Analysis
-
max time kernel
160s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06-11-2022 12:40
Static task
static1
Behavioral task
behavioral1
Sample
46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe
Resource
win10v2004-20220812-en
General
-
Target
46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe
-
Size
72KB
-
MD5
0d32b76d80249c10ce935b8643dd1b7c
-
SHA1
c7429893ca99b561501f66578b41641785661f6f
-
SHA256
46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510
-
SHA512
00466f59b2e16bb6415b6f4b8143bf081c9cf48839d6476bac599feda857078ab4e53b3e290209270479534d30e1da8a91ea35aaf9b3b53e0e2cd6dc9a636d4a
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2Z:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrV
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" update.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" update.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" update.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" update.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" update.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" data.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" data.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" System Restore.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" update.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" update.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe -
Disables RegEdit via registry modification 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" System Restore.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" update.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" update.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" update.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" data.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" System Restore.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" update.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" data.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe -
Executes dropped EXE 64 IoCs
pid Process 112 backup.exe 1224 backup.exe 1348 backup.exe 948 backup.exe 1812 backup.exe 1776 backup.exe 1692 backup.exe 1664 backup.exe 1164 backup.exe 1548 backup.exe 1952 backup.exe 2028 data.exe 1280 update.exe 776 backup.exe 1928 backup.exe 740 backup.exe 1864 backup.exe 1752 backup.exe 1424 backup.exe 1152 backup.exe 1240 backup.exe 1460 backup.exe 1620 backup.exe 1780 backup.exe 2044 backup.exe 1228 backup.exe 1756 backup.exe 1508 backup.exe 1700 backup.exe 1776 backup.exe 560 backup.exe 1936 backup.exe 756 backup.exe 2016 backup.exe 1952 backup.exe 752 backup.exe 336 backup.exe 1268 backup.exe 612 backup.exe 648 backup.exe 1464 backup.exe 1632 backup.exe 920 backup.exe 1580 backup.exe 1732 backup.exe 604 backup.exe 1444 backup.exe 1324 update.exe 840 backup.exe 1096 backup.exe 1800 backup.exe 1784 data.exe 1616 backup.exe 1236 backup.exe 1560 backup.exe 912 backup.exe 1164 backup.exe 2024 backup.exe 1976 backup.exe 952 backup.exe 756 backup.exe 1768 backup.exe 2020 backup.exe 2028 backup.exe -
Loads dropped DLL 64 IoCs
pid Process 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 948 backup.exe 948 backup.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 1776 backup.exe 1776 backup.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 948 backup.exe 948 backup.exe 1548 backup.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 1548 backup.exe 2028 data.exe 1280 update.exe 1280 update.exe 1280 update.exe 1548 backup.exe 1548 backup.exe 776 backup.exe 776 backup.exe 1928 backup.exe 1928 backup.exe 1928 backup.exe 1928 backup.exe 1864 backup.exe 1864 backup.exe 1864 backup.exe 1864 backup.exe 1864 backup.exe 1864 backup.exe 948 backup.exe 948 backup.exe 1864 backup.exe 1864 backup.exe 1240 backup.exe 1864 backup.exe 1240 backup.exe 1864 backup.exe 1864 backup.exe 1864 backup.exe 1620 backup.exe 1620 backup.exe 1864 backup.exe 1864 backup.exe 1228 backup.exe 1228 backup.exe 1228 backup.exe 1228 backup.exe 1864 backup.exe 1864 backup.exe 1700 backup.exe 1700 backup.exe 1864 backup.exe 1864 backup.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Microsoft Office\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe backup.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe backup.exe File opened for modification C:\Program Files\DVD Maker\ja-JP\update.exe backup.exe File opened for modification C:\Program Files\Microsoft Office\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\update.exe backup.exe File opened for modification C:\Program Files\Common Files\Services\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\data.exe backup.exe File opened for modification C:\Program Files\Common Files\System\ado\it-IT\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\data.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Google\Update\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\SpeechEngines\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe backup.exe File opened for modification C:\Program Files\DVD Maker\fr-FR\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe backup.exe File opened for modification C:\Program Files\Java\jre7\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe backup.exe File opened for modification C:\Program Files\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\DESIGNER\backup.exe backup.exe File opened for modification C:\Program Files\DVD Maker\Shared\System Restore.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\System\fr-FR\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Google\Temp\data.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\System\en-US\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe backup.exe File opened for modification C:\Program Files\7-Zip\data.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\backup.exe backup.exe File opened for modification C:\Program Files\DVD Maker\es-ES\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Google\Policies\backup.exe backup.exe File opened for modification C:\Program Files\Internet Explorer\fr-FR\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe backup.exe File opened for modification C:\Program Files\Internet Explorer\images\backup.exe backup.exe File opened for modification C:\Program Files\Java\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe backup.exe File opened for modification C:\Program Files (x86)\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\System\ado\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe backup.exe -
Drops file in Windows directory 7 IoCs
description ioc Process File opened for modification C:\Windows\assembly\backup.exe backup.exe File opened for modification C:\Windows\Boot\data.exe backup.exe File opened for modification C:\Windows\Branding\backup.exe backup.exe File opened for modification C:\Windows\backup.exe backup.exe File opened for modification C:\Windows\addins\data.exe backup.exe File opened for modification C:\Windows\AppCompat\backup.exe backup.exe File opened for modification C:\Windows\AppPatch\backup.exe backup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 112 backup.exe 1224 backup.exe 1348 backup.exe 948 backup.exe 1776 backup.exe 1812 backup.exe 1692 backup.exe 1664 backup.exe 1164 backup.exe 1548 backup.exe 2028 data.exe 1952 backup.exe 1280 update.exe 776 backup.exe 1928 backup.exe 740 backup.exe 1864 backup.exe 1752 backup.exe 1424 backup.exe 1152 backup.exe 1240 backup.exe 1460 backup.exe 1620 backup.exe 1780 backup.exe 2044 backup.exe 1228 backup.exe 1756 backup.exe 1508 backup.exe 1700 backup.exe 1776 backup.exe 560 backup.exe 1936 backup.exe 756 backup.exe 2016 backup.exe 1952 backup.exe 752 backup.exe 336 backup.exe 1268 backup.exe 612 backup.exe 648 backup.exe 1464 backup.exe 1632 backup.exe 920 backup.exe 1580 backup.exe 1732 backup.exe 604 backup.exe 1444 backup.exe 1324 update.exe 840 backup.exe 1096 backup.exe 1800 backup.exe 1784 data.exe 1616 backup.exe 1236 backup.exe 1560 backup.exe 912 backup.exe 1164 backup.exe 2024 backup.exe 1976 backup.exe 952 backup.exe 756 backup.exe 1768 backup.exe 2020 backup.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 884 wrote to memory of 112 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 27 PID 884 wrote to memory of 112 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 27 PID 884 wrote to memory of 112 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 27 PID 884 wrote to memory of 112 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 27 PID 884 wrote to memory of 1224 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 28 PID 884 wrote to memory of 1224 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 28 PID 884 wrote to memory of 1224 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 28 PID 884 wrote to memory of 1224 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 28 PID 884 wrote to memory of 1348 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 29 PID 884 wrote to memory of 1348 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 29 PID 884 wrote to memory of 1348 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 29 PID 884 wrote to memory of 1348 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 29 PID 112 wrote to memory of 948 112 backup.exe 30 PID 112 wrote to memory of 948 112 backup.exe 30 PID 112 wrote to memory of 948 112 backup.exe 30 PID 112 wrote to memory of 948 112 backup.exe 30 PID 884 wrote to memory of 1812 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 31 PID 884 wrote to memory of 1812 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 31 PID 884 wrote to memory of 1812 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 31 PID 884 wrote to memory of 1812 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 31 PID 948 wrote to memory of 1776 948 backup.exe 32 PID 948 wrote to memory of 1776 948 backup.exe 32 PID 948 wrote to memory of 1776 948 backup.exe 32 PID 948 wrote to memory of 1776 948 backup.exe 32 PID 884 wrote to memory of 1692 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 33 PID 884 wrote to memory of 1692 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 33 PID 884 wrote to memory of 1692 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 33 PID 884 wrote to memory of 1692 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 33 PID 1776 wrote to memory of 1664 1776 backup.exe 34 PID 1776 wrote to memory of 1664 1776 backup.exe 34 PID 1776 wrote to memory of 1664 1776 backup.exe 34 PID 1776 wrote to memory of 1664 1776 backup.exe 34 PID 884 wrote to memory of 1164 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 35 PID 884 wrote to memory of 1164 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 35 PID 884 wrote to memory of 1164 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 35 PID 884 wrote to memory of 1164 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 35 PID 948 wrote to memory of 1548 948 backup.exe 36 PID 948 wrote to memory of 1548 948 backup.exe 36 PID 948 wrote to memory of 1548 948 backup.exe 36 PID 948 wrote to memory of 1548 948 backup.exe 36 PID 884 wrote to memory of 1952 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 37 PID 884 wrote to memory of 1952 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 37 PID 884 wrote to memory of 1952 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 37 PID 884 wrote to memory of 1952 884 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe 37 PID 1548 wrote to memory of 2028 1548 backup.exe 38 PID 1548 wrote to memory of 2028 1548 backup.exe 38 PID 1548 wrote to memory of 2028 1548 backup.exe 38 PID 1548 wrote to memory of 2028 1548 backup.exe 38 PID 2028 wrote to memory of 1280 2028 data.exe 39 PID 2028 wrote to memory of 1280 2028 data.exe 39 PID 2028 wrote to memory of 1280 2028 data.exe 39 PID 2028 wrote to memory of 1280 2028 data.exe 39 PID 2028 wrote to memory of 1280 2028 data.exe 39 PID 2028 wrote to memory of 1280 2028 data.exe 39 PID 2028 wrote to memory of 1280 2028 data.exe 39 PID 1548 wrote to memory of 776 1548 backup.exe 40 PID 1548 wrote to memory of 776 1548 backup.exe 40 PID 1548 wrote to memory of 776 1548 backup.exe 40 PID 1548 wrote to memory of 776 1548 backup.exe 40 PID 776 wrote to memory of 1928 776 backup.exe 41 PID 776 wrote to memory of 1928 776 backup.exe 41 PID 776 wrote to memory of 1928 776 backup.exe 41 PID 776 wrote to memory of 1928 776 backup.exe 41 PID 1928 wrote to memory of 740 1928 backup.exe 42 -
System policy modification 1 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer System Restore.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer 46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System data.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" data.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System System Restore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" update.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer System Restore.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" update.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer update.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System update.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe"C:\Users\Admin\AppData\Local\Temp\46204ac621143b0444adf7ecb6b821afd410e918587767306eeab3926159e510.exe"1⤵
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:884 -
C:\Users\Admin\AppData\Local\Temp\1794728039\backup.exeC:\Users\Admin\AppData\Local\Temp\1794728039\backup.exe C:\Users\Admin\AppData\Local\Temp\1794728039\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:112 -
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:948 -
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1776 -
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:1548 -
C:\Program Files\7-Zip\data.exe"C:\Program Files\7-Zip\data.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Program Files\7-Zip\Lang\update.exe"C:\Program Files\7-Zip\Lang\update.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1280
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:776 -
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:740
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1864 -
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1752
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1424
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1152
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1460
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1776
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:336 -
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:612
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1324
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1616
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵PID:664
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵PID:1800
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:896
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵PID:968
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
PID:1676
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵PID:560
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵PID:2064
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵PID:2184
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵PID:2292
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵PID:2448
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:1768 -
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
PID:1464
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
PID:1808
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵PID:1660
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Disables RegEdit via registry modification
- System policy modification
PID:2032
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵PID:1440
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\update.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
PID:1792
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Disables RegEdit via registry modification
PID:648 -
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵PID:776
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵PID:552
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:1056
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵PID:1536
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵PID:2156
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵PID:2308
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵PID:2456
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020 -
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
PID:2000
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
PID:1632 -
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Drops file in Program Files directory
PID:1812 -
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
PID:1676
-
-
C:\Program Files\Common Files\System\ado\en-US\update.exe"C:\Program Files\Common Files\System\ado\en-US\update.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
PID:1460
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
PID:1972
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- System policy modification
PID:1324
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
PID:1712
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
PID:268
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:1932
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- System policy modification
PID:1236
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Disables RegEdit via registry modification
PID:1048
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵PID:1052
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵PID:2148
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵PID:2284
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵PID:2464
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1164 -
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
PID:612
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Disables RegEdit via registry modification
- System policy modification
PID:1996
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:912
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:1268
-
-
C:\Program Files\DVD Maker\ja-JP\update.exe"C:\Program Files\DVD Maker\ja-JP\update.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- System policy modification
PID:1628
-
-
C:\Program Files\DVD Maker\Shared\System Restore.exe"C:\Program Files\DVD Maker\Shared\System Restore.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:948 -
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵PID:1440
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Disables RegEdit via registry modification
PID:2028 -
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵PID:1560
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
PID:1788 -
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵PID:1228
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵PID:2124
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵PID:2216
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵PID:2324
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵PID:2500
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
PID:1220 -
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵PID:2056
-
-
C:\Program Files\Java\jre7\backup.exe"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\6⤵PID:2200
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵PID:1772
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵PID:2100
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵PID:2240
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵PID:2372
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵PID:2484
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1240 -
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1620 -
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:1228 -
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1508
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:1700 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:560
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:756
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1268 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:648
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1464
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1632 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1444
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:840 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1096 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1560 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:2024 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Executes dropped EXE
- System policy modification
PID:2028
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵PID:1196
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:1752
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
- Modifies visibility of file extensions in Explorer
PID:560 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
- Modifies visibility of file extensions in Explorer
PID:1456
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
PID:2016 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵PID:2032
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
- System policy modification
PID:1780
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:1996
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:900 -
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Modifies visibility of file extensions in Explorer
PID:1416 -
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
PID:976
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:1116
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
PID:1660 -
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵PID:1936
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵PID:2116
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
- Disables RegEdit via registry modification
- System policy modification
PID:520
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵PID:1096
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:1992 -
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵PID:1584
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
PID:1592 -
C:\Program Files (x86)\Common Files\Adobe\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
PID:984 -
C:\Program Files (x86)\Common Files\Adobe\Acrobat\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵PID:1488
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
- System policy modification
PID:1448 -
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵PID:896
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
- Disables RegEdit via registry modification
PID:568
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
PID:612 -
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
PID:1952 -
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\8⤵PID:1768
-
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:856
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵PID:1028
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵PID:2264
-
-
C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\7⤵PID:2420
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵PID:1976
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵PID:2176
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵PID:2316
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
PID:944 -
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵PID:984
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵PID:2108
-
-
C:\Program Files (x86)\Google\Temp\data.exe"C:\Program Files (x86)\Google\Temp\data.exe" C:\Program Files (x86)\Google\Temp\6⤵PID:2232
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵PID:2340
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
PID:1656
-
-
C:\Program Files (x86)\Microsoft Analysis Services\update.exe"C:\Program Files (x86)\Microsoft Analysis Services\update.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
- Modifies visibility of file extensions in Explorer
PID:864
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵PID:524
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\System Restore.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\System Restore.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵PID:2164
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵PID:2432
-
-
-
C:\Users\data.exeC:\Users\data.exe C:\Users\4⤵
- Disables RegEdit via registry modification
- System policy modification
PID:1584 -
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
PID:1748 -
C:\Users\Admin\Contacts\System Restore.exe"C:\Users\Admin\Contacts\System Restore.exe" C:\Users\Admin\Contacts\6⤵
- Disables RegEdit via registry modification
- System policy modification
PID:1048
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵PID:992
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Disables RegEdit via registry modification
PID:1524
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵PID:1196
-
-
C:\Users\Admin\Favorites\data.exeC:\Users\Admin\Favorites\data.exe C:\Users\Admin\Favorites\6⤵PID:1868
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵PID:1100
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵PID:2084
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵PID:2224
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵PID:2332
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵PID:2492
-
-
-
C:\Users\Public\update.exeC:\Users\Public\update.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
PID:1272 -
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵PID:1416
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵PID:2092
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵PID:2208
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵PID:2348
-
-
C:\Users\Public\Recorded TV\backup.exe"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\6⤵PID:2508
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
PID:1532 -
C:\Windows\addins\data.exeC:\Windows\addins\data.exe C:\Windows\addins\5⤵PID:1152
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵PID:2072
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵PID:2192
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵PID:2300
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵PID:2440
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1224
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1348
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1812
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1692
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1164
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5967a89a6ab9a6a2b34369557ce2442ac
SHA118daa93adde2b563bec325dcde6a74ef7689c446
SHA2562dd5f5de87aff2ad83fba6bf3014bfcb2e6eab291de53437b9c0e706eb3454dc
SHA51291d16393f4f768180eae0d4596d197d714200731e83f0e3eac786f0ad04c5db70cd2ef52635e10b6f1acac512f55f7a77518c3916ccfe795a4ee243d1a4ce53e
-
Filesize
72KB
MD53ce1c312caa88b5bdb9e750620911929
SHA1b9c6ecf172612373d60ede090932b7475fe752ea
SHA256a9fd27c5c97f223e72076872c583d0460a7270f8caaa95d0a2246bc62a20900c
SHA512392f0785358190b2a109d90e569705be9b053eb7f21e47c2030ed394b46b9cab6a4539beb9ca0c68ebdbbb9f43489013e01329bcb63d282cd99009d01737445a
-
Filesize
72KB
MD53ce1c312caa88b5bdb9e750620911929
SHA1b9c6ecf172612373d60ede090932b7475fe752ea
SHA256a9fd27c5c97f223e72076872c583d0460a7270f8caaa95d0a2246bc62a20900c
SHA512392f0785358190b2a109d90e569705be9b053eb7f21e47c2030ed394b46b9cab6a4539beb9ca0c68ebdbbb9f43489013e01329bcb63d282cd99009d01737445a
-
Filesize
72KB
MD50b35bcfac0e09d268888711bb3261f28
SHA19d123c77bc5eed8e9d9e8bf1f7a1f0342ba557bb
SHA256a58861b2910d78525a7c032dcb3eb4114deaf8af6c03f75beeaf0c62458c7c94
SHA5128e46920d544d0330e16fb158ed21842b823ca1ea219c3fd2f419a9fd4fda9863df3fb0eb392ce5ec5753f32a5cd5bee9838913cc4aa5c136274e51e11c81b45b
-
Filesize
72KB
MD50b35bcfac0e09d268888711bb3261f28
SHA19d123c77bc5eed8e9d9e8bf1f7a1f0342ba557bb
SHA256a58861b2910d78525a7c032dcb3eb4114deaf8af6c03f75beeaf0c62458c7c94
SHA5128e46920d544d0330e16fb158ed21842b823ca1ea219c3fd2f419a9fd4fda9863df3fb0eb392ce5ec5753f32a5cd5bee9838913cc4aa5c136274e51e11c81b45b
-
Filesize
72KB
MD58f6ad198e25abe5dd66688d8d6ed92ba
SHA10adaf7eae72fe24eea8276ee68839175227f30db
SHA256cd4502d11ae3d14f1ab648c8c3af662aacbdad0ce5ea768a60ad5a2fc6c392fe
SHA51217fe9c952fdf17a5c41694e09a4e180d8280f6201bdb914d3bc26eab2202537900a35206cb8a270822f3af7ad118742d053f7969568c299a27200cfb532d5522
-
Filesize
72KB
MD58f6ad198e25abe5dd66688d8d6ed92ba
SHA10adaf7eae72fe24eea8276ee68839175227f30db
SHA256cd4502d11ae3d14f1ab648c8c3af662aacbdad0ce5ea768a60ad5a2fc6c392fe
SHA51217fe9c952fdf17a5c41694e09a4e180d8280f6201bdb914d3bc26eab2202537900a35206cb8a270822f3af7ad118742d053f7969568c299a27200cfb532d5522
-
Filesize
72KB
MD5354306f8f83e52ff209e9a052ae86557
SHA1cc91c8b5b658d4647bc7113bf9e7074c25093b44
SHA2564a7ad6caa8b3183b1c715fcc56e975264892b3aca470620b6e3317e31b907e55
SHA512724ea53f5d76a4b99daf8a358e1525f3e6463c22b280e35c4cdd1562dfac1fcd61013d813ad2de87bf3a049e482491b50c62157939d004cc518da4875f07b437
-
Filesize
72KB
MD530b8e81514cc7e5dc74ff33c8bec2cb7
SHA18302edbbf24f7b07e37ec827fa4345d2b4f9c1cd
SHA2566cd0b25970329a39e007f4154f958bee8c68222e86fe402d314f9bcc680ca08c
SHA512c1b4174ffa5c530037952d3f297d1616c22a57ee30a085dff44f3a3e04f63a60a450483e9252941e2908f47273e8fcf588e0a8fa2e5d2eb98e9869bb3e2e76ee
-
Filesize
72KB
MD530b8e81514cc7e5dc74ff33c8bec2cb7
SHA18302edbbf24f7b07e37ec827fa4345d2b4f9c1cd
SHA2566cd0b25970329a39e007f4154f958bee8c68222e86fe402d314f9bcc680ca08c
SHA512c1b4174ffa5c530037952d3f297d1616c22a57ee30a085dff44f3a3e04f63a60a450483e9252941e2908f47273e8fcf588e0a8fa2e5d2eb98e9869bb3e2e76ee
-
Filesize
72KB
MD5058496586fb4d97e3b9dc6068ed389cf
SHA1682276464c850f0ad6c86240919e37f4a00e8038
SHA256ce604247b40244e1dcf0a5ba86378e968059edadcddef82d1ff359783dc6ec21
SHA512657a0d78737acea6b9fa41c1a96ec5353ea334a2d02bbaa057d606db549ad6e88577142fe2dc62ba324dc3f71d7fae5c96966a498d335fce586b9dc05325b2b0
-
Filesize
72KB
MD5354306f8f83e52ff209e9a052ae86557
SHA1cc91c8b5b658d4647bc7113bf9e7074c25093b44
SHA2564a7ad6caa8b3183b1c715fcc56e975264892b3aca470620b6e3317e31b907e55
SHA512724ea53f5d76a4b99daf8a358e1525f3e6463c22b280e35c4cdd1562dfac1fcd61013d813ad2de87bf3a049e482491b50c62157939d004cc518da4875f07b437
-
Filesize
72KB
MD5354306f8f83e52ff209e9a052ae86557
SHA1cc91c8b5b658d4647bc7113bf9e7074c25093b44
SHA2564a7ad6caa8b3183b1c715fcc56e975264892b3aca470620b6e3317e31b907e55
SHA512724ea53f5d76a4b99daf8a358e1525f3e6463c22b280e35c4cdd1562dfac1fcd61013d813ad2de87bf3a049e482491b50c62157939d004cc518da4875f07b437
-
Filesize
72KB
MD5b83b3db2452d12f3f840b032337b8526
SHA1b8bd37c17922a86597e91773f0a984b5fd52ca54
SHA256b402ce645782dd2ec3b0f3eaf322a24df1655c202a90d1f81737b308ed1e8939
SHA5127f11c37e97e8d41048b55d752f98e10897361d78aafcaddecf2a9a866c2e93c6ed890dcc9f2a391c2f0fcd2ceb22b18362af79e5b900049db8da3a43b63e9933
-
Filesize
72KB
MD5b83b3db2452d12f3f840b032337b8526
SHA1b8bd37c17922a86597e91773f0a984b5fd52ca54
SHA256b402ce645782dd2ec3b0f3eaf322a24df1655c202a90d1f81737b308ed1e8939
SHA5127f11c37e97e8d41048b55d752f98e10897361d78aafcaddecf2a9a866c2e93c6ed890dcc9f2a391c2f0fcd2ceb22b18362af79e5b900049db8da3a43b63e9933
-
Filesize
72KB
MD524c4d1adc4493e2500d5375e6d156814
SHA1fb117a7fe0ce7592eb7de0021283db8f1b578519
SHA256f168e1fa7d7765707c0f4331003877ebf5636405b3f87493262fb685fe20d654
SHA51284c48f49828746fcdd91ea655b6b59c077c5fe81024c92a927f021bd2e936dddf676e3531960b99c7464dbf8d844e64cee10356d4ea9bee05012425186ab0ff1
-
Filesize
72KB
MD524c4d1adc4493e2500d5375e6d156814
SHA1fb117a7fe0ce7592eb7de0021283db8f1b578519
SHA256f168e1fa7d7765707c0f4331003877ebf5636405b3f87493262fb685fe20d654
SHA51284c48f49828746fcdd91ea655b6b59c077c5fe81024c92a927f021bd2e936dddf676e3531960b99c7464dbf8d844e64cee10356d4ea9bee05012425186ab0ff1
-
Filesize
72KB
MD54a46d2b430d215da791aa906fa0be943
SHA14910ad5c720343b03fcd3eef232babb250657c52
SHA2568748c91cdb25c629c87fc010b7633a9b69cd29cd28802aa6bee8774b79b80876
SHA512271f7cb8ef9fe9ae2490398d8c229e1dd4c71abef8c37588ea9b3a6d67e181cfc6509f4b25708d745ff63216521851b7a6f86bfb8eec3fffe028d11d5aeaacac
-
Filesize
72KB
MD54a46d2b430d215da791aa906fa0be943
SHA14910ad5c720343b03fcd3eef232babb250657c52
SHA2568748c91cdb25c629c87fc010b7633a9b69cd29cd28802aa6bee8774b79b80876
SHA512271f7cb8ef9fe9ae2490398d8c229e1dd4c71abef8c37588ea9b3a6d67e181cfc6509f4b25708d745ff63216521851b7a6f86bfb8eec3fffe028d11d5aeaacac
-
Filesize
72KB
MD5b5027fefb55a35792a2a5597654ba222
SHA1674b9855ba26be7c8e9cb5b5ce0666934595ceb2
SHA25649836d5ac8bffcec9307f4deef868a21e09a55f229755a20ba67910bdf7af98e
SHA512b0fed9a5704fa80ca4e30c30ae25c475f7611a1f59bfe64f7e6066f55f241739ca5950970f73e5f8bd82a486c9692c172aba212c25bdce70b751e047be090c17
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
Filesize72KB
MD5b5027fefb55a35792a2a5597654ba222
SHA1674b9855ba26be7c8e9cb5b5ce0666934595ceb2
SHA25649836d5ac8bffcec9307f4deef868a21e09a55f229755a20ba67910bdf7af98e
SHA512b0fed9a5704fa80ca4e30c30ae25c475f7611a1f59bfe64f7e6066f55f241739ca5950970f73e5f8bd82a486c9692c172aba212c25bdce70b751e047be090c17
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
Filesize72KB
MD5b024cad26cb3f0b15826908127acdca9
SHA1750492a8bb0add76124135aded10951285e6f3f8
SHA2564163a3ed06480e468ebd42ac1e58248c811de901ae2c043e522e1636765218e9
SHA512c1eb9c55a3e3e17aee53745c9fb83ac9587364ab019e06dd887e92559ce4c7fa1cf44da2d45ba87d430a755e18748f72f2bccc79015adfe2ce693926129c5ff5
-
Filesize
72KB
MD5b024cad26cb3f0b15826908127acdca9
SHA1750492a8bb0add76124135aded10951285e6f3f8
SHA2564163a3ed06480e468ebd42ac1e58248c811de901ae2c043e522e1636765218e9
SHA512c1eb9c55a3e3e17aee53745c9fb83ac9587364ab019e06dd887e92559ce4c7fa1cf44da2d45ba87d430a755e18748f72f2bccc79015adfe2ce693926129c5ff5
-
Filesize
72KB
MD5234118d1c389859563cfcf08b6ecbe7a
SHA173e74604e4e84706e4aaaae18c650bc21fda426e
SHA25624e97cd9ea4f30ea992013874e81a78caf855584e6e8b0e473ef435d24a7719e
SHA512c9ed7cb7ce245fd9afad1e40591126a3c09c9da5611963b545328988a1a9481097ec8e32dac27e4e0250192a7437e1eb52ac02992c7d96579cc9688641da88a9
-
Filesize
72KB
MD5b024cad26cb3f0b15826908127acdca9
SHA1750492a8bb0add76124135aded10951285e6f3f8
SHA2564163a3ed06480e468ebd42ac1e58248c811de901ae2c043e522e1636765218e9
SHA512c1eb9c55a3e3e17aee53745c9fb83ac9587364ab019e06dd887e92559ce4c7fa1cf44da2d45ba87d430a755e18748f72f2bccc79015adfe2ce693926129c5ff5
-
Filesize
72KB
MD5d6377e3194cfcc99c62fab67b0f94f80
SHA1cee62510167939f14a1bc47aa12403e50f6b2e86
SHA256238956b990850fde3aa6d8e0466c8d911405a5f7e75d7be169928b62710b884a
SHA512beda892d8bf5839f4f8320419f9bcf43441be72c9e21bde9932d1fe77b220bd40d5a90832cc570886452d18104f5c7ac722adf06c4bc9b6b671508d0e564df76
-
Filesize
72KB
MD5d6377e3194cfcc99c62fab67b0f94f80
SHA1cee62510167939f14a1bc47aa12403e50f6b2e86
SHA256238956b990850fde3aa6d8e0466c8d911405a5f7e75d7be169928b62710b884a
SHA512beda892d8bf5839f4f8320419f9bcf43441be72c9e21bde9932d1fe77b220bd40d5a90832cc570886452d18104f5c7ac722adf06c4bc9b6b671508d0e564df76
-
Filesize
72KB
MD5967a89a6ab9a6a2b34369557ce2442ac
SHA118daa93adde2b563bec325dcde6a74ef7689c446
SHA2562dd5f5de87aff2ad83fba6bf3014bfcb2e6eab291de53437b9c0e706eb3454dc
SHA51291d16393f4f768180eae0d4596d197d714200731e83f0e3eac786f0ad04c5db70cd2ef52635e10b6f1acac512f55f7a77518c3916ccfe795a4ee243d1a4ce53e
-
Filesize
72KB
MD5967a89a6ab9a6a2b34369557ce2442ac
SHA118daa93adde2b563bec325dcde6a74ef7689c446
SHA2562dd5f5de87aff2ad83fba6bf3014bfcb2e6eab291de53437b9c0e706eb3454dc
SHA51291d16393f4f768180eae0d4596d197d714200731e83f0e3eac786f0ad04c5db70cd2ef52635e10b6f1acac512f55f7a77518c3916ccfe795a4ee243d1a4ce53e
-
Filesize
72KB
MD53ce1c312caa88b5bdb9e750620911929
SHA1b9c6ecf172612373d60ede090932b7475fe752ea
SHA256a9fd27c5c97f223e72076872c583d0460a7270f8caaa95d0a2246bc62a20900c
SHA512392f0785358190b2a109d90e569705be9b053eb7f21e47c2030ed394b46b9cab6a4539beb9ca0c68ebdbbb9f43489013e01329bcb63d282cd99009d01737445a
-
Filesize
72KB
MD53ce1c312caa88b5bdb9e750620911929
SHA1b9c6ecf172612373d60ede090932b7475fe752ea
SHA256a9fd27c5c97f223e72076872c583d0460a7270f8caaa95d0a2246bc62a20900c
SHA512392f0785358190b2a109d90e569705be9b053eb7f21e47c2030ed394b46b9cab6a4539beb9ca0c68ebdbbb9f43489013e01329bcb63d282cd99009d01737445a
-
Filesize
72KB
MD50b35bcfac0e09d268888711bb3261f28
SHA19d123c77bc5eed8e9d9e8bf1f7a1f0342ba557bb
SHA256a58861b2910d78525a7c032dcb3eb4114deaf8af6c03f75beeaf0c62458c7c94
SHA5128e46920d544d0330e16fb158ed21842b823ca1ea219c3fd2f419a9fd4fda9863df3fb0eb392ce5ec5753f32a5cd5bee9838913cc4aa5c136274e51e11c81b45b
-
Filesize
72KB
MD50b35bcfac0e09d268888711bb3261f28
SHA19d123c77bc5eed8e9d9e8bf1f7a1f0342ba557bb
SHA256a58861b2910d78525a7c032dcb3eb4114deaf8af6c03f75beeaf0c62458c7c94
SHA5128e46920d544d0330e16fb158ed21842b823ca1ea219c3fd2f419a9fd4fda9863df3fb0eb392ce5ec5753f32a5cd5bee9838913cc4aa5c136274e51e11c81b45b
-
Filesize
72KB
MD50b35bcfac0e09d268888711bb3261f28
SHA19d123c77bc5eed8e9d9e8bf1f7a1f0342ba557bb
SHA256a58861b2910d78525a7c032dcb3eb4114deaf8af6c03f75beeaf0c62458c7c94
SHA5128e46920d544d0330e16fb158ed21842b823ca1ea219c3fd2f419a9fd4fda9863df3fb0eb392ce5ec5753f32a5cd5bee9838913cc4aa5c136274e51e11c81b45b
-
Filesize
72KB
MD50b35bcfac0e09d268888711bb3261f28
SHA19d123c77bc5eed8e9d9e8bf1f7a1f0342ba557bb
SHA256a58861b2910d78525a7c032dcb3eb4114deaf8af6c03f75beeaf0c62458c7c94
SHA5128e46920d544d0330e16fb158ed21842b823ca1ea219c3fd2f419a9fd4fda9863df3fb0eb392ce5ec5753f32a5cd5bee9838913cc4aa5c136274e51e11c81b45b
-
Filesize
72KB
MD58f6ad198e25abe5dd66688d8d6ed92ba
SHA10adaf7eae72fe24eea8276ee68839175227f30db
SHA256cd4502d11ae3d14f1ab648c8c3af662aacbdad0ce5ea768a60ad5a2fc6c392fe
SHA51217fe9c952fdf17a5c41694e09a4e180d8280f6201bdb914d3bc26eab2202537900a35206cb8a270822f3af7ad118742d053f7969568c299a27200cfb532d5522
-
Filesize
72KB
MD58f6ad198e25abe5dd66688d8d6ed92ba
SHA10adaf7eae72fe24eea8276ee68839175227f30db
SHA256cd4502d11ae3d14f1ab648c8c3af662aacbdad0ce5ea768a60ad5a2fc6c392fe
SHA51217fe9c952fdf17a5c41694e09a4e180d8280f6201bdb914d3bc26eab2202537900a35206cb8a270822f3af7ad118742d053f7969568c299a27200cfb532d5522
-
Filesize
72KB
MD5354306f8f83e52ff209e9a052ae86557
SHA1cc91c8b5b658d4647bc7113bf9e7074c25093b44
SHA2564a7ad6caa8b3183b1c715fcc56e975264892b3aca470620b6e3317e31b907e55
SHA512724ea53f5d76a4b99daf8a358e1525f3e6463c22b280e35c4cdd1562dfac1fcd61013d813ad2de87bf3a049e482491b50c62157939d004cc518da4875f07b437
-
Filesize
72KB
MD5354306f8f83e52ff209e9a052ae86557
SHA1cc91c8b5b658d4647bc7113bf9e7074c25093b44
SHA2564a7ad6caa8b3183b1c715fcc56e975264892b3aca470620b6e3317e31b907e55
SHA512724ea53f5d76a4b99daf8a358e1525f3e6463c22b280e35c4cdd1562dfac1fcd61013d813ad2de87bf3a049e482491b50c62157939d004cc518da4875f07b437
-
Filesize
72KB
MD530b8e81514cc7e5dc74ff33c8bec2cb7
SHA18302edbbf24f7b07e37ec827fa4345d2b4f9c1cd
SHA2566cd0b25970329a39e007f4154f958bee8c68222e86fe402d314f9bcc680ca08c
SHA512c1b4174ffa5c530037952d3f297d1616c22a57ee30a085dff44f3a3e04f63a60a450483e9252941e2908f47273e8fcf588e0a8fa2e5d2eb98e9869bb3e2e76ee
-
Filesize
72KB
MD530b8e81514cc7e5dc74ff33c8bec2cb7
SHA18302edbbf24f7b07e37ec827fa4345d2b4f9c1cd
SHA2566cd0b25970329a39e007f4154f958bee8c68222e86fe402d314f9bcc680ca08c
SHA512c1b4174ffa5c530037952d3f297d1616c22a57ee30a085dff44f3a3e04f63a60a450483e9252941e2908f47273e8fcf588e0a8fa2e5d2eb98e9869bb3e2e76ee
-
Filesize
72KB
MD5058496586fb4d97e3b9dc6068ed389cf
SHA1682276464c850f0ad6c86240919e37f4a00e8038
SHA256ce604247b40244e1dcf0a5ba86378e968059edadcddef82d1ff359783dc6ec21
SHA512657a0d78737acea6b9fa41c1a96ec5353ea334a2d02bbaa057d606db549ad6e88577142fe2dc62ba324dc3f71d7fae5c96966a498d335fce586b9dc05325b2b0
-
Filesize
72KB
MD5058496586fb4d97e3b9dc6068ed389cf
SHA1682276464c850f0ad6c86240919e37f4a00e8038
SHA256ce604247b40244e1dcf0a5ba86378e968059edadcddef82d1ff359783dc6ec21
SHA512657a0d78737acea6b9fa41c1a96ec5353ea334a2d02bbaa057d606db549ad6e88577142fe2dc62ba324dc3f71d7fae5c96966a498d335fce586b9dc05325b2b0
-
Filesize
72KB
MD5354306f8f83e52ff209e9a052ae86557
SHA1cc91c8b5b658d4647bc7113bf9e7074c25093b44
SHA2564a7ad6caa8b3183b1c715fcc56e975264892b3aca470620b6e3317e31b907e55
SHA512724ea53f5d76a4b99daf8a358e1525f3e6463c22b280e35c4cdd1562dfac1fcd61013d813ad2de87bf3a049e482491b50c62157939d004cc518da4875f07b437
-
Filesize
72KB
MD5354306f8f83e52ff209e9a052ae86557
SHA1cc91c8b5b658d4647bc7113bf9e7074c25093b44
SHA2564a7ad6caa8b3183b1c715fcc56e975264892b3aca470620b6e3317e31b907e55
SHA512724ea53f5d76a4b99daf8a358e1525f3e6463c22b280e35c4cdd1562dfac1fcd61013d813ad2de87bf3a049e482491b50c62157939d004cc518da4875f07b437
-
Filesize
72KB
MD5058496586fb4d97e3b9dc6068ed389cf
SHA1682276464c850f0ad6c86240919e37f4a00e8038
SHA256ce604247b40244e1dcf0a5ba86378e968059edadcddef82d1ff359783dc6ec21
SHA512657a0d78737acea6b9fa41c1a96ec5353ea334a2d02bbaa057d606db549ad6e88577142fe2dc62ba324dc3f71d7fae5c96966a498d335fce586b9dc05325b2b0
-
Filesize
72KB
MD5b83b3db2452d12f3f840b032337b8526
SHA1b8bd37c17922a86597e91773f0a984b5fd52ca54
SHA256b402ce645782dd2ec3b0f3eaf322a24df1655c202a90d1f81737b308ed1e8939
SHA5127f11c37e97e8d41048b55d752f98e10897361d78aafcaddecf2a9a866c2e93c6ed890dcc9f2a391c2f0fcd2ceb22b18362af79e5b900049db8da3a43b63e9933
-
Filesize
72KB
MD5b83b3db2452d12f3f840b032337b8526
SHA1b8bd37c17922a86597e91773f0a984b5fd52ca54
SHA256b402ce645782dd2ec3b0f3eaf322a24df1655c202a90d1f81737b308ed1e8939
SHA5127f11c37e97e8d41048b55d752f98e10897361d78aafcaddecf2a9a866c2e93c6ed890dcc9f2a391c2f0fcd2ceb22b18362af79e5b900049db8da3a43b63e9933
-
Filesize
72KB
MD524c4d1adc4493e2500d5375e6d156814
SHA1fb117a7fe0ce7592eb7de0021283db8f1b578519
SHA256f168e1fa7d7765707c0f4331003877ebf5636405b3f87493262fb685fe20d654
SHA51284c48f49828746fcdd91ea655b6b59c077c5fe81024c92a927f021bd2e936dddf676e3531960b99c7464dbf8d844e64cee10356d4ea9bee05012425186ab0ff1
-
Filesize
72KB
MD524c4d1adc4493e2500d5375e6d156814
SHA1fb117a7fe0ce7592eb7de0021283db8f1b578519
SHA256f168e1fa7d7765707c0f4331003877ebf5636405b3f87493262fb685fe20d654
SHA51284c48f49828746fcdd91ea655b6b59c077c5fe81024c92a927f021bd2e936dddf676e3531960b99c7464dbf8d844e64cee10356d4ea9bee05012425186ab0ff1
-
Filesize
72KB
MD54a46d2b430d215da791aa906fa0be943
SHA14910ad5c720343b03fcd3eef232babb250657c52
SHA2568748c91cdb25c629c87fc010b7633a9b69cd29cd28802aa6bee8774b79b80876
SHA512271f7cb8ef9fe9ae2490398d8c229e1dd4c71abef8c37588ea9b3a6d67e181cfc6509f4b25708d745ff63216521851b7a6f86bfb8eec3fffe028d11d5aeaacac
-
Filesize
72KB
MD54a46d2b430d215da791aa906fa0be943
SHA14910ad5c720343b03fcd3eef232babb250657c52
SHA2568748c91cdb25c629c87fc010b7633a9b69cd29cd28802aa6bee8774b79b80876
SHA512271f7cb8ef9fe9ae2490398d8c229e1dd4c71abef8c37588ea9b3a6d67e181cfc6509f4b25708d745ff63216521851b7a6f86bfb8eec3fffe028d11d5aeaacac
-
Filesize
72KB
MD5b5027fefb55a35792a2a5597654ba222
SHA1674b9855ba26be7c8e9cb5b5ce0666934595ceb2
SHA25649836d5ac8bffcec9307f4deef868a21e09a55f229755a20ba67910bdf7af98e
SHA512b0fed9a5704fa80ca4e30c30ae25c475f7611a1f59bfe64f7e6066f55f241739ca5950970f73e5f8bd82a486c9692c172aba212c25bdce70b751e047be090c17
-
Filesize
72KB
MD5b5027fefb55a35792a2a5597654ba222
SHA1674b9855ba26be7c8e9cb5b5ce0666934595ceb2
SHA25649836d5ac8bffcec9307f4deef868a21e09a55f229755a20ba67910bdf7af98e
SHA512b0fed9a5704fa80ca4e30c30ae25c475f7611a1f59bfe64f7e6066f55f241739ca5950970f73e5f8bd82a486c9692c172aba212c25bdce70b751e047be090c17
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
Filesize72KB
MD5b5027fefb55a35792a2a5597654ba222
SHA1674b9855ba26be7c8e9cb5b5ce0666934595ceb2
SHA25649836d5ac8bffcec9307f4deef868a21e09a55f229755a20ba67910bdf7af98e
SHA512b0fed9a5704fa80ca4e30c30ae25c475f7611a1f59bfe64f7e6066f55f241739ca5950970f73e5f8bd82a486c9692c172aba212c25bdce70b751e047be090c17
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
Filesize72KB
MD5b5027fefb55a35792a2a5597654ba222
SHA1674b9855ba26be7c8e9cb5b5ce0666934595ceb2
SHA25649836d5ac8bffcec9307f4deef868a21e09a55f229755a20ba67910bdf7af98e
SHA512b0fed9a5704fa80ca4e30c30ae25c475f7611a1f59bfe64f7e6066f55f241739ca5950970f73e5f8bd82a486c9692c172aba212c25bdce70b751e047be090c17
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
Filesize72KB
MD5b024cad26cb3f0b15826908127acdca9
SHA1750492a8bb0add76124135aded10951285e6f3f8
SHA2564163a3ed06480e468ebd42ac1e58248c811de901ae2c043e522e1636765218e9
SHA512c1eb9c55a3e3e17aee53745c9fb83ac9587364ab019e06dd887e92559ce4c7fa1cf44da2d45ba87d430a755e18748f72f2bccc79015adfe2ce693926129c5ff5
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
Filesize72KB
MD5b024cad26cb3f0b15826908127acdca9
SHA1750492a8bb0add76124135aded10951285e6f3f8
SHA2564163a3ed06480e468ebd42ac1e58248c811de901ae2c043e522e1636765218e9
SHA512c1eb9c55a3e3e17aee53745c9fb83ac9587364ab019e06dd887e92559ce4c7fa1cf44da2d45ba87d430a755e18748f72f2bccc79015adfe2ce693926129c5ff5
-
Filesize
72KB
MD5b024cad26cb3f0b15826908127acdca9
SHA1750492a8bb0add76124135aded10951285e6f3f8
SHA2564163a3ed06480e468ebd42ac1e58248c811de901ae2c043e522e1636765218e9
SHA512c1eb9c55a3e3e17aee53745c9fb83ac9587364ab019e06dd887e92559ce4c7fa1cf44da2d45ba87d430a755e18748f72f2bccc79015adfe2ce693926129c5ff5
-
Filesize
72KB
MD5b024cad26cb3f0b15826908127acdca9
SHA1750492a8bb0add76124135aded10951285e6f3f8
SHA2564163a3ed06480e468ebd42ac1e58248c811de901ae2c043e522e1636765218e9
SHA512c1eb9c55a3e3e17aee53745c9fb83ac9587364ab019e06dd887e92559ce4c7fa1cf44da2d45ba87d430a755e18748f72f2bccc79015adfe2ce693926129c5ff5
-
Filesize
72KB
MD5234118d1c389859563cfcf08b6ecbe7a
SHA173e74604e4e84706e4aaaae18c650bc21fda426e
SHA25624e97cd9ea4f30ea992013874e81a78caf855584e6e8b0e473ef435d24a7719e
SHA512c9ed7cb7ce245fd9afad1e40591126a3c09c9da5611963b545328988a1a9481097ec8e32dac27e4e0250192a7437e1eb52ac02992c7d96579cc9688641da88a9
-
Filesize
72KB
MD5234118d1c389859563cfcf08b6ecbe7a
SHA173e74604e4e84706e4aaaae18c650bc21fda426e
SHA25624e97cd9ea4f30ea992013874e81a78caf855584e6e8b0e473ef435d24a7719e
SHA512c9ed7cb7ce245fd9afad1e40591126a3c09c9da5611963b545328988a1a9481097ec8e32dac27e4e0250192a7437e1eb52ac02992c7d96579cc9688641da88a9
-
Filesize
72KB
MD5b024cad26cb3f0b15826908127acdca9
SHA1750492a8bb0add76124135aded10951285e6f3f8
SHA2564163a3ed06480e468ebd42ac1e58248c811de901ae2c043e522e1636765218e9
SHA512c1eb9c55a3e3e17aee53745c9fb83ac9587364ab019e06dd887e92559ce4c7fa1cf44da2d45ba87d430a755e18748f72f2bccc79015adfe2ce693926129c5ff5
-
Filesize
72KB
MD5b024cad26cb3f0b15826908127acdca9
SHA1750492a8bb0add76124135aded10951285e6f3f8
SHA2564163a3ed06480e468ebd42ac1e58248c811de901ae2c043e522e1636765218e9
SHA512c1eb9c55a3e3e17aee53745c9fb83ac9587364ab019e06dd887e92559ce4c7fa1cf44da2d45ba87d430a755e18748f72f2bccc79015adfe2ce693926129c5ff5