Analysis
-
max time kernel
141s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
06/11/2022, 12:29
General
-
Target
96413b5a916d9b590317f44671ffb3dfc7469cefc0c576630e9cecf31c782800.exe
-
Size
72KB
-
MD5
0cfe0b2f5d99658ba660db0752325f70
-
SHA1
2a925becf2112b6ef99112c0549f33f88513a529
-
SHA256
96413b5a916d9b590317f44671ffb3dfc7469cefc0c576630e9cecf31c782800
-
SHA512
30de125a1b6c3de08c17c566ef8d5621de9da73050908cf1fa8bbf3ccc7a424ab3968a9b0580193ff1b672b233c20a113df336610d24aa080f8734d4f831c171
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2S:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrO
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 17 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\96413b5a916d9b590317f44671ffb3dfc7469cefc0c576630e9cecf31c782800.exe"C:\Users\Admin\AppData\Local\Temp\96413b5a916d9b590317f44671ffb3dfc7469cefc0c576630e9cecf31c782800.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\903454012\backup.exeC:\Users\Admin\AppData\Local\Temp\903454012\backup.exe C:\Users\Admin\AppData\Local\Temp\903454012\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\data.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\data.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\data.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\9⤵
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\Ole DB\en-US\update.exe"C:\Program Files\Common Files\System\Ole DB\en-US\update.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\System Restore.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\System Restore.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
-
C:\Program Files\DVD Maker\ja-JP\data.exe"C:\Program Files\DVD Maker\ja-JP\data.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\data.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\data.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\data.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\data.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
- Disables RegEdit via registry modification
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- System policy modification
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\bin\data.exe"C:\Program Files\Java\jdk1.7.0_80\bin\data.exe" C:\Program Files\Java\jdk1.7.0_80\bin\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jdk1.7.0_80\db\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\bin\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\lib\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Java\jdk1.7.0_80\include\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\data.exe"C:\Program Files\Java\jdk1.7.0_80\jre\data.exe" C:\Program Files\Java\jdk1.7.0_80\jre\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\7⤵
-
-
-
C:\Program Files\Java\jre7\System Restore.exe"C:\Program Files\Java\jre7\System Restore.exe" C:\Program Files\Java\jre7\6⤵
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Microsoft Games\Chess\backup.exe"C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\6⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\backup.exe"C:\Program Files\Microsoft Games\FreeCell\backup.exe" C:\Program Files\Microsoft Games\FreeCell\6⤵
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\10⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe AIR\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- System policy modification
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- System policy modification
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
- System policy modification
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
- System policy modification
-
-
-
C:\Users\Public\data.exeC:\Users\Public\data.exe C:\Users\Public\5⤵
- System policy modification
-
C:\Users\Public\Documents\System Restore.exe"C:\Users\Public\Documents\System Restore.exe" C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- System policy modification
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Public\Music\Sample Music\backup.exe"C:\Users\Public\Music\Sample Music\backup.exe" C:\Users\Public\Music\Sample Music\7⤵
-
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
C:\Users\Public\Pictures\Sample Pictures\backup.exe"C:\Users\Public\Pictures\Sample Pictures\backup.exe" C:\Users\Public\Pictures\Sample Pictures\7⤵
-
-
-
C:\Users\Public\Recorded TV\backup.exe"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\6⤵
-
C:\Users\Public\Recorded TV\Sample Media\backup.exe"C:\Users\Public\Recorded TV\Sample Media\backup.exe" C:\Users\Public\Recorded TV\Sample Media\7⤵
- Disables RegEdit via registry modification
-
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
C:\Users\Public\Videos\Sample Videos\backup.exe"C:\Users\Public\Videos\Sample Videos\backup.exe" C:\Users\Public\Videos\Sample Videos\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Windows\System Restore.exe"C:\Windows\System Restore.exe" C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- System policy modification
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\AppPatch\data.exeC:\Windows\AppPatch\data.exe C:\Windows\AppPatch\5⤵
- Drops file in Windows directory
-
C:\Windows\AppPatch\AppPatch64\backup.exeC:\Windows\AppPatch\AppPatch64\backup.exe C:\Windows\AppPatch\AppPatch64\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\AppPatch\Custom\backup.exeC:\Windows\AppPatch\Custom\backup.exe C:\Windows\AppPatch\Custom\6⤵
- Drops file in Windows directory
-
C:\Windows\AppPatch\Custom\Custom64\backup.exeC:\Windows\AppPatch\Custom\Custom64\backup.exe C:\Windows\AppPatch\Custom\Custom64\7⤵
-
-
-
C:\Windows\AppPatch\de-DE\backup.exeC:\Windows\AppPatch\de-DE\backup.exe C:\Windows\AppPatch\de-DE\6⤵
-
-
C:\Windows\AppPatch\en-US\backup.exeC:\Windows\AppPatch\en-US\backup.exe C:\Windows\AppPatch\en-US\6⤵
-
-
C:\Windows\AppPatch\es-ES\backup.exeC:\Windows\AppPatch\es-ES\backup.exe C:\Windows\AppPatch\es-ES\6⤵
-
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
-
-
C:\Windows\assembly\GAC\Extensibility\backup.exeC:\Windows\assembly\GAC\Extensibility\backup.exe C:\Windows\assembly\GAC\Extensibility\7⤵
-
-
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
-
C:\Windows\CSC\update.exeC:\Windows\CSC\update.exe C:\Windows\CSC\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\data.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\data.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD54670d9b5b3d7aa57ff92e91987748f2a
SHA1fa57e1ba6544096911ab859ceeb627db2535212d
SHA25627a7bf3225761482e1594ff58fc0d14786fdaedd6ed8f0bc6985d66518a00129
SHA51283d8336a26d5628af52f13e77b6a65b9e9f4073f5ba7062aa3d9610d07354b07e685b4b3b6c1676bd2f7d2c00e1b9b23c9dc9b7d655e2579d6f40135610ff96f
-
Filesize
72KB
MD545b1f6c1a74cc5309fa0ca01f460b6f2
SHA17826810fd1b96917cdbbd6177abe0aacb2eb9190
SHA25685b71dc30ea73accc8b1eb8bcaedfa7f43914907102289e7f117151b82804468
SHA51282bca8a1e5ecaf6c3449da6524f54d1b2dd8c6f2b4f95ff1d11ee2994e670bc82d9804f1948c0d87f3eb9abd04afa9e33a54d448c592a3f3f59ab89c076b343f
-
Filesize
72KB
MD545b1f6c1a74cc5309fa0ca01f460b6f2
SHA17826810fd1b96917cdbbd6177abe0aacb2eb9190
SHA25685b71dc30ea73accc8b1eb8bcaedfa7f43914907102289e7f117151b82804468
SHA51282bca8a1e5ecaf6c3449da6524f54d1b2dd8c6f2b4f95ff1d11ee2994e670bc82d9804f1948c0d87f3eb9abd04afa9e33a54d448c592a3f3f59ab89c076b343f
-
Filesize
72KB
MD5b7de761439e10ba908272f15cf432c2a
SHA1c5ddb6958afe82f2a055581d10775c70ae375598
SHA256232b38010a525c8cf95653f43d54499fa3491137e4bb00e7f59d20386321d9b9
SHA512aafa2e8f60d162c9c4429f714d3c5bd574de56ef04a11f0a52dc48a97d578150b211d2e275c958ed1e73e1ff91d2bc4ac7f1ac3ad53ca243d0e7ceba1ceb4075
-
Filesize
72KB
MD56618aeb953b9d691be29a5d2fbf0f9b5
SHA169fe9a3d46b0f648a9ca89bfc0875e00159ade61
SHA2567c1207ed9fc7c0dc61aae93a25953cc2ebedf99d3ca8ff00e1c01db2f4d8c7b9
SHA512c8f65e49a079209acb4d639d8886178b3c039a8278193bfad8bfc1d7ada6ac8f76b46938fc268380bf4e8434660bac0e32ac7edee6cb8f6e9bdb36946f7c73e0
-
Filesize
72KB
MD56618aeb953b9d691be29a5d2fbf0f9b5
SHA169fe9a3d46b0f648a9ca89bfc0875e00159ade61
SHA2567c1207ed9fc7c0dc61aae93a25953cc2ebedf99d3ca8ff00e1c01db2f4d8c7b9
SHA512c8f65e49a079209acb4d639d8886178b3c039a8278193bfad8bfc1d7ada6ac8f76b46938fc268380bf4e8434660bac0e32ac7edee6cb8f6e9bdb36946f7c73e0
-
Filesize
72KB
MD51a42ba96be4ec3edc65fd0a050bcb3d2
SHA1c44504edd67f52e5b02b9bc549a2e94e2d152f37
SHA256773081a12076e79616258d9eaa89d7136363bd801e95f82103e3b12afdf7ae71
SHA5126cb63a6a14152386858503513e02f689fd81ff71d7ce8718d4baa1ea404f1ce57284526ef5541cfe131843ec5114f9880286ca19b48a3531c252bf61a3db4d60
-
Filesize
72KB
MD52c5f34c239d3f50deefa2a4b5b833547
SHA1ec4ba6d0f30cccb673b550b462c85c6daaaad40a
SHA256c763e4c997b6b654876dd4fcca71422e9bb12eb0e6a3178463f5372a3e49e839
SHA5124f627fbf3c1982fff8cd0d4bb49ee4559f36d3aeae48ddef371be4b73cfc9cdd16a037535ca8d5e86916b81fedd956db01ffe46c53cf33d192d5091920c1436a
-
Filesize
72KB
MD52c5f34c239d3f50deefa2a4b5b833547
SHA1ec4ba6d0f30cccb673b550b462c85c6daaaad40a
SHA256c763e4c997b6b654876dd4fcca71422e9bb12eb0e6a3178463f5372a3e49e839
SHA5124f627fbf3c1982fff8cd0d4bb49ee4559f36d3aeae48ddef371be4b73cfc9cdd16a037535ca8d5e86916b81fedd956db01ffe46c53cf33d192d5091920c1436a
-
Filesize
72KB
MD5285f2eb8077a1fae88b0a7c2eafc3883
SHA1f9cf03a716c3ad9562f0708539ecb208953548aa
SHA256410555004f28655e05eebce242bfc0935f84408ee960caa35df97acf48da9a4f
SHA512b670d7894ef461ee8178c34a7bb4941e373f660cbf5fa580362e69c771914e9358d5a8c0fa664784af29fe098b3b9db17597f1f27c6c974dd9ba0c6727fdc0cb
-
Filesize
72KB
MD51a42ba96be4ec3edc65fd0a050bcb3d2
SHA1c44504edd67f52e5b02b9bc549a2e94e2d152f37
SHA256773081a12076e79616258d9eaa89d7136363bd801e95f82103e3b12afdf7ae71
SHA5126cb63a6a14152386858503513e02f689fd81ff71d7ce8718d4baa1ea404f1ce57284526ef5541cfe131843ec5114f9880286ca19b48a3531c252bf61a3db4d60
-
Filesize
72KB
MD51a42ba96be4ec3edc65fd0a050bcb3d2
SHA1c44504edd67f52e5b02b9bc549a2e94e2d152f37
SHA256773081a12076e79616258d9eaa89d7136363bd801e95f82103e3b12afdf7ae71
SHA5126cb63a6a14152386858503513e02f689fd81ff71d7ce8718d4baa1ea404f1ce57284526ef5541cfe131843ec5114f9880286ca19b48a3531c252bf61a3db4d60
-
Filesize
72KB
MD5285f2eb8077a1fae88b0a7c2eafc3883
SHA1f9cf03a716c3ad9562f0708539ecb208953548aa
SHA256410555004f28655e05eebce242bfc0935f84408ee960caa35df97acf48da9a4f
SHA512b670d7894ef461ee8178c34a7bb4941e373f660cbf5fa580362e69c771914e9358d5a8c0fa664784af29fe098b3b9db17597f1f27c6c974dd9ba0c6727fdc0cb
-
Filesize
72KB
MD506a7e7d60e42c4f21512d57b611c3846
SHA1701c4bcf4b17e202aa7d8dc7a96e31f07341c0c2
SHA25678cb5a04a71edc2a69a38196a3220434355de60243b7ee4f8d7601ca1f797ccf
SHA51228b17761de360fcdf4781cf990d8cd020901ad92e97c8a8b058725292bf324eb0575d519f4a6c92d9702726210d0a861e40b297a192a0d24c783a473170960fe
-
Filesize
72KB
MD506a7e7d60e42c4f21512d57b611c3846
SHA1701c4bcf4b17e202aa7d8dc7a96e31f07341c0c2
SHA25678cb5a04a71edc2a69a38196a3220434355de60243b7ee4f8d7601ca1f797ccf
SHA51228b17761de360fcdf4781cf990d8cd020901ad92e97c8a8b058725292bf324eb0575d519f4a6c92d9702726210d0a861e40b297a192a0d24c783a473170960fe
-
Filesize
72KB
MD5887b1f90c477fc56bf21515a670b2485
SHA1564b6319ab2e1fe8c51f9a111cdf587b051616bf
SHA2568236bf3a5c54c6713a94b4be37041affbaa4b7c20e9455279dd8d4de66ec7281
SHA512418424164efe062b4e47a29282d02045e3d516bb2fe272c55bc4cc6e88d5cc9d3f191c93eb8a9901acc0f5522596820f2df9c12daaf3d4605e357911dda3a256
-
Filesize
72KB
MD5887b1f90c477fc56bf21515a670b2485
SHA1564b6319ab2e1fe8c51f9a111cdf587b051616bf
SHA2568236bf3a5c54c6713a94b4be37041affbaa4b7c20e9455279dd8d4de66ec7281
SHA512418424164efe062b4e47a29282d02045e3d516bb2fe272c55bc4cc6e88d5cc9d3f191c93eb8a9901acc0f5522596820f2df9c12daaf3d4605e357911dda3a256
-
Filesize
72KB
MD5a2a5a65db548690ddbe752392d40784f
SHA1519e3bc4105c5ceb8ddcebbd2940890e6955543c
SHA256630efaf587cabdf277826d73100dc548950795494f4dc47a9d4768377c105bc8
SHA5126e0bab740217b0fa50bde69445ae666d5cc28eae6df7a646e0cca314375e0127baafb30ed01a35509382f385d5a2df661bbed346345a1f8c895a3942d982b7f4
-
Filesize
72KB
MD5a2a5a65db548690ddbe752392d40784f
SHA1519e3bc4105c5ceb8ddcebbd2940890e6955543c
SHA256630efaf587cabdf277826d73100dc548950795494f4dc47a9d4768377c105bc8
SHA5126e0bab740217b0fa50bde69445ae666d5cc28eae6df7a646e0cca314375e0127baafb30ed01a35509382f385d5a2df661bbed346345a1f8c895a3942d982b7f4
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD5a2a5a65db548690ddbe752392d40784f
SHA1519e3bc4105c5ceb8ddcebbd2940890e6955543c
SHA256630efaf587cabdf277826d73100dc548950795494f4dc47a9d4768377c105bc8
SHA5126e0bab740217b0fa50bde69445ae666d5cc28eae6df7a646e0cca314375e0127baafb30ed01a35509382f385d5a2df661bbed346345a1f8c895a3942d982b7f4
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD5dddce2bbd3cf24be7acf0aa24924c3fc
SHA1c10a89b5cc3b35def5cce28cbaecb5744fbcbbf9
SHA25663f09ea75d97a9e46c92b3f429b911acc6249c84ff7253bcc9732f7f87f965c8
SHA512a379588eb278fef695bda79112e3dd111590f650147872f90c83f16fec97b4db8bc83a53988518b36cb7c8abf745f948b4cc17f3605d732fd23abce5c28b9619
-
Filesize
72KB
MD5dddce2bbd3cf24be7acf0aa24924c3fc
SHA1c10a89b5cc3b35def5cce28cbaecb5744fbcbbf9
SHA25663f09ea75d97a9e46c92b3f429b911acc6249c84ff7253bcc9732f7f87f965c8
SHA512a379588eb278fef695bda79112e3dd111590f650147872f90c83f16fec97b4db8bc83a53988518b36cb7c8abf745f948b4cc17f3605d732fd23abce5c28b9619
-
Filesize
72KB
MD54670d9b5b3d7aa57ff92e91987748f2a
SHA1fa57e1ba6544096911ab859ceeb627db2535212d
SHA25627a7bf3225761482e1594ff58fc0d14786fdaedd6ed8f0bc6985d66518a00129
SHA51283d8336a26d5628af52f13e77b6a65b9e9f4073f5ba7062aa3d9610d07354b07e685b4b3b6c1676bd2f7d2c00e1b9b23c9dc9b7d655e2579d6f40135610ff96f
-
Filesize
72KB
MD54670d9b5b3d7aa57ff92e91987748f2a
SHA1fa57e1ba6544096911ab859ceeb627db2535212d
SHA25627a7bf3225761482e1594ff58fc0d14786fdaedd6ed8f0bc6985d66518a00129
SHA51283d8336a26d5628af52f13e77b6a65b9e9f4073f5ba7062aa3d9610d07354b07e685b4b3b6c1676bd2f7d2c00e1b9b23c9dc9b7d655e2579d6f40135610ff96f
-
Filesize
72KB
MD545b1f6c1a74cc5309fa0ca01f460b6f2
SHA17826810fd1b96917cdbbd6177abe0aacb2eb9190
SHA25685b71dc30ea73accc8b1eb8bcaedfa7f43914907102289e7f117151b82804468
SHA51282bca8a1e5ecaf6c3449da6524f54d1b2dd8c6f2b4f95ff1d11ee2994e670bc82d9804f1948c0d87f3eb9abd04afa9e33a54d448c592a3f3f59ab89c076b343f
-
Filesize
72KB
MD545b1f6c1a74cc5309fa0ca01f460b6f2
SHA17826810fd1b96917cdbbd6177abe0aacb2eb9190
SHA25685b71dc30ea73accc8b1eb8bcaedfa7f43914907102289e7f117151b82804468
SHA51282bca8a1e5ecaf6c3449da6524f54d1b2dd8c6f2b4f95ff1d11ee2994e670bc82d9804f1948c0d87f3eb9abd04afa9e33a54d448c592a3f3f59ab89c076b343f
-
Filesize
72KB
MD5b7de761439e10ba908272f15cf432c2a
SHA1c5ddb6958afe82f2a055581d10775c70ae375598
SHA256232b38010a525c8cf95653f43d54499fa3491137e4bb00e7f59d20386321d9b9
SHA512aafa2e8f60d162c9c4429f714d3c5bd574de56ef04a11f0a52dc48a97d578150b211d2e275c958ed1e73e1ff91d2bc4ac7f1ac3ad53ca243d0e7ceba1ceb4075
-
Filesize
72KB
MD5b7de761439e10ba908272f15cf432c2a
SHA1c5ddb6958afe82f2a055581d10775c70ae375598
SHA256232b38010a525c8cf95653f43d54499fa3491137e4bb00e7f59d20386321d9b9
SHA512aafa2e8f60d162c9c4429f714d3c5bd574de56ef04a11f0a52dc48a97d578150b211d2e275c958ed1e73e1ff91d2bc4ac7f1ac3ad53ca243d0e7ceba1ceb4075
-
Filesize
72KB
MD56618aeb953b9d691be29a5d2fbf0f9b5
SHA169fe9a3d46b0f648a9ca89bfc0875e00159ade61
SHA2567c1207ed9fc7c0dc61aae93a25953cc2ebedf99d3ca8ff00e1c01db2f4d8c7b9
SHA512c8f65e49a079209acb4d639d8886178b3c039a8278193bfad8bfc1d7ada6ac8f76b46938fc268380bf4e8434660bac0e32ac7edee6cb8f6e9bdb36946f7c73e0
-
Filesize
72KB
MD56618aeb953b9d691be29a5d2fbf0f9b5
SHA169fe9a3d46b0f648a9ca89bfc0875e00159ade61
SHA2567c1207ed9fc7c0dc61aae93a25953cc2ebedf99d3ca8ff00e1c01db2f4d8c7b9
SHA512c8f65e49a079209acb4d639d8886178b3c039a8278193bfad8bfc1d7ada6ac8f76b46938fc268380bf4e8434660bac0e32ac7edee6cb8f6e9bdb36946f7c73e0
-
Filesize
72KB
MD51a42ba96be4ec3edc65fd0a050bcb3d2
SHA1c44504edd67f52e5b02b9bc549a2e94e2d152f37
SHA256773081a12076e79616258d9eaa89d7136363bd801e95f82103e3b12afdf7ae71
SHA5126cb63a6a14152386858503513e02f689fd81ff71d7ce8718d4baa1ea404f1ce57284526ef5541cfe131843ec5114f9880286ca19b48a3531c252bf61a3db4d60
-
Filesize
72KB
MD51a42ba96be4ec3edc65fd0a050bcb3d2
SHA1c44504edd67f52e5b02b9bc549a2e94e2d152f37
SHA256773081a12076e79616258d9eaa89d7136363bd801e95f82103e3b12afdf7ae71
SHA5126cb63a6a14152386858503513e02f689fd81ff71d7ce8718d4baa1ea404f1ce57284526ef5541cfe131843ec5114f9880286ca19b48a3531c252bf61a3db4d60
-
Filesize
72KB
MD52c5f34c239d3f50deefa2a4b5b833547
SHA1ec4ba6d0f30cccb673b550b462c85c6daaaad40a
SHA256c763e4c997b6b654876dd4fcca71422e9bb12eb0e6a3178463f5372a3e49e839
SHA5124f627fbf3c1982fff8cd0d4bb49ee4559f36d3aeae48ddef371be4b73cfc9cdd16a037535ca8d5e86916b81fedd956db01ffe46c53cf33d192d5091920c1436a
-
Filesize
72KB
MD52c5f34c239d3f50deefa2a4b5b833547
SHA1ec4ba6d0f30cccb673b550b462c85c6daaaad40a
SHA256c763e4c997b6b654876dd4fcca71422e9bb12eb0e6a3178463f5372a3e49e839
SHA5124f627fbf3c1982fff8cd0d4bb49ee4559f36d3aeae48ddef371be4b73cfc9cdd16a037535ca8d5e86916b81fedd956db01ffe46c53cf33d192d5091920c1436a
-
Filesize
72KB
MD5285f2eb8077a1fae88b0a7c2eafc3883
SHA1f9cf03a716c3ad9562f0708539ecb208953548aa
SHA256410555004f28655e05eebce242bfc0935f84408ee960caa35df97acf48da9a4f
SHA512b670d7894ef461ee8178c34a7bb4941e373f660cbf5fa580362e69c771914e9358d5a8c0fa664784af29fe098b3b9db17597f1f27c6c974dd9ba0c6727fdc0cb
-
Filesize
72KB
MD5285f2eb8077a1fae88b0a7c2eafc3883
SHA1f9cf03a716c3ad9562f0708539ecb208953548aa
SHA256410555004f28655e05eebce242bfc0935f84408ee960caa35df97acf48da9a4f
SHA512b670d7894ef461ee8178c34a7bb4941e373f660cbf5fa580362e69c771914e9358d5a8c0fa664784af29fe098b3b9db17597f1f27c6c974dd9ba0c6727fdc0cb
-
Filesize
72KB
MD51a42ba96be4ec3edc65fd0a050bcb3d2
SHA1c44504edd67f52e5b02b9bc549a2e94e2d152f37
SHA256773081a12076e79616258d9eaa89d7136363bd801e95f82103e3b12afdf7ae71
SHA5126cb63a6a14152386858503513e02f689fd81ff71d7ce8718d4baa1ea404f1ce57284526ef5541cfe131843ec5114f9880286ca19b48a3531c252bf61a3db4d60
-
Filesize
72KB
MD51a42ba96be4ec3edc65fd0a050bcb3d2
SHA1c44504edd67f52e5b02b9bc549a2e94e2d152f37
SHA256773081a12076e79616258d9eaa89d7136363bd801e95f82103e3b12afdf7ae71
SHA5126cb63a6a14152386858503513e02f689fd81ff71d7ce8718d4baa1ea404f1ce57284526ef5541cfe131843ec5114f9880286ca19b48a3531c252bf61a3db4d60
-
Filesize
72KB
MD5285f2eb8077a1fae88b0a7c2eafc3883
SHA1f9cf03a716c3ad9562f0708539ecb208953548aa
SHA256410555004f28655e05eebce242bfc0935f84408ee960caa35df97acf48da9a4f
SHA512b670d7894ef461ee8178c34a7bb4941e373f660cbf5fa580362e69c771914e9358d5a8c0fa664784af29fe098b3b9db17597f1f27c6c974dd9ba0c6727fdc0cb
-
Filesize
72KB
MD5285f2eb8077a1fae88b0a7c2eafc3883
SHA1f9cf03a716c3ad9562f0708539ecb208953548aa
SHA256410555004f28655e05eebce242bfc0935f84408ee960caa35df97acf48da9a4f
SHA512b670d7894ef461ee8178c34a7bb4941e373f660cbf5fa580362e69c771914e9358d5a8c0fa664784af29fe098b3b9db17597f1f27c6c974dd9ba0c6727fdc0cb
-
Filesize
72KB
MD5285f2eb8077a1fae88b0a7c2eafc3883
SHA1f9cf03a716c3ad9562f0708539ecb208953548aa
SHA256410555004f28655e05eebce242bfc0935f84408ee960caa35df97acf48da9a4f
SHA512b670d7894ef461ee8178c34a7bb4941e373f660cbf5fa580362e69c771914e9358d5a8c0fa664784af29fe098b3b9db17597f1f27c6c974dd9ba0c6727fdc0cb
-
Filesize
72KB
MD506a7e7d60e42c4f21512d57b611c3846
SHA1701c4bcf4b17e202aa7d8dc7a96e31f07341c0c2
SHA25678cb5a04a71edc2a69a38196a3220434355de60243b7ee4f8d7601ca1f797ccf
SHA51228b17761de360fcdf4781cf990d8cd020901ad92e97c8a8b058725292bf324eb0575d519f4a6c92d9702726210d0a861e40b297a192a0d24c783a473170960fe
-
Filesize
72KB
MD506a7e7d60e42c4f21512d57b611c3846
SHA1701c4bcf4b17e202aa7d8dc7a96e31f07341c0c2
SHA25678cb5a04a71edc2a69a38196a3220434355de60243b7ee4f8d7601ca1f797ccf
SHA51228b17761de360fcdf4781cf990d8cd020901ad92e97c8a8b058725292bf324eb0575d519f4a6c92d9702726210d0a861e40b297a192a0d24c783a473170960fe
-
Filesize
72KB
MD5887b1f90c477fc56bf21515a670b2485
SHA1564b6319ab2e1fe8c51f9a111cdf587b051616bf
SHA2568236bf3a5c54c6713a94b4be37041affbaa4b7c20e9455279dd8d4de66ec7281
SHA512418424164efe062b4e47a29282d02045e3d516bb2fe272c55bc4cc6e88d5cc9d3f191c93eb8a9901acc0f5522596820f2df9c12daaf3d4605e357911dda3a256
-
Filesize
72KB
MD5887b1f90c477fc56bf21515a670b2485
SHA1564b6319ab2e1fe8c51f9a111cdf587b051616bf
SHA2568236bf3a5c54c6713a94b4be37041affbaa4b7c20e9455279dd8d4de66ec7281
SHA512418424164efe062b4e47a29282d02045e3d516bb2fe272c55bc4cc6e88d5cc9d3f191c93eb8a9901acc0f5522596820f2df9c12daaf3d4605e357911dda3a256
-
Filesize
72KB
MD5a2a5a65db548690ddbe752392d40784f
SHA1519e3bc4105c5ceb8ddcebbd2940890e6955543c
SHA256630efaf587cabdf277826d73100dc548950795494f4dc47a9d4768377c105bc8
SHA5126e0bab740217b0fa50bde69445ae666d5cc28eae6df7a646e0cca314375e0127baafb30ed01a35509382f385d5a2df661bbed346345a1f8c895a3942d982b7f4
-
Filesize
72KB
MD5a2a5a65db548690ddbe752392d40784f
SHA1519e3bc4105c5ceb8ddcebbd2940890e6955543c
SHA256630efaf587cabdf277826d73100dc548950795494f4dc47a9d4768377c105bc8
SHA5126e0bab740217b0fa50bde69445ae666d5cc28eae6df7a646e0cca314375e0127baafb30ed01a35509382f385d5a2df661bbed346345a1f8c895a3942d982b7f4
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD5a2a5a65db548690ddbe752392d40784f
SHA1519e3bc4105c5ceb8ddcebbd2940890e6955543c
SHA256630efaf587cabdf277826d73100dc548950795494f4dc47a9d4768377c105bc8
SHA5126e0bab740217b0fa50bde69445ae666d5cc28eae6df7a646e0cca314375e0127baafb30ed01a35509382f385d5a2df661bbed346345a1f8c895a3942d982b7f4
-
Filesize
72KB
MD5a2a5a65db548690ddbe752392d40784f
SHA1519e3bc4105c5ceb8ddcebbd2940890e6955543c
SHA256630efaf587cabdf277826d73100dc548950795494f4dc47a9d4768377c105bc8
SHA5126e0bab740217b0fa50bde69445ae666d5cc28eae6df7a646e0cca314375e0127baafb30ed01a35509382f385d5a2df661bbed346345a1f8c895a3942d982b7f4
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
72KB
MD55c19cd1e9be8e4581eefed61ddaab4cb
SHA1454768474ce47b44cdd3f4b223eb6360c733fbcb
SHA256170554fd9632a8e51858cb746a6c5c268f22b82070db666a16e4391a360a3cd2
SHA51255943a047c9c96951f512c2cfa79ce000b9994d9b0d076e17df619750d35dfcb863d1759412316580129137694df6262c5316ebf8463619c27925aa24d0c9001
-
Filesize
8KB
-
Filesize
8KB