Analysis
-
max time kernel
150s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
21/10/2022, 01:36
General
-
Target
ce04b234d7c0a70e6b4cc389ff7f13a9fcef78eb990201706aa02c3c2b88deb2.exe
-
Size
72KB
-
MD5
74439941ebdba21440ca7848750d817f
-
SHA1
5cd129cbfbe1f0a2204cce6268d16c6beebaf72b
-
SHA256
ce04b234d7c0a70e6b4cc389ff7f13a9fcef78eb990201706aa02c3c2b88deb2
-
SHA512
d77374a14b05752d77be1920337764b4a3e142e4fabd19af33c5763e7eac0b1960178b3a9016957bc60e4fa14962b47cdad619501f4b795a681e644a4fb4684a
-
SSDEEP
768:ipQNwC3BEddsEqOt/hyJF+x3BEJwRr3nF:ieTce/U/hKYuKXF
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ce04b234d7c0a70e6b4cc389ff7f13a9fcef78eb990201706aa02c3c2b88deb2.exe"C:\Users\Admin\AppData\Local\Temp\ce04b234d7c0a70e6b4cc389ff7f13a9fcef78eb990201706aa02c3c2b88deb2.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\1237383941\backup.exeC:\Users\Admin\AppData\Local\Temp\1237383941\backup.exe C:\Users\Admin\AppData\Local\Temp\1237383941\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\update.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\update.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\data.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\data.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\data.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\data.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\update.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\update.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\update.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\update.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pl-PL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-BR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-PT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ro-RO\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\data.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\data.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\update.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\update.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\data.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\data.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\ja-JP\data.exe"C:\Program Files\Common Files\System\ado\ja-JP\data.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\data.exe"C:\Program Files\Common Files\System\de-DE\data.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\update.exe"C:\Program Files\Common Files\System\fr-FR\update.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\data.exe"C:\Program Files\Google\Chrome\Application\data.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\update.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\update.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\10⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\10⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\10⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\11⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\11⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\12⤵
-
-
-
-
-
-
-
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Documents\System Restore.exe"C:\Users\Admin\Documents\System Restore.exe" C:\Users\Admin\Documents\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
- Disables RegEdit via registry modification
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Public\Documents\data.exeC:\Users\Public\Documents\data.exe C:\Users\Public\Documents\6⤵
- System policy modification
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
-
C:\Users\Public\Videos\update.exeC:\Users\Public\Videos\update.exe C:\Users\Public\Videos\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- System policy modification
-
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
-
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
-
-
-
C:\Windows\apppatch\CustomSDB\backup.exeC:\Windows\apppatch\CustomSDB\backup.exe C:\Windows\apppatch\CustomSDB\6⤵
-
-
C:\Windows\apppatch\de-DE\backup.exeC:\Windows\apppatch\de-DE\backup.exe C:\Windows\apppatch\de-DE\6⤵
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\data.exeC:\Users\Admin\AppData\Local\Temp\Low\data.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD59b6e3461566cc85c10c169f00681d405
SHA114a971d62ae4a9b7cfd1c4b5ee47d199449349b1
SHA25668bf57075aab5006ad51294eb650e5ecd3f98fa4db56aabee715e1bf9098e913
SHA512bc6a33a7e8048f34905acee9b45f1d692fd7913fda86a75c97e9e535b75cd4a5c037b938b545cdb81a082375b397d1eb4fb13d9f25c09b285ff00735b0fdee7e
-
Filesize
72KB
MD59b6e3461566cc85c10c169f00681d405
SHA114a971d62ae4a9b7cfd1c4b5ee47d199449349b1
SHA25668bf57075aab5006ad51294eb650e5ecd3f98fa4db56aabee715e1bf9098e913
SHA512bc6a33a7e8048f34905acee9b45f1d692fd7913fda86a75c97e9e535b75cd4a5c037b938b545cdb81a082375b397d1eb4fb13d9f25c09b285ff00735b0fdee7e
-
Filesize
72KB
MD5e74abea4b94130dff77a862866d8e346
SHA1d647348df711523f3d0ae3eb3d9b33c2a23c42ab
SHA25614016468d615eca2f6589eadea99764c92265a14174101699a910cdaa67276d3
SHA5124b675f156d434dce56f3e0f4648733053902e73ac3a14663b0e23b09d8fec596705a4a556a5424862f7a8d492a3079d6ce55319a34622439e1d9cf3626f8f5cc
-
Filesize
72KB
MD5e74abea4b94130dff77a862866d8e346
SHA1d647348df711523f3d0ae3eb3d9b33c2a23c42ab
SHA25614016468d615eca2f6589eadea99764c92265a14174101699a910cdaa67276d3
SHA5124b675f156d434dce56f3e0f4648733053902e73ac3a14663b0e23b09d8fec596705a4a556a5424862f7a8d492a3079d6ce55319a34622439e1d9cf3626f8f5cc
-
Filesize
72KB
MD59ded87c59c4efeee4e70273181225eaa
SHA189fe2f32a3bbeb907d5cc3de68949acc2577578d
SHA25600274a742a59961f2271a267c200e9b475b7bd3972763de0eefb8bbbc0ef742a
SHA5122ee08f8fc669aefbf78fb91db47edf768cbbb2033cc817c4ecdb0cfdf61f1b53aa4dfc323b10c4db98bd446187a32bcf3b69341c4638b72f4db0fc463cd61d73
-
Filesize
72KB
MD59ded87c59c4efeee4e70273181225eaa
SHA189fe2f32a3bbeb907d5cc3de68949acc2577578d
SHA25600274a742a59961f2271a267c200e9b475b7bd3972763de0eefb8bbbc0ef742a
SHA5122ee08f8fc669aefbf78fb91db47edf768cbbb2033cc817c4ecdb0cfdf61f1b53aa4dfc323b10c4db98bd446187a32bcf3b69341c4638b72f4db0fc463cd61d73
-
Filesize
72KB
MD5a019c753f2eef98a6328ffd51cb468c8
SHA13ac0edd4526a8088c924b647e182c9e21e70484a
SHA256200fc20971f084d89348af9fb911a6f44c5ae63016703133bdfe1ac95ecbac73
SHA512efc61af66ce56cd58e692af4b98d097aed2bd818828f80a7435e4d9720f2772a44c610b4c089cd0c7419a386600c9b4187ebc6f13a53f33f2136f621484a777f
-
Filesize
72KB
MD5a019c753f2eef98a6328ffd51cb468c8
SHA13ac0edd4526a8088c924b647e182c9e21e70484a
SHA256200fc20971f084d89348af9fb911a6f44c5ae63016703133bdfe1ac95ecbac73
SHA512efc61af66ce56cd58e692af4b98d097aed2bd818828f80a7435e4d9720f2772a44c610b4c089cd0c7419a386600c9b4187ebc6f13a53f33f2136f621484a777f
-
Filesize
72KB
MD5fdcd5b956f1b5c8f0a814a9a4704e593
SHA125412f7ae2bd9707fbbd5183b227aaa47a342d81
SHA25654d3cccc63b84742565ffd9bc18aeebc60f23b0df90f71f6c62b2b10600f283e
SHA512763e2805df24d29e37f77ccd82ec27e3faf2a39561024b889630187a8bba9f41045a54ae44f0deaec53c70492961fbbd5a3d7b612262d478f08f255befdbdd93
-
Filesize
72KB
MD5fdcd5b956f1b5c8f0a814a9a4704e593
SHA125412f7ae2bd9707fbbd5183b227aaa47a342d81
SHA25654d3cccc63b84742565ffd9bc18aeebc60f23b0df90f71f6c62b2b10600f283e
SHA512763e2805df24d29e37f77ccd82ec27e3faf2a39561024b889630187a8bba9f41045a54ae44f0deaec53c70492961fbbd5a3d7b612262d478f08f255befdbdd93
-
Filesize
72KB
MD569de263693484128561c00028b83f146
SHA1bc24ce4ea30ff715ae170d11d0457018d854ee33
SHA2566652c02e15832231a8fcc72814e424ab1755b9fc0aad6f95e17d82c85a448d99
SHA51267decaf94b24eca3a7af02153aecff3911ce16a358ad789335cdbf10b18446fffb17fb3f9218c01f81a5246be251c7183ead1a99eefc5ec8041dc2ced3e84645
-
Filesize
72KB
MD569de263693484128561c00028b83f146
SHA1bc24ce4ea30ff715ae170d11d0457018d854ee33
SHA2566652c02e15832231a8fcc72814e424ab1755b9fc0aad6f95e17d82c85a448d99
SHA51267decaf94b24eca3a7af02153aecff3911ce16a358ad789335cdbf10b18446fffb17fb3f9218c01f81a5246be251c7183ead1a99eefc5ec8041dc2ced3e84645
-
Filesize
72KB
MD548a1e80a5013bf1969004ce5bfc48a16
SHA1f0731d4d467b1ed7890c81ad438144cae349d254
SHA256c9a56e537a2bf5176e7f77b551fea5eaf13481cc031c3b3dd796c896e31119cf
SHA512494d9b9cceb9d246d841d08f3d9a452dbcc41fab02336be54e616ebc0c116968283f451f01b7e3903234d7fb7740223d19003a0f63b73890a6a0aa72490217fd
-
Filesize
72KB
MD548a1e80a5013bf1969004ce5bfc48a16
SHA1f0731d4d467b1ed7890c81ad438144cae349d254
SHA256c9a56e537a2bf5176e7f77b551fea5eaf13481cc031c3b3dd796c896e31119cf
SHA512494d9b9cceb9d246d841d08f3d9a452dbcc41fab02336be54e616ebc0c116968283f451f01b7e3903234d7fb7740223d19003a0f63b73890a6a0aa72490217fd
-
Filesize
72KB
MD56787416101713e87e0ee6ba7b8e6772a
SHA1a70e85a4cee3e62432019116e00a0560a47042d1
SHA25608ee1c98935ccc6481c218ce1f2af28f8b247c1b8ed800abe14bd86413f2c90b
SHA512429fc6e93122e07e864563e5edc0dd5b801959812a8469589cbefed27b77cb3af68c34993ff43327872e5d9aac4a7b7bae1060013cecad746b8daf8f15abeafb
-
Filesize
72KB
MD56787416101713e87e0ee6ba7b8e6772a
SHA1a70e85a4cee3e62432019116e00a0560a47042d1
SHA25608ee1c98935ccc6481c218ce1f2af28f8b247c1b8ed800abe14bd86413f2c90b
SHA512429fc6e93122e07e864563e5edc0dd5b801959812a8469589cbefed27b77cb3af68c34993ff43327872e5d9aac4a7b7bae1060013cecad746b8daf8f15abeafb
-
Filesize
72KB
MD5c531841c4f6fe7112465246038c7ecc0
SHA1f13dbf0100b9d2850ad27ecd6aad30f3a2a6b715
SHA2560387c7fb6cce6634fcf78b8e97ae23318b68d5be8568809fe35eadd6a44462a3
SHA51223193076dc615ecfd963e4047eefcd32eb94fc57491557a6809eebfecd032cc74252a90a269071f001f3fe55a258e3d6b1d64f41a285fb056e36370a0121d72e
-
Filesize
72KB
MD5c531841c4f6fe7112465246038c7ecc0
SHA1f13dbf0100b9d2850ad27ecd6aad30f3a2a6b715
SHA2560387c7fb6cce6634fcf78b8e97ae23318b68d5be8568809fe35eadd6a44462a3
SHA51223193076dc615ecfd963e4047eefcd32eb94fc57491557a6809eebfecd032cc74252a90a269071f001f3fe55a258e3d6b1d64f41a285fb056e36370a0121d72e
-
Filesize
72KB
MD52b854e47da4cdc043baacd75c76116c8
SHA1f9c699f48edfc82a11eb440a370abda211cd2628
SHA256cbde1638b3b5311c9c4efd868fd4e8dd8dabd9f0a64547250a62c20525056c3e
SHA5127b73dd4413639a9c2a7988c5efde766dfaf75f98a4612a052d30520c900a4de7be2f4e5ac9bf68db219ce62fdf4f55cd9469296bf60e2e0d582c770ca1125fca
-
Filesize
72KB
MD52b854e47da4cdc043baacd75c76116c8
SHA1f9c699f48edfc82a11eb440a370abda211cd2628
SHA256cbde1638b3b5311c9c4efd868fd4e8dd8dabd9f0a64547250a62c20525056c3e
SHA5127b73dd4413639a9c2a7988c5efde766dfaf75f98a4612a052d30520c900a4de7be2f4e5ac9bf68db219ce62fdf4f55cd9469296bf60e2e0d582c770ca1125fca
-
Filesize
72KB
MD5f7a13d8e493ee31e772ed7b91f9ecc29
SHA179ea47b9289c8b5c30bfebebfe30848dc8f4e54d
SHA2561713c737d067601b09e1362313cc7480b626f20c94caeea5ef5aee9a2bcf8154
SHA5126df4d449665a38397c488b8287be3bc94aaad8ffe3efdb0cafcbec8db51c8da8f9dfe22873426a07edce29a2c98951f6d5e021bfd939cfa0af417081a288fc4f
-
Filesize
72KB
MD5f7a13d8e493ee31e772ed7b91f9ecc29
SHA179ea47b9289c8b5c30bfebebfe30848dc8f4e54d
SHA2561713c737d067601b09e1362313cc7480b626f20c94caeea5ef5aee9a2bcf8154
SHA5126df4d449665a38397c488b8287be3bc94aaad8ffe3efdb0cafcbec8db51c8da8f9dfe22873426a07edce29a2c98951f6d5e021bfd939cfa0af417081a288fc4f
-
Filesize
72KB
MD5e764e854cde7382473ed6773d04ba9a5
SHA1dc4a03b38501d25985a0c257afe29842de194d14
SHA2567502aaa73b7dd6934a3c6519ca629700370d574272d1cc1b840467898d14a083
SHA512c3a9acb067c636c1a61a11fcf94245097f92bf9b67eabe9e563bbc107e8ea4eddda19e565ecafdc4d498e800d398c516bbb833b9d7d814583c05ac6756334248
-
Filesize
72KB
MD5e764e854cde7382473ed6773d04ba9a5
SHA1dc4a03b38501d25985a0c257afe29842de194d14
SHA2567502aaa73b7dd6934a3c6519ca629700370d574272d1cc1b840467898d14a083
SHA512c3a9acb067c636c1a61a11fcf94245097f92bf9b67eabe9e563bbc107e8ea4eddda19e565ecafdc4d498e800d398c516bbb833b9d7d814583c05ac6756334248
-
Filesize
72KB
MD5ea6b71da04f531d44e25c3dd082870d8
SHA1cc26a309782da8ac7acfd18c6113983f6ce91284
SHA256ab28bf7276302cc7bfc6bfd711ad988f46d70169d7ef5b6834263ddb993d45e1
SHA512c24327dda003bd8c7245a63964cae8a68a3ecbf5d48c042d2d2aa577064f1cca9642f95e7359b278b45965fb57f06ca51942dcb06aabe11e4b49521d1b5ecddb
-
Filesize
72KB
MD5ea6b71da04f531d44e25c3dd082870d8
SHA1cc26a309782da8ac7acfd18c6113983f6ce91284
SHA256ab28bf7276302cc7bfc6bfd711ad988f46d70169d7ef5b6834263ddb993d45e1
SHA512c24327dda003bd8c7245a63964cae8a68a3ecbf5d48c042d2d2aa577064f1cca9642f95e7359b278b45965fb57f06ca51942dcb06aabe11e4b49521d1b5ecddb
-
Filesize
72KB
MD5b82729efa15ebc34cf18e752af0232a2
SHA142ac78029b33ec821cdccabd44c69136ac9efe34
SHA256feb8b871d2d20e891a4d191c3d16054ad8a253ac3392fdfaa36aa377cd8d8823
SHA51242d37f229200fc39718939214461eea4ed46a4c39a524e54eb6e41bd7919d05f7a60fac9b664001dbbe5d8bcbc01146a70b203fcaf27f4c51dc29108eff8bf8b
-
Filesize
72KB
MD5b82729efa15ebc34cf18e752af0232a2
SHA142ac78029b33ec821cdccabd44c69136ac9efe34
SHA256feb8b871d2d20e891a4d191c3d16054ad8a253ac3392fdfaa36aa377cd8d8823
SHA51242d37f229200fc39718939214461eea4ed46a4c39a524e54eb6e41bd7919d05f7a60fac9b664001dbbe5d8bcbc01146a70b203fcaf27f4c51dc29108eff8bf8b
-
Filesize
72KB
MD518a8caa82b29500e0fba768939edb821
SHA174c5d94f00808a40e01cad5005e4f942648be242
SHA2568d2b6b94174535dcbc3ffe9736220aa4ba4e41ed1f18135df64c5af901e14c02
SHA5123dc04c054fcea995441df9fd19dd327ffc472e8cb152f2eedecbb780a00bf6c24aa9a397f0d9a5a7a80ff460f67e831ef76f4feb1e6dba7612cdc371e6f0e50d
-
Filesize
72KB
MD518a8caa82b29500e0fba768939edb821
SHA174c5d94f00808a40e01cad5005e4f942648be242
SHA2568d2b6b94174535dcbc3ffe9736220aa4ba4e41ed1f18135df64c5af901e14c02
SHA5123dc04c054fcea995441df9fd19dd327ffc472e8cb152f2eedecbb780a00bf6c24aa9a397f0d9a5a7a80ff460f67e831ef76f4feb1e6dba7612cdc371e6f0e50d
-
Filesize
72KB
MD5bd8a27063a6ae40c4104f7fe0c970354
SHA1601413f08053f8b99ff60d75449b24a3807735a4
SHA256f4ce553e5996995bb9eb665389133f0f37d1f8855380d7048c51b021ca68e580
SHA512b87d02ac4880159fc0888027c9bb591a05047a4c87526e3b0094c269b8d25c6e9bcb2cb98d3e72e8eeb506e8a66cca2d9d45d1944076b121bcd5dcc4f81cbb46
-
Filesize
72KB
MD5bd8a27063a6ae40c4104f7fe0c970354
SHA1601413f08053f8b99ff60d75449b24a3807735a4
SHA256f4ce553e5996995bb9eb665389133f0f37d1f8855380d7048c51b021ca68e580
SHA512b87d02ac4880159fc0888027c9bb591a05047a4c87526e3b0094c269b8d25c6e9bcb2cb98d3e72e8eeb506e8a66cca2d9d45d1944076b121bcd5dcc4f81cbb46
-
Filesize
72KB
MD50c60f5a010f0c2d13a1aa2022b4d0096
SHA19b2243cc3a1262647eb0013d2d75f1045618d464
SHA256b1d1e3dae299d9d0a2cf4e04dd340b582aa069b29702f32d8fc1756ea4f1f9bb
SHA51244e3a844262d3ca411ce1942386825fd99df18ef188becceb2fa34506e3e9d1df852a3b351d00062a5f8f53719a79c9cd52dd3142a17fab742bb88f30555873a
-
Filesize
72KB
MD50c60f5a010f0c2d13a1aa2022b4d0096
SHA19b2243cc3a1262647eb0013d2d75f1045618d464
SHA256b1d1e3dae299d9d0a2cf4e04dd340b582aa069b29702f32d8fc1756ea4f1f9bb
SHA51244e3a844262d3ca411ce1942386825fd99df18ef188becceb2fa34506e3e9d1df852a3b351d00062a5f8f53719a79c9cd52dd3142a17fab742bb88f30555873a
-
Filesize
72KB
MD5bd8a27063a6ae40c4104f7fe0c970354
SHA1601413f08053f8b99ff60d75449b24a3807735a4
SHA256f4ce553e5996995bb9eb665389133f0f37d1f8855380d7048c51b021ca68e580
SHA512b87d02ac4880159fc0888027c9bb591a05047a4c87526e3b0094c269b8d25c6e9bcb2cb98d3e72e8eeb506e8a66cca2d9d45d1944076b121bcd5dcc4f81cbb46
-
Filesize
72KB
MD5bd8a27063a6ae40c4104f7fe0c970354
SHA1601413f08053f8b99ff60d75449b24a3807735a4
SHA256f4ce553e5996995bb9eb665389133f0f37d1f8855380d7048c51b021ca68e580
SHA512b87d02ac4880159fc0888027c9bb591a05047a4c87526e3b0094c269b8d25c6e9bcb2cb98d3e72e8eeb506e8a66cca2d9d45d1944076b121bcd5dcc4f81cbb46
-
Filesize
72KB
MD5a12543affe616f5bafc35c033b843b17
SHA1cf978b33e03b568b5499a9890cb2c768fabb58d8
SHA256fe36343ee355e78c7622cfe2cce43d411b79f67967f6f05319d1856d513f1b61
SHA512b9b8a7fb038f6fdd8dc084a565925de9b166316295913dbc1cfc7c2ef7519a790c73c1c9f9e79467af301884108d14235d22340c2072102104e4c26aa37122d9
-
Filesize
72KB
MD5a12543affe616f5bafc35c033b843b17
SHA1cf978b33e03b568b5499a9890cb2c768fabb58d8
SHA256fe36343ee355e78c7622cfe2cce43d411b79f67967f6f05319d1856d513f1b61
SHA512b9b8a7fb038f6fdd8dc084a565925de9b166316295913dbc1cfc7c2ef7519a790c73c1c9f9e79467af301884108d14235d22340c2072102104e4c26aa37122d9
-
Filesize
72KB
MD5a12543affe616f5bafc35c033b843b17
SHA1cf978b33e03b568b5499a9890cb2c768fabb58d8
SHA256fe36343ee355e78c7622cfe2cce43d411b79f67967f6f05319d1856d513f1b61
SHA512b9b8a7fb038f6fdd8dc084a565925de9b166316295913dbc1cfc7c2ef7519a790c73c1c9f9e79467af301884108d14235d22340c2072102104e4c26aa37122d9
-
Filesize
72KB
MD5a12543affe616f5bafc35c033b843b17
SHA1cf978b33e03b568b5499a9890cb2c768fabb58d8
SHA256fe36343ee355e78c7622cfe2cce43d411b79f67967f6f05319d1856d513f1b61
SHA512b9b8a7fb038f6fdd8dc084a565925de9b166316295913dbc1cfc7c2ef7519a790c73c1c9f9e79467af301884108d14235d22340c2072102104e4c26aa37122d9
-
Filesize
72KB
MD59b6e3461566cc85c10c169f00681d405
SHA114a971d62ae4a9b7cfd1c4b5ee47d199449349b1
SHA25668bf57075aab5006ad51294eb650e5ecd3f98fa4db56aabee715e1bf9098e913
SHA512bc6a33a7e8048f34905acee9b45f1d692fd7913fda86a75c97e9e535b75cd4a5c037b938b545cdb81a082375b397d1eb4fb13d9f25c09b285ff00735b0fdee7e
-
Filesize
72KB
MD59b6e3461566cc85c10c169f00681d405
SHA114a971d62ae4a9b7cfd1c4b5ee47d199449349b1
SHA25668bf57075aab5006ad51294eb650e5ecd3f98fa4db56aabee715e1bf9098e913
SHA512bc6a33a7e8048f34905acee9b45f1d692fd7913fda86a75c97e9e535b75cd4a5c037b938b545cdb81a082375b397d1eb4fb13d9f25c09b285ff00735b0fdee7e
-
Filesize
72KB
MD5a4cdc6ea649fa3c63eb9d0a66fcce853
SHA10e2b2c7be6cac7ee73feb681dd2fafd09446d10c
SHA2561e66af8295618277a9e00090d1e5fa8aa42a10716612682d464aabcca9f15120
SHA512a2f1511b535192837c9cacd2e6e52ea4d2bc35605c0cf90d15a17550eaf222cd96774b205ccf7daf5ab359059d746762f292072f73a50ee3851c783214106012
-
Filesize
72KB
MD5a4cdc6ea649fa3c63eb9d0a66fcce853
SHA10e2b2c7be6cac7ee73feb681dd2fafd09446d10c
SHA2561e66af8295618277a9e00090d1e5fa8aa42a10716612682d464aabcca9f15120
SHA512a2f1511b535192837c9cacd2e6e52ea4d2bc35605c0cf90d15a17550eaf222cd96774b205ccf7daf5ab359059d746762f292072f73a50ee3851c783214106012
-
Filesize
72KB
MD5a4cdc6ea649fa3c63eb9d0a66fcce853
SHA10e2b2c7be6cac7ee73feb681dd2fafd09446d10c
SHA2561e66af8295618277a9e00090d1e5fa8aa42a10716612682d464aabcca9f15120
SHA512a2f1511b535192837c9cacd2e6e52ea4d2bc35605c0cf90d15a17550eaf222cd96774b205ccf7daf5ab359059d746762f292072f73a50ee3851c783214106012
-
Filesize
72KB
MD5a4cdc6ea649fa3c63eb9d0a66fcce853
SHA10e2b2c7be6cac7ee73feb681dd2fafd09446d10c
SHA2561e66af8295618277a9e00090d1e5fa8aa42a10716612682d464aabcca9f15120
SHA512a2f1511b535192837c9cacd2e6e52ea4d2bc35605c0cf90d15a17550eaf222cd96774b205ccf7daf5ab359059d746762f292072f73a50ee3851c783214106012
-
Filesize
72KB
MD5d066e27fa8092600e6b3705f33e70ec1
SHA1256cd8e9e19ca5580ad1b14aa1b7876fa224b499
SHA256576112938de5da67f16fcbb2d519ca017f2b2086b3e050b1bb4fd83aad8b8e47
SHA51278b88476d372e73d6985ac1d7ace9b4eb39028b1ac80bbb28db928c4116e9095723123f2d7c2514f3c008c78e6103de0557b5c36f0b791ccab4c5225ce08246c
-
Filesize
72KB
MD5d066e27fa8092600e6b3705f33e70ec1
SHA1256cd8e9e19ca5580ad1b14aa1b7876fa224b499
SHA256576112938de5da67f16fcbb2d519ca017f2b2086b3e050b1bb4fd83aad8b8e47
SHA51278b88476d372e73d6985ac1d7ace9b4eb39028b1ac80bbb28db928c4116e9095723123f2d7c2514f3c008c78e6103de0557b5c36f0b791ccab4c5225ce08246c
-
Filesize
72KB
MD5d066e27fa8092600e6b3705f33e70ec1
SHA1256cd8e9e19ca5580ad1b14aa1b7876fa224b499
SHA256576112938de5da67f16fcbb2d519ca017f2b2086b3e050b1bb4fd83aad8b8e47
SHA51278b88476d372e73d6985ac1d7ace9b4eb39028b1ac80bbb28db928c4116e9095723123f2d7c2514f3c008c78e6103de0557b5c36f0b791ccab4c5225ce08246c
-
Filesize
72KB
MD5d066e27fa8092600e6b3705f33e70ec1
SHA1256cd8e9e19ca5580ad1b14aa1b7876fa224b499
SHA256576112938de5da67f16fcbb2d519ca017f2b2086b3e050b1bb4fd83aad8b8e47
SHA51278b88476d372e73d6985ac1d7ace9b4eb39028b1ac80bbb28db928c4116e9095723123f2d7c2514f3c008c78e6103de0557b5c36f0b791ccab4c5225ce08246c
-
Filesize
72KB
MD5a4cdc6ea649fa3c63eb9d0a66fcce853
SHA10e2b2c7be6cac7ee73feb681dd2fafd09446d10c
SHA2561e66af8295618277a9e00090d1e5fa8aa42a10716612682d464aabcca9f15120
SHA512a2f1511b535192837c9cacd2e6e52ea4d2bc35605c0cf90d15a17550eaf222cd96774b205ccf7daf5ab359059d746762f292072f73a50ee3851c783214106012
-
Filesize
72KB
MD5a4cdc6ea649fa3c63eb9d0a66fcce853
SHA10e2b2c7be6cac7ee73feb681dd2fafd09446d10c
SHA2561e66af8295618277a9e00090d1e5fa8aa42a10716612682d464aabcca9f15120
SHA512a2f1511b535192837c9cacd2e6e52ea4d2bc35605c0cf90d15a17550eaf222cd96774b205ccf7daf5ab359059d746762f292072f73a50ee3851c783214106012
-
Filesize
72KB
MD5a4cdc6ea649fa3c63eb9d0a66fcce853
SHA10e2b2c7be6cac7ee73feb681dd2fafd09446d10c
SHA2561e66af8295618277a9e00090d1e5fa8aa42a10716612682d464aabcca9f15120
SHA512a2f1511b535192837c9cacd2e6e52ea4d2bc35605c0cf90d15a17550eaf222cd96774b205ccf7daf5ab359059d746762f292072f73a50ee3851c783214106012
-
Filesize
72KB
MD5a4cdc6ea649fa3c63eb9d0a66fcce853
SHA10e2b2c7be6cac7ee73feb681dd2fafd09446d10c
SHA2561e66af8295618277a9e00090d1e5fa8aa42a10716612682d464aabcca9f15120
SHA512a2f1511b535192837c9cacd2e6e52ea4d2bc35605c0cf90d15a17550eaf222cd96774b205ccf7daf5ab359059d746762f292072f73a50ee3851c783214106012
-
Filesize
72KB
MD5d066e27fa8092600e6b3705f33e70ec1
SHA1256cd8e9e19ca5580ad1b14aa1b7876fa224b499
SHA256576112938de5da67f16fcbb2d519ca017f2b2086b3e050b1bb4fd83aad8b8e47
SHA51278b88476d372e73d6985ac1d7ace9b4eb39028b1ac80bbb28db928c4116e9095723123f2d7c2514f3c008c78e6103de0557b5c36f0b791ccab4c5225ce08246c
-
Filesize
72KB
MD5d066e27fa8092600e6b3705f33e70ec1
SHA1256cd8e9e19ca5580ad1b14aa1b7876fa224b499
SHA256576112938de5da67f16fcbb2d519ca017f2b2086b3e050b1bb4fd83aad8b8e47
SHA51278b88476d372e73d6985ac1d7ace9b4eb39028b1ac80bbb28db928c4116e9095723123f2d7c2514f3c008c78e6103de0557b5c36f0b791ccab4c5225ce08246c
-
Filesize
72KB
MD518897d187342dbfa1e50423040b8c7b1
SHA12c97c07b4f9c2d59936373835b2c3ab565b81402
SHA2568dae4ee7b26be5df416fe9ac18a923be38f3443577fd6ac069523d9bb1ae5337
SHA512ac706590ddf1d98e9929aa0308fddff72263b6bd163561b95f46714d92f7af55e0687358c5e7c4279db0b048acbe9ade0f41a4fe4406d3981f073dab6ce2074b
-
Filesize
72KB
MD518897d187342dbfa1e50423040b8c7b1
SHA12c97c07b4f9c2d59936373835b2c3ab565b81402
SHA2568dae4ee7b26be5df416fe9ac18a923be38f3443577fd6ac069523d9bb1ae5337
SHA512ac706590ddf1d98e9929aa0308fddff72263b6bd163561b95f46714d92f7af55e0687358c5e7c4279db0b048acbe9ade0f41a4fe4406d3981f073dab6ce2074b
-
Filesize
72KB
MD56837c9764e3d7529c118f3cc6d862ddc
SHA19735dd158e05950ff9c826fff5faaed5225d1eb4
SHA256e30f533e9de45f222651682701dbb9619cf0a6c5c4371ebe0ea63ebe68958ef7
SHA512b24caaf200a14246d3592bae488838224c053adf95e19aa1fa82310cbc8ca1caa94711ef26ff9e21251ec1d99461dc1d5c89362cec93bcf47e836eec2b37a3b1
-
Filesize
72KB
MD56837c9764e3d7529c118f3cc6d862ddc
SHA19735dd158e05950ff9c826fff5faaed5225d1eb4
SHA256e30f533e9de45f222651682701dbb9619cf0a6c5c4371ebe0ea63ebe68958ef7
SHA512b24caaf200a14246d3592bae488838224c053adf95e19aa1fa82310cbc8ca1caa94711ef26ff9e21251ec1d99461dc1d5c89362cec93bcf47e836eec2b37a3b1
-
Filesize
72KB
MD5f5c857761c5553a1c91cb46c9fd8abb2
SHA17ffc5efcd1401f8ee053a3322fd7e441d7c7f6fb
SHA25626fc0ccb76a3ab1ed1c2a29a4f7c06ddc76543a56ed9af11942f8830dd7b3bac
SHA512f2cc4df39f907c991c78ab58c642fc08c2161a649f42ce4a8163430899712e7dc9ade05f7dfb05a07c11eeafcb30e2af8604ad212c35e6a15ea05cd32f983a7d
-
Filesize
72KB
MD5f5c857761c5553a1c91cb46c9fd8abb2
SHA17ffc5efcd1401f8ee053a3322fd7e441d7c7f6fb
SHA25626fc0ccb76a3ab1ed1c2a29a4f7c06ddc76543a56ed9af11942f8830dd7b3bac
SHA512f2cc4df39f907c991c78ab58c642fc08c2161a649f42ce4a8163430899712e7dc9ade05f7dfb05a07c11eeafcb30e2af8604ad212c35e6a15ea05cd32f983a7d
-
Filesize
72KB
MD51704733246ebfe610c3fcee520acae6a
SHA13871c419f74f7e1b2f22e533a14e078396f5f709
SHA256c76956dae15e80c2a723144783671d28fb5e2e508b8d2c7fccd65b306f96e673
SHA5124a69a4015663fb4cb02beca3833a9b9504e8341470272ca6c324ceab30bee501cbe8b9844443032e053d3d8263e5f08ca01a653dca59e087d317781d74b7a737
-
Filesize
72KB
MD51704733246ebfe610c3fcee520acae6a
SHA13871c419f74f7e1b2f22e533a14e078396f5f709
SHA256c76956dae15e80c2a723144783671d28fb5e2e508b8d2c7fccd65b306f96e673
SHA5124a69a4015663fb4cb02beca3833a9b9504e8341470272ca6c324ceab30bee501cbe8b9844443032e053d3d8263e5f08ca01a653dca59e087d317781d74b7a737