Analysis
-
max time kernel
156s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
06/11/2022, 12:39
General
-
Target
501824f2ac8afbb811cf206f4be7e619ddd81a03e18cf327a21b70316dff8d39.exe
-
Size
72KB
-
MD5
0e468934202c06e9c435b7971605babe
-
SHA1
8f906b324fa119331fa72c0166556d9bfd05e4e4
-
SHA256
501824f2ac8afbb811cf206f4be7e619ddd81a03e18cf327a21b70316dff8d39
-
SHA512
e6cd8f18e6b51cfe9426aaa72c966bec3d364e715259498e282f56fd2de4063bc97541b039ad47f81c3d7fd3ff48505c65a33fb0eea2d45d9d6c9e122383c67d
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2c:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrA
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\501824f2ac8afbb811cf206f4be7e619ddd81a03e18cf327a21b70316dff8d39.exe"C:\Users\Admin\AppData\Local\Temp\501824f2ac8afbb811cf206f4be7e619ddd81a03e18cf327a21b70316dff8d39.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\1719523609\backup.exeC:\Users\Admin\AppData\Local\Temp\1719523609\backup.exe C:\Users\Admin\AppData\Local\Temp\1719523609\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\System Restore.exe"C:\Program Files\Common Files\microsoft shared\System Restore.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\data.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\data.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\update.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\update.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\data.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\data.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\update.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\update.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pl-PL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-BR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ro-RO\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\ro-RO\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\ro-RO\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-PT\update.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-PT\update.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-PT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ru-RU\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sk-SK\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sl-SI\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\System Restore.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\System Restore.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\9⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\data.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\data.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files\Google\System Restore.exe"C:\Program Files\Google\System Restore.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- System policy modification
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
- System policy modification
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\data.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\data.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
-
-
-
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- Drops file in Program Files directory
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\9⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\10⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\9⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\update.exe"C:\Program Files (x86)\Common Files\Adobe\update.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\10⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\10⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\data.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\data.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\data.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\data.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\8⤵
-
-
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
- System policy modification
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\update.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\update.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\9⤵
-
-
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
-
C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\8⤵
-
-
-
-
-
-
C:\Users\data.exeC:\Users\data.exe C:\Users\4⤵
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\update.exeC:\Users\Admin\Documents\update.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- System policy modification
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Music\data.exeC:\Users\Admin\Music\data.exe C:\Users\Admin\Music\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- System policy modification
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
- System policy modification
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
- Disables RegEdit via registry modification
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
- System policy modification
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\update.exeC:\Windows\appcompat\appraiser\update.exe C:\Windows\appcompat\appraiser\6⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
-
-
-
C:\Windows\appcompat\encapsulation\update.exeC:\Windows\appcompat\encapsulation\update.exe C:\Windows\appcompat\encapsulation\6⤵
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
- Disables RegEdit via registry modification
-
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
-
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\1⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\1⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\1⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\1⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\1⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\2⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\2⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\2⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\1⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\1⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\1⤵
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\1⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\1⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\2⤵
- Drops file in Program Files directory
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\1⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\2⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\2⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\2⤵
- Disables RegEdit via registry modification
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD554b031d516b835a270f466bdfb1fd8e7
SHA18992460339f6a00b7cedf392c3607fe4b3e56377
SHA2561442eee7ce052ee3405bd3ff53c351ae4f753921d4ff3d9ca465c8f65240a961
SHA512111cfacad8fcfad466259eefe897bb2fde289b0f07f5e37e38302b8e2bd204ae81dba47da2d31bb0fc65435f8c92aa8e21af2973b6c52f553e0b394f48cd0696
-
Filesize
72KB
MD554b031d516b835a270f466bdfb1fd8e7
SHA18992460339f6a00b7cedf392c3607fe4b3e56377
SHA2561442eee7ce052ee3405bd3ff53c351ae4f753921d4ff3d9ca465c8f65240a961
SHA512111cfacad8fcfad466259eefe897bb2fde289b0f07f5e37e38302b8e2bd204ae81dba47da2d31bb0fc65435f8c92aa8e21af2973b6c52f553e0b394f48cd0696
-
Filesize
72KB
MD50f94e8262586f0f00aa4575f5c9cd84e
SHA1989c98ebfbdbbae11015b84dfcc5291f0b65549c
SHA256c538f7310052d6e1b79751e2a667c064276f3b0a6c0804c71cb0f1fef8bf86d2
SHA512a6b4a445323803801fe5a33a288f946df2f119993f2ba2634bcc6b27db511ab2174a34ad386b90068c4fd901b27a6fa796c033f01b2b4f1dd60bef6060691dc3
-
Filesize
72KB
MD50f94e8262586f0f00aa4575f5c9cd84e
SHA1989c98ebfbdbbae11015b84dfcc5291f0b65549c
SHA256c538f7310052d6e1b79751e2a667c064276f3b0a6c0804c71cb0f1fef8bf86d2
SHA512a6b4a445323803801fe5a33a288f946df2f119993f2ba2634bcc6b27db511ab2174a34ad386b90068c4fd901b27a6fa796c033f01b2b4f1dd60bef6060691dc3
-
Filesize
72KB
MD5941adadd41e01bd8f01ca1619d6e0669
SHA1c793a1515d3d801bd7bbe4b78c0369c749e12f1c
SHA2560dedb7fad09091b1883ceb87d2bfa1135f68cfbaf3d00655fce9e027502f7522
SHA5129aa0d845e21482a829a8556cd5819e51224f95cf7a27e37e9318320f24f7edf6866719b8941ec20c4663fdddaf241b0f2bbd4e077a27933588447d5d69cdcb44
-
Filesize
72KB
MD5941adadd41e01bd8f01ca1619d6e0669
SHA1c793a1515d3d801bd7bbe4b78c0369c749e12f1c
SHA2560dedb7fad09091b1883ceb87d2bfa1135f68cfbaf3d00655fce9e027502f7522
SHA5129aa0d845e21482a829a8556cd5819e51224f95cf7a27e37e9318320f24f7edf6866719b8941ec20c4663fdddaf241b0f2bbd4e077a27933588447d5d69cdcb44
-
Filesize
72KB
MD5e08d30b589620f79ecd33f2bbdbd4e95
SHA196fbf87f1113cfbfd50fcf5735f62873c56fc6e0
SHA2560060c8e76ab05bfe61cebf6a847efc10a40459979887efa2b29575717ee8a64c
SHA512448a2a3db75b5ebe2f9d277d6fa039352ca302f5cc8d6d111864859bbed3eef4698ff45d825aaa9fa93139aba3494fae0fa7551019057bbe253a2a7e9bf7595e
-
Filesize
72KB
MD5e08d30b589620f79ecd33f2bbdbd4e95
SHA196fbf87f1113cfbfd50fcf5735f62873c56fc6e0
SHA2560060c8e76ab05bfe61cebf6a847efc10a40459979887efa2b29575717ee8a64c
SHA512448a2a3db75b5ebe2f9d277d6fa039352ca302f5cc8d6d111864859bbed3eef4698ff45d825aaa9fa93139aba3494fae0fa7551019057bbe253a2a7e9bf7595e
-
Filesize
72KB
MD54420de4aac0611cdd2934ba3191a0411
SHA11903882d6e8548fd15dfffec0ae881d2df249133
SHA2560fd00b6b274905226990b1ce6aeb6356be9678789cc90f810675e6551cf378c7
SHA512b795030541e848ee00ef2fbeae5261913dc538eda4b2ac6f99d1ecdcc2e84b8e28b6f4aef1816dedd0ab917e4a8349ff9fc22f2253129df10e9be2a181bb2ece
-
Filesize
72KB
MD54420de4aac0611cdd2934ba3191a0411
SHA11903882d6e8548fd15dfffec0ae881d2df249133
SHA2560fd00b6b274905226990b1ce6aeb6356be9678789cc90f810675e6551cf378c7
SHA512b795030541e848ee00ef2fbeae5261913dc538eda4b2ac6f99d1ecdcc2e84b8e28b6f4aef1816dedd0ab917e4a8349ff9fc22f2253129df10e9be2a181bb2ece
-
Filesize
72KB
MD5bf08771d47586e78e1b7aaef768f07c6
SHA13fd2585d2ed715ab50eedfc23ca932930338aff8
SHA2561769f92999811ed7443db079d17eed1eb2b886ac89b7b5d00edb436a1607a8cf
SHA512bfcf7c34accd01e924ee55a3ec4e2ac1bde5080a3a54eaebabbdd6b5b1b3fe36e7e62cb8c8d3393ee7f669afe41d395875bf5502e60fb773b459b40d9a96bff3
-
Filesize
72KB
MD5bf08771d47586e78e1b7aaef768f07c6
SHA13fd2585d2ed715ab50eedfc23ca932930338aff8
SHA2561769f92999811ed7443db079d17eed1eb2b886ac89b7b5d00edb436a1607a8cf
SHA512bfcf7c34accd01e924ee55a3ec4e2ac1bde5080a3a54eaebabbdd6b5b1b3fe36e7e62cb8c8d3393ee7f669afe41d395875bf5502e60fb773b459b40d9a96bff3
-
Filesize
72KB
MD58a2eb97eab3b4098cc06848f0391eeff
SHA1a5522892b1978809d1390dfbc7fc7ca29d136e26
SHA2560b79664c420587ff1aecee1acd3c28cdcc749d04c26d77954b306b4370bc07cf
SHA5127a2027d5dec24b25177f1450f030052aa6253b963437084104a04105d87cba3dafa6a409c8efbf723b945e9645a6a9d90dd207a930e64c5364305f108e9e91e2
-
Filesize
72KB
MD58a2eb97eab3b4098cc06848f0391eeff
SHA1a5522892b1978809d1390dfbc7fc7ca29d136e26
SHA2560b79664c420587ff1aecee1acd3c28cdcc749d04c26d77954b306b4370bc07cf
SHA5127a2027d5dec24b25177f1450f030052aa6253b963437084104a04105d87cba3dafa6a409c8efbf723b945e9645a6a9d90dd207a930e64c5364305f108e9e91e2
-
Filesize
72KB
MD55312293c9060feeec911dbae3f8b2b26
SHA19b9088ceed6681f6ed9e73486d78f3235661c7bc
SHA2562df22d003cc3b29048547584b4411d8227cbe5e3d459e6dc176b28f368faf23f
SHA512f18af953708559a89c5b217272d874322b4b20fcdcef66ca2f007e222c348897090681e4a329f0e06331fbd5d157ba93651fbb158b4fb3efd79e197933f6979d
-
Filesize
72KB
MD55312293c9060feeec911dbae3f8b2b26
SHA19b9088ceed6681f6ed9e73486d78f3235661c7bc
SHA2562df22d003cc3b29048547584b4411d8227cbe5e3d459e6dc176b28f368faf23f
SHA512f18af953708559a89c5b217272d874322b4b20fcdcef66ca2f007e222c348897090681e4a329f0e06331fbd5d157ba93651fbb158b4fb3efd79e197933f6979d
-
Filesize
72KB
MD5bf08771d47586e78e1b7aaef768f07c6
SHA13fd2585d2ed715ab50eedfc23ca932930338aff8
SHA2561769f92999811ed7443db079d17eed1eb2b886ac89b7b5d00edb436a1607a8cf
SHA512bfcf7c34accd01e924ee55a3ec4e2ac1bde5080a3a54eaebabbdd6b5b1b3fe36e7e62cb8c8d3393ee7f669afe41d395875bf5502e60fb773b459b40d9a96bff3
-
Filesize
72KB
MD5bf08771d47586e78e1b7aaef768f07c6
SHA13fd2585d2ed715ab50eedfc23ca932930338aff8
SHA2561769f92999811ed7443db079d17eed1eb2b886ac89b7b5d00edb436a1607a8cf
SHA512bfcf7c34accd01e924ee55a3ec4e2ac1bde5080a3a54eaebabbdd6b5b1b3fe36e7e62cb8c8d3393ee7f669afe41d395875bf5502e60fb773b459b40d9a96bff3
-
Filesize
72KB
MD5bd712f6cb90937f7ecd401bbfc99dbad
SHA1b46344a4fc72d7a9f9c023945e48050a1b8f1687
SHA256d4e9c75bc9a309a727fb232f788bdd3111b0fac0f4a2c39c441b268a6c8902ea
SHA5124b015d0d068d794d297d33712aa546e21ddb2aa6975fae18b7cd9874c7313bfb49af49f98f16f116a855040502c262522990f9f8868d703ec7e39524cb6a3ffe
-
Filesize
72KB
MD5bd712f6cb90937f7ecd401bbfc99dbad
SHA1b46344a4fc72d7a9f9c023945e48050a1b8f1687
SHA256d4e9c75bc9a309a727fb232f788bdd3111b0fac0f4a2c39c441b268a6c8902ea
SHA5124b015d0d068d794d297d33712aa546e21ddb2aa6975fae18b7cd9874c7313bfb49af49f98f16f116a855040502c262522990f9f8868d703ec7e39524cb6a3ffe
-
Filesize
72KB
MD5842a3817fb4f9058ae0fcb9d0d8a2dd6
SHA1764ab3becfd2336a24c713dae9d4c3cb85ec1d52
SHA2561cdbcd86580740470ecb77f31020555084e421b3e9c160016a4ff197c37a978c
SHA5125a90ff09a5a2149ac16188f22dbfd19da8095b45ea693f439536d0a70db0e83817e308091993b1a9928cbd2b3940e808bb72f455c4ebd2da7e0ea9f8341fc8e7
-
Filesize
72KB
MD5842a3817fb4f9058ae0fcb9d0d8a2dd6
SHA1764ab3becfd2336a24c713dae9d4c3cb85ec1d52
SHA2561cdbcd86580740470ecb77f31020555084e421b3e9c160016a4ff197c37a978c
SHA5125a90ff09a5a2149ac16188f22dbfd19da8095b45ea693f439536d0a70db0e83817e308091993b1a9928cbd2b3940e808bb72f455c4ebd2da7e0ea9f8341fc8e7
-
Filesize
72KB
MD5e64ef7199895209fdc91d0c97d6aee88
SHA15a1376b01d4f161969dd8a00ab616c30c7556960
SHA25692a2241ea2385553bc49bc07b4e0e057af4aac825712f141f90713cbdd62c5d2
SHA51210eb4e125b272b579bb49165db04cfd3e7f40c327722e58171114d902cf762b1da53c912198cf5deb3c70121d5af6ffcaf120871a5d1e342956d992335fd8263
-
Filesize
72KB
MD5e64ef7199895209fdc91d0c97d6aee88
SHA15a1376b01d4f161969dd8a00ab616c30c7556960
SHA25692a2241ea2385553bc49bc07b4e0e057af4aac825712f141f90713cbdd62c5d2
SHA51210eb4e125b272b579bb49165db04cfd3e7f40c327722e58171114d902cf762b1da53c912198cf5deb3c70121d5af6ffcaf120871a5d1e342956d992335fd8263
-
Filesize
72KB
MD5e64ef7199895209fdc91d0c97d6aee88
SHA15a1376b01d4f161969dd8a00ab616c30c7556960
SHA25692a2241ea2385553bc49bc07b4e0e057af4aac825712f141f90713cbdd62c5d2
SHA51210eb4e125b272b579bb49165db04cfd3e7f40c327722e58171114d902cf762b1da53c912198cf5deb3c70121d5af6ffcaf120871a5d1e342956d992335fd8263
-
Filesize
72KB
MD5e64ef7199895209fdc91d0c97d6aee88
SHA15a1376b01d4f161969dd8a00ab616c30c7556960
SHA25692a2241ea2385553bc49bc07b4e0e057af4aac825712f141f90713cbdd62c5d2
SHA51210eb4e125b272b579bb49165db04cfd3e7f40c327722e58171114d902cf762b1da53c912198cf5deb3c70121d5af6ffcaf120871a5d1e342956d992335fd8263
-
Filesize
72KB
MD5e64ef7199895209fdc91d0c97d6aee88
SHA15a1376b01d4f161969dd8a00ab616c30c7556960
SHA25692a2241ea2385553bc49bc07b4e0e057af4aac825712f141f90713cbdd62c5d2
SHA51210eb4e125b272b579bb49165db04cfd3e7f40c327722e58171114d902cf762b1da53c912198cf5deb3c70121d5af6ffcaf120871a5d1e342956d992335fd8263
-
Filesize
72KB
MD5e64ef7199895209fdc91d0c97d6aee88
SHA15a1376b01d4f161969dd8a00ab616c30c7556960
SHA25692a2241ea2385553bc49bc07b4e0e057af4aac825712f141f90713cbdd62c5d2
SHA51210eb4e125b272b579bb49165db04cfd3e7f40c327722e58171114d902cf762b1da53c912198cf5deb3c70121d5af6ffcaf120871a5d1e342956d992335fd8263
-
Filesize
72KB
MD550afee4eafdafd4e403db533cb5a49e7
SHA1ec24d5f5d03ecae24b21bbe4438379fcbcfeac16
SHA256b0aa186770668c75b9f87ce33d52ce0cc8bc6fd5e188a21bc6e832c179cdc137
SHA512b5fd3b726e600569174aeb5a31b283feaddd575fd633d6fc19f1449cefafa36171d246601533dae78cf72ec75a4fa14448af4cb2a5e27abcb6a7f02a664433fd
-
Filesize
72KB
MD550afee4eafdafd4e403db533cb5a49e7
SHA1ec24d5f5d03ecae24b21bbe4438379fcbcfeac16
SHA256b0aa186770668c75b9f87ce33d52ce0cc8bc6fd5e188a21bc6e832c179cdc137
SHA512b5fd3b726e600569174aeb5a31b283feaddd575fd633d6fc19f1449cefafa36171d246601533dae78cf72ec75a4fa14448af4cb2a5e27abcb6a7f02a664433fd
-
Filesize
72KB
MD550afee4eafdafd4e403db533cb5a49e7
SHA1ec24d5f5d03ecae24b21bbe4438379fcbcfeac16
SHA256b0aa186770668c75b9f87ce33d52ce0cc8bc6fd5e188a21bc6e832c179cdc137
SHA512b5fd3b726e600569174aeb5a31b283feaddd575fd633d6fc19f1449cefafa36171d246601533dae78cf72ec75a4fa14448af4cb2a5e27abcb6a7f02a664433fd
-
Filesize
72KB
MD550afee4eafdafd4e403db533cb5a49e7
SHA1ec24d5f5d03ecae24b21bbe4438379fcbcfeac16
SHA256b0aa186770668c75b9f87ce33d52ce0cc8bc6fd5e188a21bc6e832c179cdc137
SHA512b5fd3b726e600569174aeb5a31b283feaddd575fd633d6fc19f1449cefafa36171d246601533dae78cf72ec75a4fa14448af4cb2a5e27abcb6a7f02a664433fd
-
Filesize
72KB
MD550afee4eafdafd4e403db533cb5a49e7
SHA1ec24d5f5d03ecae24b21bbe4438379fcbcfeac16
SHA256b0aa186770668c75b9f87ce33d52ce0cc8bc6fd5e188a21bc6e832c179cdc137
SHA512b5fd3b726e600569174aeb5a31b283feaddd575fd633d6fc19f1449cefafa36171d246601533dae78cf72ec75a4fa14448af4cb2a5e27abcb6a7f02a664433fd
-
Filesize
72KB
MD550afee4eafdafd4e403db533cb5a49e7
SHA1ec24d5f5d03ecae24b21bbe4438379fcbcfeac16
SHA256b0aa186770668c75b9f87ce33d52ce0cc8bc6fd5e188a21bc6e832c179cdc137
SHA512b5fd3b726e600569174aeb5a31b283feaddd575fd633d6fc19f1449cefafa36171d246601533dae78cf72ec75a4fa14448af4cb2a5e27abcb6a7f02a664433fd
-
Filesize
72KB
MD55abd82772bf863158ba48cf94b1b150c
SHA17e30a970274cb746c1e1bbf0149fbe1d028029c8
SHA256becbd5145feb68dc8fbe1c6ee213a4ca81e1ba28d238ff2ab25fd3d410e08a13
SHA512a62621bb274642fe4ad3eb0866f0dfe3d7b66d455997bca21c40b90111985e94c4f3828810bb91e5ac09ac1d52d647abc442b350b33d92c10b5bac42d47a609c
-
Filesize
72KB
MD55abd82772bf863158ba48cf94b1b150c
SHA17e30a970274cb746c1e1bbf0149fbe1d028029c8
SHA256becbd5145feb68dc8fbe1c6ee213a4ca81e1ba28d238ff2ab25fd3d410e08a13
SHA512a62621bb274642fe4ad3eb0866f0dfe3d7b66d455997bca21c40b90111985e94c4f3828810bb91e5ac09ac1d52d647abc442b350b33d92c10b5bac42d47a609c
-
Filesize
72KB
MD51b1b8badc7fb648cc5da894571631b9a
SHA162834c6b394db59253411b99a26effc9927dc5ce
SHA256f263c4857a476ba56a6dc2522bbd9b16145b4cdaab59116e2a745eebbdb27a43
SHA51217c26981e0dbfa408515cc26e408577551a90f0da6bb0828435a6de62c7cd4f86058bc6902c4d11dafd4b32906670288237723d1ff097041fc4252d2645ca532
-
Filesize
72KB
MD51b1b8badc7fb648cc5da894571631b9a
SHA162834c6b394db59253411b99a26effc9927dc5ce
SHA256f263c4857a476ba56a6dc2522bbd9b16145b4cdaab59116e2a745eebbdb27a43
SHA51217c26981e0dbfa408515cc26e408577551a90f0da6bb0828435a6de62c7cd4f86058bc6902c4d11dafd4b32906670288237723d1ff097041fc4252d2645ca532
-
Filesize
72KB
MD5a6176b68aa168e89d0238e4d35e333a8
SHA1171572166ac60367c47c01ec7eeb94a9a28cf66e
SHA256f3c07d91e6342ad0e9be668277999a3a7352291a76b1d77384752c50e26d546e
SHA512da9689d9d17ab2caf7c4bec2212d0e1eb77a6b9f8d8c388a4f123d330f7ea8d638e21ac81d88c04330fb5081ad43cfab5c3c4164874943d60ff2a4753e34258d
-
Filesize
72KB
MD5a6176b68aa168e89d0238e4d35e333a8
SHA1171572166ac60367c47c01ec7eeb94a9a28cf66e
SHA256f3c07d91e6342ad0e9be668277999a3a7352291a76b1d77384752c50e26d546e
SHA512da9689d9d17ab2caf7c4bec2212d0e1eb77a6b9f8d8c388a4f123d330f7ea8d638e21ac81d88c04330fb5081ad43cfab5c3c4164874943d60ff2a4753e34258d
-
Filesize
72KB
MD5a6176b68aa168e89d0238e4d35e333a8
SHA1171572166ac60367c47c01ec7eeb94a9a28cf66e
SHA256f3c07d91e6342ad0e9be668277999a3a7352291a76b1d77384752c50e26d546e
SHA512da9689d9d17ab2caf7c4bec2212d0e1eb77a6b9f8d8c388a4f123d330f7ea8d638e21ac81d88c04330fb5081ad43cfab5c3c4164874943d60ff2a4753e34258d
-
Filesize
72KB
MD5a6176b68aa168e89d0238e4d35e333a8
SHA1171572166ac60367c47c01ec7eeb94a9a28cf66e
SHA256f3c07d91e6342ad0e9be668277999a3a7352291a76b1d77384752c50e26d546e
SHA512da9689d9d17ab2caf7c4bec2212d0e1eb77a6b9f8d8c388a4f123d330f7ea8d638e21ac81d88c04330fb5081ad43cfab5c3c4164874943d60ff2a4753e34258d
-
Filesize
72KB
MD5a6176b68aa168e89d0238e4d35e333a8
SHA1171572166ac60367c47c01ec7eeb94a9a28cf66e
SHA256f3c07d91e6342ad0e9be668277999a3a7352291a76b1d77384752c50e26d546e
SHA512da9689d9d17ab2caf7c4bec2212d0e1eb77a6b9f8d8c388a4f123d330f7ea8d638e21ac81d88c04330fb5081ad43cfab5c3c4164874943d60ff2a4753e34258d
-
Filesize
72KB
MD5a6176b68aa168e89d0238e4d35e333a8
SHA1171572166ac60367c47c01ec7eeb94a9a28cf66e
SHA256f3c07d91e6342ad0e9be668277999a3a7352291a76b1d77384752c50e26d546e
SHA512da9689d9d17ab2caf7c4bec2212d0e1eb77a6b9f8d8c388a4f123d330f7ea8d638e21ac81d88c04330fb5081ad43cfab5c3c4164874943d60ff2a4753e34258d
-
Filesize
72KB
MD5b563999ef65b3397a1da95bbf5695e29
SHA1f69d3941158c06f460b93df0b1abf29c3aa68e04
SHA256d5fa1fb5bda739918a164251079fe61c0aeb7d6c6e60b2f1fc5587f8373926e8
SHA512f07dc10382708b36489d6c3f8b66fbb6678f1c7ae33cecd2319fac6863b41ab3e267471e124226edbc163519fba27fe2c1d65714231b165c494245ffd191df1f
-
Filesize
72KB
MD5b563999ef65b3397a1da95bbf5695e29
SHA1f69d3941158c06f460b93df0b1abf29c3aa68e04
SHA256d5fa1fb5bda739918a164251079fe61c0aeb7d6c6e60b2f1fc5587f8373926e8
SHA512f07dc10382708b36489d6c3f8b66fbb6678f1c7ae33cecd2319fac6863b41ab3e267471e124226edbc163519fba27fe2c1d65714231b165c494245ffd191df1f
-
Filesize
72KB
MD597004e6f03c940e1f3adc2af7acc2111
SHA1e579d61e82f2af16a392c409e8caff1459162fe2
SHA256a166492c5cfa2a98c003895202ed69e739fc2d2c8e9738a38decf52ebe07c8e8
SHA512d9476180665fefda2e9d92086764482feff7ca16284cd9b1e21256d99524f106bd47a2f0187d506d5cbcee2703e89cecdea2fa2cc9f02481cc933b638d16fcc9
-
Filesize
72KB
MD597004e6f03c940e1f3adc2af7acc2111
SHA1e579d61e82f2af16a392c409e8caff1459162fe2
SHA256a166492c5cfa2a98c003895202ed69e739fc2d2c8e9738a38decf52ebe07c8e8
SHA512d9476180665fefda2e9d92086764482feff7ca16284cd9b1e21256d99524f106bd47a2f0187d506d5cbcee2703e89cecdea2fa2cc9f02481cc933b638d16fcc9
-
Filesize
72KB
MD5d8b172ec388a43df8b2df48e586b2c5e
SHA16e5aa76821f408e448b5e49ae38362ad0ca01fd2
SHA2565ca684ab2c2d685596401abd02a26574c374850515823079acd12eddda8684bf
SHA51219bd4ab539b41d27f30de0597930312724b2f2f0feb4d799b383fceb13322511fae29f6aa89f39ab3e4ae1609d3a4fa4ae0eca33d1755f46d756324250ba0d3c
-
Filesize
72KB
MD5d8b172ec388a43df8b2df48e586b2c5e
SHA16e5aa76821f408e448b5e49ae38362ad0ca01fd2
SHA2565ca684ab2c2d685596401abd02a26574c374850515823079acd12eddda8684bf
SHA51219bd4ab539b41d27f30de0597930312724b2f2f0feb4d799b383fceb13322511fae29f6aa89f39ab3e4ae1609d3a4fa4ae0eca33d1755f46d756324250ba0d3c
-
Filesize
72KB
MD5d8b172ec388a43df8b2df48e586b2c5e
SHA16e5aa76821f408e448b5e49ae38362ad0ca01fd2
SHA2565ca684ab2c2d685596401abd02a26574c374850515823079acd12eddda8684bf
SHA51219bd4ab539b41d27f30de0597930312724b2f2f0feb4d799b383fceb13322511fae29f6aa89f39ab3e4ae1609d3a4fa4ae0eca33d1755f46d756324250ba0d3c
-
Filesize
72KB
MD5d8b172ec388a43df8b2df48e586b2c5e
SHA16e5aa76821f408e448b5e49ae38362ad0ca01fd2
SHA2565ca684ab2c2d685596401abd02a26574c374850515823079acd12eddda8684bf
SHA51219bd4ab539b41d27f30de0597930312724b2f2f0feb4d799b383fceb13322511fae29f6aa89f39ab3e4ae1609d3a4fa4ae0eca33d1755f46d756324250ba0d3c
-
Filesize
72KB
MD5d6bab3a1b4d0834256129b8bc74e297e
SHA12579dcf7a3ff374ca1d7c44d58eb31c87f83a725
SHA256c6d613d137adb60f352d7112aadefca2e54205d942548196aeb58ef52d4404cb
SHA5127f6e5e4f58f2b759e4d2212fc9f11569b101fa40a830e6cc2474b56f8b6ffa0f103c615d1c0dc1f0a687d348d79126340dc091a99d19bc5ee31e53ccee189461
-
Filesize
72KB
MD5d6bab3a1b4d0834256129b8bc74e297e
SHA12579dcf7a3ff374ca1d7c44d58eb31c87f83a725
SHA256c6d613d137adb60f352d7112aadefca2e54205d942548196aeb58ef52d4404cb
SHA5127f6e5e4f58f2b759e4d2212fc9f11569b101fa40a830e6cc2474b56f8b6ffa0f103c615d1c0dc1f0a687d348d79126340dc091a99d19bc5ee31e53ccee189461
-
Filesize
72KB
MD5355bf998c7ca2d9b6eacdb80b674b03a
SHA18c67be5e9a004d86c3d19c75505d059d8ffe764e
SHA25613799eb290bdcb9c7dbdc856b7d81b54d017fca72650ccda60aa1df039a83f6e
SHA5129940b001513f8c99685bb069eca665d59fb9c419d74ebea75f5735591a107abccbbb1c9d6ae458073acc7ee9eef5a56a19624d5d29a86f8eab8d4c5f8c033564
-
Filesize
72KB
MD5355bf998c7ca2d9b6eacdb80b674b03a
SHA18c67be5e9a004d86c3d19c75505d059d8ffe764e
SHA25613799eb290bdcb9c7dbdc856b7d81b54d017fca72650ccda60aa1df039a83f6e
SHA5129940b001513f8c99685bb069eca665d59fb9c419d74ebea75f5735591a107abccbbb1c9d6ae458073acc7ee9eef5a56a19624d5d29a86f8eab8d4c5f8c033564
-
Filesize
72KB
MD5d8b172ec388a43df8b2df48e586b2c5e
SHA16e5aa76821f408e448b5e49ae38362ad0ca01fd2
SHA2565ca684ab2c2d685596401abd02a26574c374850515823079acd12eddda8684bf
SHA51219bd4ab539b41d27f30de0597930312724b2f2f0feb4d799b383fceb13322511fae29f6aa89f39ab3e4ae1609d3a4fa4ae0eca33d1755f46d756324250ba0d3c
-
Filesize
72KB
MD5d8b172ec388a43df8b2df48e586b2c5e
SHA16e5aa76821f408e448b5e49ae38362ad0ca01fd2
SHA2565ca684ab2c2d685596401abd02a26574c374850515823079acd12eddda8684bf
SHA51219bd4ab539b41d27f30de0597930312724b2f2f0feb4d799b383fceb13322511fae29f6aa89f39ab3e4ae1609d3a4fa4ae0eca33d1755f46d756324250ba0d3c
-
Filesize
72KB
MD5d6bab3a1b4d0834256129b8bc74e297e
SHA12579dcf7a3ff374ca1d7c44d58eb31c87f83a725
SHA256c6d613d137adb60f352d7112aadefca2e54205d942548196aeb58ef52d4404cb
SHA5127f6e5e4f58f2b759e4d2212fc9f11569b101fa40a830e6cc2474b56f8b6ffa0f103c615d1c0dc1f0a687d348d79126340dc091a99d19bc5ee31e53ccee189461
-
Filesize
72KB
MD5d6bab3a1b4d0834256129b8bc74e297e
SHA12579dcf7a3ff374ca1d7c44d58eb31c87f83a725
SHA256c6d613d137adb60f352d7112aadefca2e54205d942548196aeb58ef52d4404cb
SHA5127f6e5e4f58f2b759e4d2212fc9f11569b101fa40a830e6cc2474b56f8b6ffa0f103c615d1c0dc1f0a687d348d79126340dc091a99d19bc5ee31e53ccee189461
-
Filesize
72KB
MD5f847bf7c70d80712fef7221311ad85f0
SHA11f1215c72c03f9d3d78f4d61a0a31ef0e5874ff5
SHA256b92d2e704d24f25afa3296071caaca9623b2288edbc20020bb665daf92b7a338
SHA51216b50ced22111487c1a691cb4b6c60a849ad709b81453af11fa9ff39a0076d5429cdfa742be30ac0fa7bd95f80510826681eba19d1e637d768ddaf6ea780078a
-
Filesize
72KB
MD5f847bf7c70d80712fef7221311ad85f0
SHA11f1215c72c03f9d3d78f4d61a0a31ef0e5874ff5
SHA256b92d2e704d24f25afa3296071caaca9623b2288edbc20020bb665daf92b7a338
SHA51216b50ced22111487c1a691cb4b6c60a849ad709b81453af11fa9ff39a0076d5429cdfa742be30ac0fa7bd95f80510826681eba19d1e637d768ddaf6ea780078a
-
Filesize
72KB
MD554b031d516b835a270f466bdfb1fd8e7
SHA18992460339f6a00b7cedf392c3607fe4b3e56377
SHA2561442eee7ce052ee3405bd3ff53c351ae4f753921d4ff3d9ca465c8f65240a961
SHA512111cfacad8fcfad466259eefe897bb2fde289b0f07f5e37e38302b8e2bd204ae81dba47da2d31bb0fc65435f8c92aa8e21af2973b6c52f553e0b394f48cd0696
-
Filesize
72KB
MD554b031d516b835a270f466bdfb1fd8e7
SHA18992460339f6a00b7cedf392c3607fe4b3e56377
SHA2561442eee7ce052ee3405bd3ff53c351ae4f753921d4ff3d9ca465c8f65240a961
SHA512111cfacad8fcfad466259eefe897bb2fde289b0f07f5e37e38302b8e2bd204ae81dba47da2d31bb0fc65435f8c92aa8e21af2973b6c52f553e0b394f48cd0696