Analysis
-
max time kernel
165s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
20/10/2022, 04:37
General
-
Target
4c9f2a52148f7c676561f1932e23bd8f8d659304db3215d247b13c9a1a9e0505.exe
-
Size
72KB
-
MD5
48bb67e1cbe07fc3d270a31e2b8ca34f
-
SHA1
082036c4efc71b576074362df857dfe166a8df48
-
SHA256
4c9f2a52148f7c676561f1932e23bd8f8d659304db3215d247b13c9a1a9e0505
-
SHA512
39f7be82daadb2a0effaa5620c13117b3df74976f61462af952e01dc832bb2f008fca15f45ecccadafa707e5f6a9f407d00b6736ea492f0f4e52b25b4770db7f
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2B:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrP1
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4c9f2a52148f7c676561f1932e23bd8f8d659304db3215d247b13c9a1a9e0505.exe"C:\Users\Admin\AppData\Local\Temp\4c9f2a52148f7c676561f1932e23bd8f8d659304db3215d247b13c9a1a9e0505.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\604559141\update.exeC:\Users\Admin\AppData\Local\Temp\604559141\update.exe C:\Users\Admin\AppData\Local\Temp\604559141\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\update.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\update.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\data.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\data.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Executes dropped EXE
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\System Restore.exe"C:\Program Files\Common Files\System\ado\de-DE\System Restore.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\de-DE\update.exe"C:\Program Files\DVD Maker\de-DE\update.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\update.exe"C:\Program Files\Google\Chrome\Application\update.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
-
C:\Program Files\Java\data.exe"C:\Program Files\Java\data.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\data.exe"C:\Program Files\Microsoft Office\data.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\update.exe"C:\Program Files\MSBuild\update.exe" C:\Program Files\MSBuild\5⤵
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\data.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\data.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\System Restore.exe"C:\Program Files (x86)\Internet Explorer\en-US\System Restore.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\6⤵
-
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
C:\Users\Admin\Contacts\update.exeC:\Users\Admin\Contacts\update.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\System Restore.exe"C:\Users\Admin\Documents\System Restore.exe" C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\data.exeC:\Users\Admin\Downloads\data.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\data.exeC:\Users\Admin\Favorites\data.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5aafeb9636dca17836dda41a8b16348b4
SHA17e5a36b6c33b7acdfd0c27b780646c450f69c89a
SHA256a3ab865d5f825ad56a839271cc905d716e70127fad6c80b8907a228508ed9328
SHA512079d51524e3ec09c53ca4f2ae1430f4b5f09ac9dee209b1c24b18b13276a762b56f28cfc5d4b43dbd8941421efc0e311f7fe5066cec295dc0b9961da58fc099d
-
Filesize
72KB
MD5a1ae1ed660f379b1c2b4580deaadf8e9
SHA1e9bae26f8f6bdc60f9b52c589ec05d5b67559f1a
SHA25626a581460075502ed7c2ff2203dfcd26680da37e8a78a7f3e103795f46743f7a
SHA512e7e5af30d0ccd8b6b466c3f95b15d29936ee6d87109a00aefe21ba742e038d17c81df966a4991b2ecff7f2298b806853974e35200c4d77b2c25bb2f01c5603f2
-
Filesize
72KB
MD5a1ae1ed660f379b1c2b4580deaadf8e9
SHA1e9bae26f8f6bdc60f9b52c589ec05d5b67559f1a
SHA25626a581460075502ed7c2ff2203dfcd26680da37e8a78a7f3e103795f46743f7a
SHA512e7e5af30d0ccd8b6b466c3f95b15d29936ee6d87109a00aefe21ba742e038d17c81df966a4991b2ecff7f2298b806853974e35200c4d77b2c25bb2f01c5603f2
-
Filesize
72KB
MD579171416e78ac278b18dc85e59600929
SHA13325956bc14ddc669ee8211db66a5f4e936a4b1b
SHA256ccafe5ae15fe9493a69c4baaa7d85fa1dfe2678c05253b0924def70babdecc7e
SHA5124dee2efdb22a59181b49d829b25e32cf59c23b12c55937941f41edb0e4f191e36f3e4591852c2d6546dc441856d34e274b8f5ed6c88f086de908f87baed12b93
-
Filesize
72KB
MD5aafeb9636dca17836dda41a8b16348b4
SHA17e5a36b6c33b7acdfd0c27b780646c450f69c89a
SHA256a3ab865d5f825ad56a839271cc905d716e70127fad6c80b8907a228508ed9328
SHA512079d51524e3ec09c53ca4f2ae1430f4b5f09ac9dee209b1c24b18b13276a762b56f28cfc5d4b43dbd8941421efc0e311f7fe5066cec295dc0b9961da58fc099d
-
Filesize
72KB
MD5aafeb9636dca17836dda41a8b16348b4
SHA17e5a36b6c33b7acdfd0c27b780646c450f69c89a
SHA256a3ab865d5f825ad56a839271cc905d716e70127fad6c80b8907a228508ed9328
SHA512079d51524e3ec09c53ca4f2ae1430f4b5f09ac9dee209b1c24b18b13276a762b56f28cfc5d4b43dbd8941421efc0e311f7fe5066cec295dc0b9961da58fc099d
-
Filesize
72KB
MD5f8f6cb7543e602096b56797b79d388de
SHA11cd2405768178d8ce7aade84b5db8db2e964442a
SHA256051ac0670318e24ed10a418748316959bfe31ed7392fa25420adc2737e4a1983
SHA512850e3a0eb641dcc8ecc2632efa4b163c6bf8e2b44786129e96b7da0fb417809173e0e1b0d9892e28fd653968e79c9f2419638c7b6c1f9b7650160f2352bb5e89
-
Filesize
72KB
MD5f055f8047dbd26402ededc135f7c1412
SHA1df831cdd0f82084fe5e7e80df367259100132b65
SHA2563a78dba744e38dfd8e72edea0115ede2318fc0aaa5e6e8a070b88930d0dbb856
SHA512be14dd3f863f4939ebadaa68276192ba8b09ee3338be35d119ab0701d53fb66d87af54f0d44fccc5c0ae5a92547df39e156eb87d2264217d7f5f48187c80463d
-
Filesize
72KB
MD5f055f8047dbd26402ededc135f7c1412
SHA1df831cdd0f82084fe5e7e80df367259100132b65
SHA2563a78dba744e38dfd8e72edea0115ede2318fc0aaa5e6e8a070b88930d0dbb856
SHA512be14dd3f863f4939ebadaa68276192ba8b09ee3338be35d119ab0701d53fb66d87af54f0d44fccc5c0ae5a92547df39e156eb87d2264217d7f5f48187c80463d
-
Filesize
72KB
MD56e2baa364a58168d4631d6edcc2d5437
SHA133cd343bed437ab2daf6936cf7bd24e10a25167c
SHA2562a8bf1280d68780c8d772ce73ad5696a18b8a5fd22563eb6d797aaa0a910c432
SHA512030401fc591edfdeb50498dbd0017059fa7bcc716643bb2d8d9b41eef9218a7b75aad46379c12d8619c997dc546822c58bb41b58589e2770cce02c1aa467af5d
-
Filesize
72KB
MD5f8f6cb7543e602096b56797b79d388de
SHA11cd2405768178d8ce7aade84b5db8db2e964442a
SHA256051ac0670318e24ed10a418748316959bfe31ed7392fa25420adc2737e4a1983
SHA512850e3a0eb641dcc8ecc2632efa4b163c6bf8e2b44786129e96b7da0fb417809173e0e1b0d9892e28fd653968e79c9f2419638c7b6c1f9b7650160f2352bb5e89
-
Filesize
72KB
MD5f8f6cb7543e602096b56797b79d388de
SHA11cd2405768178d8ce7aade84b5db8db2e964442a
SHA256051ac0670318e24ed10a418748316959bfe31ed7392fa25420adc2737e4a1983
SHA512850e3a0eb641dcc8ecc2632efa4b163c6bf8e2b44786129e96b7da0fb417809173e0e1b0d9892e28fd653968e79c9f2419638c7b6c1f9b7650160f2352bb5e89
-
Filesize
72KB
MD53b7c1a88ca560daa2e6ea6f65491dce9
SHA16328d2dd3b09b98fbc025c8b4b21dca775836907
SHA25675e1174fc880f204aad79af332e14fa68c92fa8954550622f791e7b8f7920959
SHA5121174db370d69f55db52ad822ba391cc9107bd3b553d0780e41e96d3938956566a036b1323b91968b9abb67ed7931109709c6837d6691e9e75a075ee202dd8caf
-
Filesize
72KB
MD53b7c1a88ca560daa2e6ea6f65491dce9
SHA16328d2dd3b09b98fbc025c8b4b21dca775836907
SHA25675e1174fc880f204aad79af332e14fa68c92fa8954550622f791e7b8f7920959
SHA5121174db370d69f55db52ad822ba391cc9107bd3b553d0780e41e96d3938956566a036b1323b91968b9abb67ed7931109709c6837d6691e9e75a075ee202dd8caf
-
Filesize
72KB
MD5a1ae1ed660f379b1c2b4580deaadf8e9
SHA1e9bae26f8f6bdc60f9b52c589ec05d5b67559f1a
SHA25626a581460075502ed7c2ff2203dfcd26680da37e8a78a7f3e103795f46743f7a
SHA512e7e5af30d0ccd8b6b466c3f95b15d29936ee6d87109a00aefe21ba742e038d17c81df966a4991b2ecff7f2298b806853974e35200c4d77b2c25bb2f01c5603f2
-
Filesize
72KB
MD5a1ae1ed660f379b1c2b4580deaadf8e9
SHA1e9bae26f8f6bdc60f9b52c589ec05d5b67559f1a
SHA25626a581460075502ed7c2ff2203dfcd26680da37e8a78a7f3e103795f46743f7a
SHA512e7e5af30d0ccd8b6b466c3f95b15d29936ee6d87109a00aefe21ba742e038d17c81df966a4991b2ecff7f2298b806853974e35200c4d77b2c25bb2f01c5603f2
-
Filesize
72KB
MD5fa176f660b34db82799b01bc5ee9250d
SHA1d4321ae1411e687b761899ca2ebfcfee5e427294
SHA256d264f22d71dc7c6d109b404f64a5a51771cf69016652b71d14d198abe8a31b69
SHA512844f5d32f2765b56ae88ba6ef7a8b79dcfb9202a8fb7a43c2612d50c6228ef48b0f66869ba2ad93533881c3261091291bd9bbec4e0319f976b04612ae6337a43
-
Filesize
72KB
MD5fa176f660b34db82799b01bc5ee9250d
SHA1d4321ae1411e687b761899ca2ebfcfee5e427294
SHA256d264f22d71dc7c6d109b404f64a5a51771cf69016652b71d14d198abe8a31b69
SHA512844f5d32f2765b56ae88ba6ef7a8b79dcfb9202a8fb7a43c2612d50c6228ef48b0f66869ba2ad93533881c3261091291bd9bbec4e0319f976b04612ae6337a43
-
Filesize
72KB
MD50a11097ca66a14ccaf628e4ef1064d7f
SHA18d54e7b581437645bbeb7b1749cda39c317ee395
SHA256a8af89a4018549e75ab64fc90298a296132df4ce782e41b5a635341f85d59e59
SHA5124d8f9dbcc95eafdfdbeb449f6f5bf11e9a9229af6cbf0df21dea7371efd1e801f1fc9c559da956579378c95bf1c1414b5d964925dd42f7b73549a8c5f6f3f400
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
72KB
MD50a11097ca66a14ccaf628e4ef1064d7f
SHA18d54e7b581437645bbeb7b1749cda39c317ee395
SHA256a8af89a4018549e75ab64fc90298a296132df4ce782e41b5a635341f85d59e59
SHA5124d8f9dbcc95eafdfdbeb449f6f5bf11e9a9229af6cbf0df21dea7371efd1e801f1fc9c559da956579378c95bf1c1414b5d964925dd42f7b73549a8c5f6f3f400
-
Filesize
72KB
MD50a11097ca66a14ccaf628e4ef1064d7f
SHA18d54e7b581437645bbeb7b1749cda39c317ee395
SHA256a8af89a4018549e75ab64fc90298a296132df4ce782e41b5a635341f85d59e59
SHA5124d8f9dbcc95eafdfdbeb449f6f5bf11e9a9229af6cbf0df21dea7371efd1e801f1fc9c559da956579378c95bf1c1414b5d964925dd42f7b73549a8c5f6f3f400
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
72KB
MD52ef94c331c06c47f98f65a218b0a724a
SHA1b2798c4f910a1d7034138813b5e0ffac577c4cf6
SHA25665ee0d931762e1c27d19939d9403d88f19dc4bed4fc15409df82bd44755358be
SHA512cfd698b7ada43cf37fe920746a38efc02b0eaf8013b85f482c7145e7648c662f29d06eb0ae17574315d104e1862344e1857a0d2cebf46f555834f2c7607f332d
-
Filesize
72KB
MD52ef94c331c06c47f98f65a218b0a724a
SHA1b2798c4f910a1d7034138813b5e0ffac577c4cf6
SHA25665ee0d931762e1c27d19939d9403d88f19dc4bed4fc15409df82bd44755358be
SHA512cfd698b7ada43cf37fe920746a38efc02b0eaf8013b85f482c7145e7648c662f29d06eb0ae17574315d104e1862344e1857a0d2cebf46f555834f2c7607f332d
-
Filesize
72KB
MD5aafeb9636dca17836dda41a8b16348b4
SHA17e5a36b6c33b7acdfd0c27b780646c450f69c89a
SHA256a3ab865d5f825ad56a839271cc905d716e70127fad6c80b8907a228508ed9328
SHA512079d51524e3ec09c53ca4f2ae1430f4b5f09ac9dee209b1c24b18b13276a762b56f28cfc5d4b43dbd8941421efc0e311f7fe5066cec295dc0b9961da58fc099d
-
Filesize
72KB
MD5aafeb9636dca17836dda41a8b16348b4
SHA17e5a36b6c33b7acdfd0c27b780646c450f69c89a
SHA256a3ab865d5f825ad56a839271cc905d716e70127fad6c80b8907a228508ed9328
SHA512079d51524e3ec09c53ca4f2ae1430f4b5f09ac9dee209b1c24b18b13276a762b56f28cfc5d4b43dbd8941421efc0e311f7fe5066cec295dc0b9961da58fc099d
-
Filesize
72KB
MD5a1ae1ed660f379b1c2b4580deaadf8e9
SHA1e9bae26f8f6bdc60f9b52c589ec05d5b67559f1a
SHA25626a581460075502ed7c2ff2203dfcd26680da37e8a78a7f3e103795f46743f7a
SHA512e7e5af30d0ccd8b6b466c3f95b15d29936ee6d87109a00aefe21ba742e038d17c81df966a4991b2ecff7f2298b806853974e35200c4d77b2c25bb2f01c5603f2
-
Filesize
72KB
MD5a1ae1ed660f379b1c2b4580deaadf8e9
SHA1e9bae26f8f6bdc60f9b52c589ec05d5b67559f1a
SHA25626a581460075502ed7c2ff2203dfcd26680da37e8a78a7f3e103795f46743f7a
SHA512e7e5af30d0ccd8b6b466c3f95b15d29936ee6d87109a00aefe21ba742e038d17c81df966a4991b2ecff7f2298b806853974e35200c4d77b2c25bb2f01c5603f2
-
Filesize
72KB
MD579171416e78ac278b18dc85e59600929
SHA13325956bc14ddc669ee8211db66a5f4e936a4b1b
SHA256ccafe5ae15fe9493a69c4baaa7d85fa1dfe2678c05253b0924def70babdecc7e
SHA5124dee2efdb22a59181b49d829b25e32cf59c23b12c55937941f41edb0e4f191e36f3e4591852c2d6546dc441856d34e274b8f5ed6c88f086de908f87baed12b93
-
Filesize
72KB
MD579171416e78ac278b18dc85e59600929
SHA13325956bc14ddc669ee8211db66a5f4e936a4b1b
SHA256ccafe5ae15fe9493a69c4baaa7d85fa1dfe2678c05253b0924def70babdecc7e
SHA5124dee2efdb22a59181b49d829b25e32cf59c23b12c55937941f41edb0e4f191e36f3e4591852c2d6546dc441856d34e274b8f5ed6c88f086de908f87baed12b93
-
Filesize
72KB
MD5aafeb9636dca17836dda41a8b16348b4
SHA17e5a36b6c33b7acdfd0c27b780646c450f69c89a
SHA256a3ab865d5f825ad56a839271cc905d716e70127fad6c80b8907a228508ed9328
SHA512079d51524e3ec09c53ca4f2ae1430f4b5f09ac9dee209b1c24b18b13276a762b56f28cfc5d4b43dbd8941421efc0e311f7fe5066cec295dc0b9961da58fc099d
-
Filesize
72KB
MD5aafeb9636dca17836dda41a8b16348b4
SHA17e5a36b6c33b7acdfd0c27b780646c450f69c89a
SHA256a3ab865d5f825ad56a839271cc905d716e70127fad6c80b8907a228508ed9328
SHA512079d51524e3ec09c53ca4f2ae1430f4b5f09ac9dee209b1c24b18b13276a762b56f28cfc5d4b43dbd8941421efc0e311f7fe5066cec295dc0b9961da58fc099d
-
Filesize
72KB
MD5f8f6cb7543e602096b56797b79d388de
SHA11cd2405768178d8ce7aade84b5db8db2e964442a
SHA256051ac0670318e24ed10a418748316959bfe31ed7392fa25420adc2737e4a1983
SHA512850e3a0eb641dcc8ecc2632efa4b163c6bf8e2b44786129e96b7da0fb417809173e0e1b0d9892e28fd653968e79c9f2419638c7b6c1f9b7650160f2352bb5e89
-
Filesize
72KB
MD5f8f6cb7543e602096b56797b79d388de
SHA11cd2405768178d8ce7aade84b5db8db2e964442a
SHA256051ac0670318e24ed10a418748316959bfe31ed7392fa25420adc2737e4a1983
SHA512850e3a0eb641dcc8ecc2632efa4b163c6bf8e2b44786129e96b7da0fb417809173e0e1b0d9892e28fd653968e79c9f2419638c7b6c1f9b7650160f2352bb5e89
-
Filesize
72KB
MD5f055f8047dbd26402ededc135f7c1412
SHA1df831cdd0f82084fe5e7e80df367259100132b65
SHA2563a78dba744e38dfd8e72edea0115ede2318fc0aaa5e6e8a070b88930d0dbb856
SHA512be14dd3f863f4939ebadaa68276192ba8b09ee3338be35d119ab0701d53fb66d87af54f0d44fccc5c0ae5a92547df39e156eb87d2264217d7f5f48187c80463d
-
Filesize
72KB
MD5f055f8047dbd26402ededc135f7c1412
SHA1df831cdd0f82084fe5e7e80df367259100132b65
SHA2563a78dba744e38dfd8e72edea0115ede2318fc0aaa5e6e8a070b88930d0dbb856
SHA512be14dd3f863f4939ebadaa68276192ba8b09ee3338be35d119ab0701d53fb66d87af54f0d44fccc5c0ae5a92547df39e156eb87d2264217d7f5f48187c80463d
-
Filesize
72KB
MD56e2baa364a58168d4631d6edcc2d5437
SHA133cd343bed437ab2daf6936cf7bd24e10a25167c
SHA2562a8bf1280d68780c8d772ce73ad5696a18b8a5fd22563eb6d797aaa0a910c432
SHA512030401fc591edfdeb50498dbd0017059fa7bcc716643bb2d8d9b41eef9218a7b75aad46379c12d8619c997dc546822c58bb41b58589e2770cce02c1aa467af5d
-
Filesize
72KB
MD56e2baa364a58168d4631d6edcc2d5437
SHA133cd343bed437ab2daf6936cf7bd24e10a25167c
SHA2562a8bf1280d68780c8d772ce73ad5696a18b8a5fd22563eb6d797aaa0a910c432
SHA512030401fc591edfdeb50498dbd0017059fa7bcc716643bb2d8d9b41eef9218a7b75aad46379c12d8619c997dc546822c58bb41b58589e2770cce02c1aa467af5d
-
Filesize
72KB
MD5f8f6cb7543e602096b56797b79d388de
SHA11cd2405768178d8ce7aade84b5db8db2e964442a
SHA256051ac0670318e24ed10a418748316959bfe31ed7392fa25420adc2737e4a1983
SHA512850e3a0eb641dcc8ecc2632efa4b163c6bf8e2b44786129e96b7da0fb417809173e0e1b0d9892e28fd653968e79c9f2419638c7b6c1f9b7650160f2352bb5e89
-
Filesize
72KB
MD5f8f6cb7543e602096b56797b79d388de
SHA11cd2405768178d8ce7aade84b5db8db2e964442a
SHA256051ac0670318e24ed10a418748316959bfe31ed7392fa25420adc2737e4a1983
SHA512850e3a0eb641dcc8ecc2632efa4b163c6bf8e2b44786129e96b7da0fb417809173e0e1b0d9892e28fd653968e79c9f2419638c7b6c1f9b7650160f2352bb5e89
-
Filesize
72KB
MD56e2baa364a58168d4631d6edcc2d5437
SHA133cd343bed437ab2daf6936cf7bd24e10a25167c
SHA2562a8bf1280d68780c8d772ce73ad5696a18b8a5fd22563eb6d797aaa0a910c432
SHA512030401fc591edfdeb50498dbd0017059fa7bcc716643bb2d8d9b41eef9218a7b75aad46379c12d8619c997dc546822c58bb41b58589e2770cce02c1aa467af5d
-
Filesize
72KB
MD53b7c1a88ca560daa2e6ea6f65491dce9
SHA16328d2dd3b09b98fbc025c8b4b21dca775836907
SHA25675e1174fc880f204aad79af332e14fa68c92fa8954550622f791e7b8f7920959
SHA5121174db370d69f55db52ad822ba391cc9107bd3b553d0780e41e96d3938956566a036b1323b91968b9abb67ed7931109709c6837d6691e9e75a075ee202dd8caf
-
Filesize
72KB
MD53b7c1a88ca560daa2e6ea6f65491dce9
SHA16328d2dd3b09b98fbc025c8b4b21dca775836907
SHA25675e1174fc880f204aad79af332e14fa68c92fa8954550622f791e7b8f7920959
SHA5121174db370d69f55db52ad822ba391cc9107bd3b553d0780e41e96d3938956566a036b1323b91968b9abb67ed7931109709c6837d6691e9e75a075ee202dd8caf
-
Filesize
72KB
MD5a1ae1ed660f379b1c2b4580deaadf8e9
SHA1e9bae26f8f6bdc60f9b52c589ec05d5b67559f1a
SHA25626a581460075502ed7c2ff2203dfcd26680da37e8a78a7f3e103795f46743f7a
SHA512e7e5af30d0ccd8b6b466c3f95b15d29936ee6d87109a00aefe21ba742e038d17c81df966a4991b2ecff7f2298b806853974e35200c4d77b2c25bb2f01c5603f2
-
Filesize
72KB
MD5a1ae1ed660f379b1c2b4580deaadf8e9
SHA1e9bae26f8f6bdc60f9b52c589ec05d5b67559f1a
SHA25626a581460075502ed7c2ff2203dfcd26680da37e8a78a7f3e103795f46743f7a
SHA512e7e5af30d0ccd8b6b466c3f95b15d29936ee6d87109a00aefe21ba742e038d17c81df966a4991b2ecff7f2298b806853974e35200c4d77b2c25bb2f01c5603f2
-
Filesize
72KB
MD5fa176f660b34db82799b01bc5ee9250d
SHA1d4321ae1411e687b761899ca2ebfcfee5e427294
SHA256d264f22d71dc7c6d109b404f64a5a51771cf69016652b71d14d198abe8a31b69
SHA512844f5d32f2765b56ae88ba6ef7a8b79dcfb9202a8fb7a43c2612d50c6228ef48b0f66869ba2ad93533881c3261091291bd9bbec4e0319f976b04612ae6337a43
-
Filesize
72KB
MD5fa176f660b34db82799b01bc5ee9250d
SHA1d4321ae1411e687b761899ca2ebfcfee5e427294
SHA256d264f22d71dc7c6d109b404f64a5a51771cf69016652b71d14d198abe8a31b69
SHA512844f5d32f2765b56ae88ba6ef7a8b79dcfb9202a8fb7a43c2612d50c6228ef48b0f66869ba2ad93533881c3261091291bd9bbec4e0319f976b04612ae6337a43
-
Filesize
72KB
MD5fa176f660b34db82799b01bc5ee9250d
SHA1d4321ae1411e687b761899ca2ebfcfee5e427294
SHA256d264f22d71dc7c6d109b404f64a5a51771cf69016652b71d14d198abe8a31b69
SHA512844f5d32f2765b56ae88ba6ef7a8b79dcfb9202a8fb7a43c2612d50c6228ef48b0f66869ba2ad93533881c3261091291bd9bbec4e0319f976b04612ae6337a43
-
Filesize
72KB
MD5fa176f660b34db82799b01bc5ee9250d
SHA1d4321ae1411e687b761899ca2ebfcfee5e427294
SHA256d264f22d71dc7c6d109b404f64a5a51771cf69016652b71d14d198abe8a31b69
SHA512844f5d32f2765b56ae88ba6ef7a8b79dcfb9202a8fb7a43c2612d50c6228ef48b0f66869ba2ad93533881c3261091291bd9bbec4e0319f976b04612ae6337a43
-
Filesize
72KB
MD50a11097ca66a14ccaf628e4ef1064d7f
SHA18d54e7b581437645bbeb7b1749cda39c317ee395
SHA256a8af89a4018549e75ab64fc90298a296132df4ce782e41b5a635341f85d59e59
SHA5124d8f9dbcc95eafdfdbeb449f6f5bf11e9a9229af6cbf0df21dea7371efd1e801f1fc9c559da956579378c95bf1c1414b5d964925dd42f7b73549a8c5f6f3f400
-
Filesize
72KB
MD50a11097ca66a14ccaf628e4ef1064d7f
SHA18d54e7b581437645bbeb7b1749cda39c317ee395
SHA256a8af89a4018549e75ab64fc90298a296132df4ce782e41b5a635341f85d59e59
SHA5124d8f9dbcc95eafdfdbeb449f6f5bf11e9a9229af6cbf0df21dea7371efd1e801f1fc9c559da956579378c95bf1c1414b5d964925dd42f7b73549a8c5f6f3f400
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
72KB
MD50a11097ca66a14ccaf628e4ef1064d7f
SHA18d54e7b581437645bbeb7b1749cda39c317ee395
SHA256a8af89a4018549e75ab64fc90298a296132df4ce782e41b5a635341f85d59e59
SHA5124d8f9dbcc95eafdfdbeb449f6f5bf11e9a9229af6cbf0df21dea7371efd1e801f1fc9c559da956579378c95bf1c1414b5d964925dd42f7b73549a8c5f6f3f400
-
Filesize
72KB
MD50a11097ca66a14ccaf628e4ef1064d7f
SHA18d54e7b581437645bbeb7b1749cda39c317ee395
SHA256a8af89a4018549e75ab64fc90298a296132df4ce782e41b5a635341f85d59e59
SHA5124d8f9dbcc95eafdfdbeb449f6f5bf11e9a9229af6cbf0df21dea7371efd1e801f1fc9c559da956579378c95bf1c1414b5d964925dd42f7b73549a8c5f6f3f400
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
72KB
MD5f200a03e83ebfb13f74d5954b4eb241e
SHA16db397c6ea11a8be13b351277c015ace999722fa
SHA2564d40359790b4f12b61c8c37e17da222e04ddc7d706913ccbeb41f61b543f4f55
SHA512b3b9eb87f31cc56f2620f96e09e6670fca95c8b4309f03c8cc729d832c1fe47893602a695e5883166a7b37e80d9e10fe2a51ca19797ac05ea5406af134448ac9
-
Filesize
8KB