00c60cbb82405a222eb8
SHA51244da38eec60bef570f343d1a2d4d4ce55b8f165e4c3270365c94be1941531db7bec96176f4e05c48d4902463b862fec93472e5472b9673bf0edfe626b844f302
-
Filesize
72KB
MD50c7bc446272f9c3163682fbc123d4a2e
SHA10af479d2415ef25e4da5c0fccb202f61663334bb
SHA2563ab6a7165424d8940c4a3f5abf2caab6255cc8b9052b58f3201de55c5e98bcc2
SHA512f0baf785260457e9cb5d5c91be589072124354a591d0103b6d2d9dcbeb39bcd3f4cbff387e2f8fb600f5cda6568a6557ae0ff2cb4d661728fd3cc9080b1ce220
-
Filesize
72KB
MD50c7bc446272f9c3163682fbc123d4a2e
SHA10af479d2415ef25e4da5c0fccb202f61663334bb
SHA2563ab6a7165424d8940c4a3f5abf2caab6255cc8b9052b58f3201de55c5e98bcc2
SHA512f0baf785260457e9cb5d5c91be589072124354a591d0103b6d2d9dcbeb39bcd3f4cbff387e2f8fb600f5cda6568a6557ae0ff2cb4d661728fd3cc9080b1ce220
-
Filesize
72KB
MD502331f269b72b478dbc8c2b585628c24
SHA11cc3cb2c8a8d33be6ebf19f0d9bf850e50816054
SHA256e4e1ed0560195e435bdceef6a6bf76c7e715980f508bbfe494d8c804e15e0c50
SHA5122c8d99b39a2d271da347b3bc5291b9fa4855af90e1d25ae03007314444ed3fcc19e384ccaad6c26f27ef67100f50b801a26014fd31c21b5586780c8462aaf6aa
-
Filesize
72KB
MD502331f269b72b478dbc8c2b585628c24
SHA11cc3cb2c8a8d33be6ebf19f0d9bf850e50816054
SHA256e4e1ed0560195e435bdceef6a6bf76c7e715980f508bbfe494d8c804e15e0c50
SHA5122c8d99b39a2d271da347b3bc5291b9fa4855af90e1d25ae03007314444ed3fcc19e384ccaad6c26f27ef67100f50b801a26014fd31c21b5586780c8462aaf6aa
-
Filesize
72KB
MD502331f269b72b478dbc8c2b585628c24
SHA11cc3cb2c8a8d33be6ebf19f0d9bf850e50816054
SHA256e4e1ed0560195e435bdceef6a6bf76c7e715980f508bbfe494d8c804e15e0c50
SHA5122c8d99b39a2d271da347b3bc5291b9fa4855af90e1d25ae03007314444ed3fcc19e384ccaad6c26f27ef67100f50b801a26014fd31c21b5586780c8462aaf6aa
-
Filesize
72KB
MD502331f269b72b478dbc8c2b585628c24
SHA11cc3cb2c8a8d33be6ebf19f0d9bf850e50816054
SHA256e4e1ed0560195e435bdceef6a6bf76c7e715980f508bbfe494d8c804e15e0c50
SHA5122c8d99b39a2d271da347b3bc5291b9fa4855af90e1d25ae03007314444ed3fcc19e384ccaad6c26f27ef67100f50b801a26014fd31c21b5586780c8462aaf6aa
-
Filesize
72KB
MD502331f269b72b478dbc8c2b585628c24
SHA11cc3cb2c8a8d33be6ebf19f0d9bf850e50816054
SHA256e4e1ed0560195e435bdceef6a6bf76c7e715980f508bbfe494d8c804e15e0c50
SHA5122c8d99b39a2d271da347b3bc5291b9fa4855af90e1d25ae03007314444ed3fcc19e384ccaad6c26f27ef67100f50b801a26014fd31c21b5586780c8462aaf6aa
-
Filesize
72KB
MD502331f269b72b478dbc8c2b585628c24
SHA11cc3cb2c8a8d33be6ebf19f0d9bf850e50816054
SHA256e4e1ed0560195e435bdceef6a6bf76c7e715980f508bbfe494d8c804e15e0c50
SHA5122c8d99b39a2d271da347b3bc5291b9fa4855af90e1d25ae03007314444ed3fcc19e384ccaad6c26f27ef67100f50b801a26014fd31c21b5586780c8462aaf6aa
-
Filesize
72KB
MD5213c97ab141bd91173667a751e0f59c9
SHA1a81fc97f6a8f990bc641f655e6afc789caa09cc0
SHA256273af4374bddaa33412911ddacf0b3af0dc524d129237b5101bfafd25fa6ccf1
SHA51287e7b9b1b99c8da8cb8e8ea06283356601a6b99c14636878beb384c6aaa77aaf82a657ccef62b7220125e3f8c02c6c038a932ad9d18708cedc29210b089c5127
-
Filesize
72KB
MD5213c97ab141bd91173667a751e0f59c9
SHA1a81fc97f6a8f990bc641f655e6afc789caa09cc0
SHA256273af4374bddaa33412911ddacf0b3af0dc524d129237b5101bfafd25fa6ccf1
SHA51287e7b9b1b99c8da8cb8e8ea06283356601a6b99c14636878beb384c6aaa77aaf82a657ccef62b7220125e3f8c02c6c038a932ad9d18708cedc29210b089c5127
-
Filesize
72KB
MD502331f269b72b478dbc8c2b585628c24
SHA11cc3cb2c8a8d33be6ebf19f0d9bf850e50816054
SHA256e4e1ed0560195e435bdceef6a6bf76c7e715980f508bbfe494d8c804e15e0c50
SHA5122c8d99b39a2d271da347b3bc5291b9fa4855af90e1d25ae03007314444ed3fcc19e384ccaad6c26f27ef67100f50b801a26014fd31c21b5586780c8462aaf6aa
-
Filesize
72KB
MD502331f269b72b478dbc8c2b585628c24
SHA11cc3cb2c8a8d33be6ebf19f0d9bf850e50816054
SHA256e4e1ed0560195e435bdceef6a6bf76c7e715980f508bbfe494d8c804e15e0c50
SHA5122c8d99b39a2d271da347b3bc5291b9fa4855af90e1d25ae03007314444ed3fcc19e384ccaad6c26f27ef67100f50b801a26014fd31c21b5586780c8462aaf6aa
-
Filesize
72KB
MD5fa38c5323a1efb9857d270bd1d7cbd14
SHA1812944302b295ce1df4f7d301225667b318d7993
SHA256acaab6faefb7053733b531027f36a4cebaf664784667bfb75a5be0935f227d80
SHA512731de598ae289ad2eaeb029b472cac2279b14abff003d7b029d89e9264f32a58b9437254dd61de3949745423021553acceb7868291c22b5b38bd427f36ed65ef
-
Filesize
72KB
MD5fa38c5323a1efb9857d270bd1d7cbd14
SHA1812944302b295ce1df4f7d301225667b318d7993
SHA256acaab6faefb7053733b531027f36a4cebaf664784667bfb75a5be0935f227d80
SHA512731de598ae289ad2eaeb029b472cac2279b14abff003d7b029d89e9264f32a58b9437254dd61de3949745423021553acceb7868291c22b5b38bd427f36ed65ef
-
Filesize
72KB
MD59fdd86e238554911add1e85c1e380fc9
SHA1ed4d32f4ceae8ad499aa179345a8117a8b0ff76f
SHA256698371ab88131aaedbf32359c93f619213feb7f35b8b6bb178e1fc4ef8c59542
SHA512f2c85b25f18716b3f445dd0da3704f6fba810a2c4714686daa9b943d7090cdd8dbd7586ccd1e082927ca7123fbb611203ca4f127a23719c11d6da9958521b101
-
Filesize
72KB
MD59fdd86e238554911add1e85c1e380fc9
SHA1ed4d32f4ceae8ad499aa179345a8117a8b0ff76f
SHA256698371ab88131aaedbf32359c93f619213feb7f35b8b6bb178e1fc4ef8c59542
SHA512f2c85b25f18716b3f445dd0da3704f6fba810a2c4714686daa9b943d7090cdd8dbd7586ccd1e082927ca7123fbb611203ca4f127a23719c11d6da9958521b101
-
Filesize
72KB
MD52972d41e39ee6c621a86a73f4e55a24e
SHA15c1e04ebf59db1ae2356123cd204e548603bf149
SHA25656378cca5fccea3c29066d8f590b0c3f22790189df7cfb3f2c3486b201f28770
SHA5127c4218e9a3250e8b28156b2084d4dc7c1d1d29f6c855da3c6f59fe0d8d1fea8da79e3bd945953b7ed95a2fa782f8e8b108349ac0dfacf8fc6c6452e6f89138b6
-
Filesize
72KB
MD52972d41e39ee6c621a86a73f4e55a24e
SHA15c1e04ebf59db1ae2356123cd204e548603bf149
SHA25656378cca5fccea3c29066d8f590b0c3f22790189df7cfb3f2c3486b201f28770
SHA5127c4218e9a3250e8b28156b2084d4dc7c1d1d29f6c855da3c6f59fe0d8d1fea8da79e3bd945953b7ed95a2fa782f8e8b108349ac0dfacf8fc6c6452e6f89138b6
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-