Analysis
-
max time kernel
157s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
07/11/2022, 00:31
General
-
Target
d038aa5f75f5dbbbcec7d439c2b8a5f97a59b00765448bec465d0caa8a6571bd.exe
-
Size
72KB
-
MD5
05710b5a66da52f66f189c16a18e2bd2
-
SHA1
c617b083b3d101c1c11a8c04a1fd1187b47c50cf
-
SHA256
d038aa5f75f5dbbbcec7d439c2b8a5f97a59b00765448bec465d0caa8a6571bd
-
SHA512
0bed4d45894d85fa3822f380e0866ce1a451f88ba4d9c080e2b38308f6a02f63d23962cb0caf79d4fe5601454ef379de2bd6b6a700a4ebec107c5f643165261a
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf20:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPA
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 15 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d038aa5f75f5dbbbcec7d439c2b8a5f97a59b00765448bec465d0caa8a6571bd.exe"C:\Users\Admin\AppData\Local\Temp\d038aa5f75f5dbbbcec7d439c2b8a5f97a59b00765448bec465d0caa8a6571bd.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2549209287\backup.exeC:\Users\Admin\AppData\Local\Temp\2549209287\backup.exe C:\Users\Admin\AppData\Local\Temp\2549209287\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\data.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\data.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\data.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\data.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\data.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\data.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\update.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\update.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\10⤵
-
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pl-PL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-BR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-PT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ru-RU\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ro-RO\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sk-SK\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sl-SI\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\data.exe"C:\Program Files\Common Files\microsoft shared\TextConv\data.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\data.exe"C:\Program Files\Common Files\System\ado\data.exe" C:\Program Files\Common Files\System\ado\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\msadc\es-ES\System Restore.exe"C:\Program Files\Common Files\System\msadc\es-ES\System Restore.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\data.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\data.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\10⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
-
C:\Program Files\Internet Explorer\SIGNUP\System Restore.exe"C:\Program Files\Internet Explorer\SIGNUP\System Restore.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\ja-JP\data.exe"C:\Program Files\Internet Explorer\ja-JP\data.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\update.exe"C:\Program Files\Java\jdk1.8.0_66\update.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\9⤵
-
-
-
-
-
C:\Program Files\Java\jre1.8.0_66\backup.exe"C:\Program Files\Java\jre1.8.0_66\backup.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jre1.8.0_66\bin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\plugin2\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\server\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Java\jre1.8.0_66\lib\System Restore.exe"C:\Program Files\Java\jre1.8.0_66\lib\System Restore.exe" C:\Program Files\Java\jre1.8.0_66\lib\7⤵
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
-
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
-
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
-
-
-
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\System Restore.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\System Restore.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
C:\Program Files (x86)\Common Files\System\ado\backup.exe"C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\ado\en-US\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\ado\es-ES\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\System\ado\fr-FR\System Restore.exe"C:\Program Files (x86)\Common Files\System\ado\fr-FR\System Restore.exe" C:\Program Files (x86)\Common Files\System\ado\fr-FR\8⤵
-
-
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Google\Temp\data.exe"C:\Program Files (x86)\Google\Temp\data.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
C:\Program Files (x86)\Google\Update\1.3.36.71\data.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\data.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
- System policy modification
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\9⤵
-
-
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Internet Explorer\images\backup.exe"C:\Program Files (x86)\Internet Explorer\images\backup.exe" C:\Program Files (x86)\Internet Explorer\images\6⤵
-
-
-
C:\Program Files (x86)\Microsoft\backup.exe"C:\Program Files (x86)\Microsoft\backup.exe" C:\Program Files (x86)\Microsoft\5⤵
-
C:\Program Files (x86)\Microsoft\Edge\backup.exe"C:\Program Files (x86)\Microsoft\Edge\backup.exe" C:\Program Files (x86)\Microsoft\Edge\6⤵
-
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\update.exeC:\Users\Admin\Favorites\update.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\OneDrive\update.exeC:\Users\Admin\OneDrive\update.exe C:\Users\Admin\OneDrive\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
-
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
- Disables RegEdit via registry modification
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Public\Documents\data.exeC:\Users\Public\Documents\data.exe C:\Users\Public\Documents\6⤵
- System policy modification
-
-
C:\Users\Public\Pictures\System Restore.exe"C:\Users\Public\Pictures\System Restore.exe" C:\Users\Public\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Public\Videos\System Restore.exe"C:\Users\Public\Videos\System Restore.exe" C:\Users\Public\Videos\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\appcompat\update.exeC:\Windows\appcompat\update.exe C:\Windows\appcompat\5⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
- System policy modification
-
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
-
-
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
-
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
-
C:\Windows\apppatch\CustomSDB\backup.exeC:\Windows\apppatch\CustomSDB\backup.exe C:\Windows\apppatch\CustomSDB\6⤵
-
-
C:\Windows\apppatch\de-DE\backup.exeC:\Windows\apppatch\de-DE\backup.exe C:\Windows\apppatch\de-DE\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Windows\apppatch\en-US\backup.exeC:\Windows\apppatch\en-US\backup.exe C:\Windows\apppatch\en-US\6⤵
-
-
-
C:\Windows\AppReadiness\backup.exeC:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\3⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\4⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\4⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\5⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\5⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\update.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\update.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Common Files\Adobe\update.exe"C:\Program Files (x86)\Common Files\Adobe\update.exe" C:\Program Files (x86)\Common Files\Adobe\1⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\2⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\3⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\update.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\update.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\2⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\2⤵
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\3⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\data.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\data.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\2⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\3⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\1⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\1⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\System Restore.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\System Restore.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\1⤵
-
C:\Program Files\Java\jdk1.8.0_66\bin\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\bin\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\bin\1⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\1⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\1⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\2⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\2⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\2⤵
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5c2ee62a0edb0bd1c1c2bfd23ff1b6270
SHA1dc6a95c0e279b1fd7326ef642eca306566b9464a
SHA256c25ab7896e06e9f46a9fd2e25b86367c671cb55dbe43f58d884f3a19ffdc2c82
SHA512db5cbd7f293718625e36901e8914ff0d4f878f9863dcccb916530a2b4c05069ae5a4857f8e67217ee40eb4744782bb395f3ba28ae3a2bdec8f4702e0f39a45ee
-
Filesize
72KB
MD5c2ee62a0edb0bd1c1c2bfd23ff1b6270
SHA1dc6a95c0e279b1fd7326ef642eca306566b9464a
SHA256c25ab7896e06e9f46a9fd2e25b86367c671cb55dbe43f58d884f3a19ffdc2c82
SHA512db5cbd7f293718625e36901e8914ff0d4f878f9863dcccb916530a2b4c05069ae5a4857f8e67217ee40eb4744782bb395f3ba28ae3a2bdec8f4702e0f39a45ee
-
Filesize
72KB
MD5d12fb87fe66a1995aaa43dcead7fec1a
SHA1937b838bc641d0701af4c8dc217aba98206c6a87
SHA256461e0a123b4f4ad6395765f594ad94f98a5e9c85b5ea9a0436a77d2c93ad7146
SHA5125f2bcfdedf33c462ec8b5bc11ada546bc76b3be196d8b12a07a63ddf2c64f46ae8fa78bf87521560c54dc9a85de94ae608db79f1e693d9d8edfc112309593b01
-
Filesize
72KB
MD5d12fb87fe66a1995aaa43dcead7fec1a
SHA1937b838bc641d0701af4c8dc217aba98206c6a87
SHA256461e0a123b4f4ad6395765f594ad94f98a5e9c85b5ea9a0436a77d2c93ad7146
SHA5125f2bcfdedf33c462ec8b5bc11ada546bc76b3be196d8b12a07a63ddf2c64f46ae8fa78bf87521560c54dc9a85de94ae608db79f1e693d9d8edfc112309593b01
-
Filesize
72KB
MD5ea9b0752911e0a249d13e1d742734bda
SHA1726b5749479417bcfdcdfd9041db44cc9641ad0d
SHA256e5887b7401f5024172d5ec0ef1a6d92d9295235daa46eefe41011d45ea01075f
SHA51208932c98578e6b825a532f074cad2b804e5bc7435b7eaa1beb1987918f329bebc204978de72e6290f498473a762cfaffa6b4a16eac1f89976ebbc775ebe58f9c
-
Filesize
72KB
MD5ea9b0752911e0a249d13e1d742734bda
SHA1726b5749479417bcfdcdfd9041db44cc9641ad0d
SHA256e5887b7401f5024172d5ec0ef1a6d92d9295235daa46eefe41011d45ea01075f
SHA51208932c98578e6b825a532f074cad2b804e5bc7435b7eaa1beb1987918f329bebc204978de72e6290f498473a762cfaffa6b4a16eac1f89976ebbc775ebe58f9c
-
Filesize
72KB
MD5ebcf523d6f10d888b5ae205afe92e930
SHA10ebffe445fd3b8bc2c8eff0d84c5cf2aa6e12f57
SHA25663523797c598dbe83370bb94c62de46134f1195e3ddaff698d8277e1790bedb8
SHA512e11d6f107c08479d4fed3f3f4895503ea203d84b2f8078b2ac4c20b7de94c8e8deb2142bd7ad19debe4873ae5343efeeeaf1a1eaa4361c861e3e846e7c757343
-
Filesize
72KB
MD5ebcf523d6f10d888b5ae205afe92e930
SHA10ebffe445fd3b8bc2c8eff0d84c5cf2aa6e12f57
SHA25663523797c598dbe83370bb94c62de46134f1195e3ddaff698d8277e1790bedb8
SHA512e11d6f107c08479d4fed3f3f4895503ea203d84b2f8078b2ac4c20b7de94c8e8deb2142bd7ad19debe4873ae5343efeeeaf1a1eaa4361c861e3e846e7c757343
-
Filesize
72KB
MD51db17ce9c24b02d6f7e57a7bec7a70f5
SHA14c181302581b236c3b7e9664e4be6d53f87d66ff
SHA2564211c65e634d3a379cb67d37c17df9740ac00a033bad60d9a6cb22072d961d02
SHA5125eee901c2cb08e9bc18405a7b290f41b4cd27cbf59b42818e674187faca30f88faea853c88e4dcd035f616b5bb8eec7e28e8c1c786bb3f8f7b81d71bdb1456ac
-
Filesize
72KB
MD51db17ce9c24b02d6f7e57a7bec7a70f5
SHA14c181302581b236c3b7e9664e4be6d53f87d66ff
SHA2564211c65e634d3a379cb67d37c17df9740ac00a033bad60d9a6cb22072d961d02
SHA5125eee901c2cb08e9bc18405a7b290f41b4cd27cbf59b42818e674187faca30f88faea853c88e4dcd035f616b5bb8eec7e28e8c1c786bb3f8f7b81d71bdb1456ac
-
Filesize
72KB
MD536cf5ad5ebf798a9b45b624d51b36c05
SHA1f29f580899ded07d2ffdb3d98b319579541e59d0
SHA25691210a6d9c7eed6a02b9724f00552eb8fe094410a7eebf2fb9363057bc0bf922
SHA51261a4c0815ea240d5ad79857ce8f5be6e8987488fcb7ddefbdfdf0985522464d3eb6731e5d3260935377adf5922aa7768835ccc8dcbdd5e8c4b73d14c86dba732
-
Filesize
72KB
MD536cf5ad5ebf798a9b45b624d51b36c05
SHA1f29f580899ded07d2ffdb3d98b319579541e59d0
SHA25691210a6d9c7eed6a02b9724f00552eb8fe094410a7eebf2fb9363057bc0bf922
SHA51261a4c0815ea240d5ad79857ce8f5be6e8987488fcb7ddefbdfdf0985522464d3eb6731e5d3260935377adf5922aa7768835ccc8dcbdd5e8c4b73d14c86dba732
-
Filesize
72KB
MD5ebcf523d6f10d888b5ae205afe92e930
SHA10ebffe445fd3b8bc2c8eff0d84c5cf2aa6e12f57
SHA25663523797c598dbe83370bb94c62de46134f1195e3ddaff698d8277e1790bedb8
SHA512e11d6f107c08479d4fed3f3f4895503ea203d84b2f8078b2ac4c20b7de94c8e8deb2142bd7ad19debe4873ae5343efeeeaf1a1eaa4361c861e3e846e7c757343
-
Filesize
72KB
MD5ebcf523d6f10d888b5ae205afe92e930
SHA10ebffe445fd3b8bc2c8eff0d84c5cf2aa6e12f57
SHA25663523797c598dbe83370bb94c62de46134f1195e3ddaff698d8277e1790bedb8
SHA512e11d6f107c08479d4fed3f3f4895503ea203d84b2f8078b2ac4c20b7de94c8e8deb2142bd7ad19debe4873ae5343efeeeaf1a1eaa4361c861e3e846e7c757343
-
Filesize
72KB
MD52c4df218c272e4e6dc997a505f0e0bc4
SHA1207d4168d8be1dcff603906ab2d50e18fc9db240
SHA256801b7e3cdd7c5734b64cb111a7e11bfd7a022afbfb90d8942c54d70584480a3b
SHA5128f21f77d2fcc81dbc95ee2d84e29d1f2c8baefea469cec29f3716780f5101e8ed76e3bc8df280dc1909caf604ed019446a68d6061f0b95cd2f95a4afe68dd442
-
Filesize
72KB
MD52c4df218c272e4e6dc997a505f0e0bc4
SHA1207d4168d8be1dcff603906ab2d50e18fc9db240
SHA256801b7e3cdd7c5734b64cb111a7e11bfd7a022afbfb90d8942c54d70584480a3b
SHA5128f21f77d2fcc81dbc95ee2d84e29d1f2c8baefea469cec29f3716780f5101e8ed76e3bc8df280dc1909caf604ed019446a68d6061f0b95cd2f95a4afe68dd442
-
Filesize
72KB
MD536cf5ad5ebf798a9b45b624d51b36c05
SHA1f29f580899ded07d2ffdb3d98b319579541e59d0
SHA25691210a6d9c7eed6a02b9724f00552eb8fe094410a7eebf2fb9363057bc0bf922
SHA51261a4c0815ea240d5ad79857ce8f5be6e8987488fcb7ddefbdfdf0985522464d3eb6731e5d3260935377adf5922aa7768835ccc8dcbdd5e8c4b73d14c86dba732
-
Filesize
72KB
MD536cf5ad5ebf798a9b45b624d51b36c05
SHA1f29f580899ded07d2ffdb3d98b319579541e59d0
SHA25691210a6d9c7eed6a02b9724f00552eb8fe094410a7eebf2fb9363057bc0bf922
SHA51261a4c0815ea240d5ad79857ce8f5be6e8987488fcb7ddefbdfdf0985522464d3eb6731e5d3260935377adf5922aa7768835ccc8dcbdd5e8c4b73d14c86dba732
-
Filesize
72KB
MD52c4df218c272e4e6dc997a505f0e0bc4
SHA1207d4168d8be1dcff603906ab2d50e18fc9db240
SHA256801b7e3cdd7c5734b64cb111a7e11bfd7a022afbfb90d8942c54d70584480a3b
SHA5128f21f77d2fcc81dbc95ee2d84e29d1f2c8baefea469cec29f3716780f5101e8ed76e3bc8df280dc1909caf604ed019446a68d6061f0b95cd2f95a4afe68dd442
-
Filesize
72KB
MD52c4df218c272e4e6dc997a505f0e0bc4
SHA1207d4168d8be1dcff603906ab2d50e18fc9db240
SHA256801b7e3cdd7c5734b64cb111a7e11bfd7a022afbfb90d8942c54d70584480a3b
SHA5128f21f77d2fcc81dbc95ee2d84e29d1f2c8baefea469cec29f3716780f5101e8ed76e3bc8df280dc1909caf604ed019446a68d6061f0b95cd2f95a4afe68dd442
-
Filesize
72KB
MD52c4df218c272e4e6dc997a505f0e0bc4
SHA1207d4168d8be1dcff603906ab2d50e18fc9db240
SHA256801b7e3cdd7c5734b64cb111a7e11bfd7a022afbfb90d8942c54d70584480a3b
SHA5128f21f77d2fcc81dbc95ee2d84e29d1f2c8baefea469cec29f3716780f5101e8ed76e3bc8df280dc1909caf604ed019446a68d6061f0b95cd2f95a4afe68dd442
-
Filesize
72KB
MD52c4df218c272e4e6dc997a505f0e0bc4
SHA1207d4168d8be1dcff603906ab2d50e18fc9db240
SHA256801b7e3cdd7c5734b64cb111a7e11bfd7a022afbfb90d8942c54d70584480a3b
SHA5128f21f77d2fcc81dbc95ee2d84e29d1f2c8baefea469cec29f3716780f5101e8ed76e3bc8df280dc1909caf604ed019446a68d6061f0b95cd2f95a4afe68dd442
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5590dbe33d81039265825d2f59095f2e5
SHA1ec1823024c08ed039d10618845fbe4bcba357547
SHA2569b87081842c47d56a8ff1b6b9b4647f816dbb413b5c56f709bab84990752ad01
SHA51284eb7595b22082a67e798eadb47c6c9b8d2342c98a33ed618d22b8f13d84d617e646898f6e6e181fdd75921c6dec2410b93e199fdc670cc93fc3a887f8e0a31d
-
Filesize
72KB
MD5c5e61b4f8c16ba34649d92302e66a04a
SHA19e8540064dcdc399f1379346ef0c322db6e6a544
SHA25615819e3cf0b13371daf9700d88576cc96e0766563c2a874ed82cccfe1902e650
SHA512533196c26a2ba6cff3daf022d220ccee788a3f0cc697730d068e57fb709661949e16f9b11f91a3de6f3ae7c93a9894b4c2a6a7dd49d04c5ab851e402e2062871
-
Filesize
72KB
MD5c5e61b4f8c16ba34649d92302e66a04a
SHA19e8540064dcdc399f1379346ef0c322db6e6a544
SHA25615819e3cf0b13371daf9700d88576cc96e0766563c2a874ed82cccfe1902e650
SHA512533196c26a2ba6cff3daf022d220ccee788a3f0cc697730d068e57fb709661949e16f9b11f91a3de6f3ae7c93a9894b4c2a6a7dd49d04c5ab851e402e2062871
-
Filesize
72KB
MD5c5e61b4f8c16ba34649d92302e66a04a
SHA19e8540064dcdc399f1379346ef0c322db6e6a544
SHA25615819e3cf0b13371daf9700d88576cc96e0766563c2a874ed82cccfe1902e650
SHA512533196c26a2ba6cff3daf022d220ccee788a3f0cc697730d068e57fb709661949e16f9b11f91a3de6f3ae7c93a9894b4c2a6a7dd49d04c5ab851e402e2062871
-
Filesize
72KB
MD5c5e61b4f8c16ba34649d92302e66a04a
SHA19e8540064dcdc399f1379346ef0c322db6e6a544
SHA25615819e3cf0b13371daf9700d88576cc96e0766563c2a874ed82cccfe1902e650
SHA512533196c26a2ba6cff3daf022d220ccee788a3f0cc697730d068e57fb709661949e16f9b11f91a3de6f3ae7c93a9894b4c2a6a7dd49d04c5ab851e402e2062871
-
Filesize
72KB
MD5c5e61b4f8c16ba34649d92302e66a04a
SHA19e8540064dcdc399f1379346ef0c322db6e6a544
SHA25615819e3cf0b13371daf9700d88576cc96e0766563c2a874ed82cccfe1902e650
SHA512533196c26a2ba6cff3daf022d220ccee788a3f0cc697730d068e57fb709661949e16f9b11f91a3de6f3ae7c93a9894b4c2a6a7dd49d04c5ab851e402e2062871
-
Filesize
72KB
MD5c5e61b4f8c16ba34649d92302e66a04a
SHA19e8540064dcdc399f1379346ef0c322db6e6a544
SHA25615819e3cf0b13371daf9700d88576cc96e0766563c2a874ed82cccfe1902e650
SHA512533196c26a2ba6cff3daf022d220ccee788a3f0cc697730d068e57fb709661949e16f9b11f91a3de6f3ae7c93a9894b4c2a6a7dd49d04c5ab851e402e2062871
-
Filesize
72KB
MD5c5e61b4f8c16ba34649d92302e66a04a
SHA19e8540064dcdc399f1379346ef0c322db6e6a544
SHA25615819e3cf0b13371daf9700d88576cc96e0766563c2a874ed82cccfe1902e650
SHA512533196c26a2ba6cff3daf022d220ccee788a3f0cc697730d068e57fb709661949e16f9b11f91a3de6f3ae7c93a9894b4c2a6a7dd49d04c5ab851e402e2062871
-
Filesize
72KB
MD5c5e61b4f8c16ba34649d92302e66a04a
SHA19e8540064dcdc399f1379346ef0c322db6e6a544
SHA25615819e3cf0b13371daf9700d88576cc96e0766563c2a874ed82cccfe1902e650
SHA512533196c26a2ba6cff3daf022d220ccee788a3f0cc697730d068e57fb709661949e16f9b11f91a3de6f3ae7c93a9894b4c2a6a7dd49d04c5ab851e402e2062871
-
Filesize
72KB
MD557bc5060fa11a8bd0706c51428bc835a
SHA126bb36acdd4042c19031eb344da230065fa33e08
SHA25605ff5db2f21e44229a510aa7ab9b6c26a946b66d1f2dc300bffda722e1fdc229
SHA512d128d6bc4955d7d6934398c51483d2f064f93afc627eb4d67ee6d8088e3aa5022fc9944847d2e18dc655515b8c2663cd9794c9ffcff283e61eb210efa652ccbf
-
Filesize
72KB
MD557bc5060fa11a8bd0706c51428bc835a
SHA126bb36acdd4042c19031eb344da230065fa33e08
SHA25605ff5db2f21e44229a510aa7ab9b6c26a946b66d1f2dc300bffda722e1fdc229
SHA512d128d6bc4955d7d6934398c51483d2f064f93afc627eb4d67ee6d8088e3aa5022fc9944847d2e18dc655515b8c2663cd9794c9ffcff283e61eb210efa652ccbf
-
Filesize
72KB
MD5c2ee62a0edb0bd1c1c2bfd23ff1b6270
SHA1dc6a95c0e279b1fd7326ef642eca306566b9464a
SHA256c25ab7896e06e9f46a9fd2e25b86367c671cb55dbe43f58d884f3a19ffdc2c82
SHA512db5cbd7f293718625e36901e8914ff0d4f878f9863dcccb916530a2b4c05069ae5a4857f8e67217ee40eb4744782bb395f3ba28ae3a2bdec8f4702e0f39a45ee
-
Filesize
72KB
MD5c2ee62a0edb0bd1c1c2bfd23ff1b6270
SHA1dc6a95c0e279b1fd7326ef642eca306566b9464a
SHA256c25ab7896e06e9f46a9fd2e25b86367c671cb55dbe43f58d884f3a19ffdc2c82
SHA512db5cbd7f293718625e36901e8914ff0d4f878f9863dcccb916530a2b4c05069ae5a4857f8e67217ee40eb4744782bb395f3ba28ae3a2bdec8f4702e0f39a45ee
-
Filesize
72KB
MD5390187c0540c99991624eb6907af7be4
SHA1944acf25b6206d91f157548161850c87d670f3ca
SHA25645f176c7500b375f0019a493814078f383707f75b0e59e0a5d3378c131c63be9
SHA5125f2c7b23a31778f94222bac3d62b0c8532a56b7ace0629d8136b2ae4a316a5d7b8589ed459ae59cd59ba9ef49e114c283f78b51dfcdfc2f92af8ff1327708375
-
Filesize
72KB
MD5390187c0540c99991624eb6907af7be4
SHA1944acf25b6206d91f157548161850c87d670f3ca
SHA25645f176c7500b375f0019a493814078f383707f75b0e59e0a5d3378c131c63be9
SHA5125f2c7b23a31778f94222bac3d62b0c8532a56b7ace0629d8136b2ae4a316a5d7b8589ed459ae59cd59ba9ef49e114c283f78b51dfcdfc2f92af8ff1327708375
-
Filesize
72KB
MD55a5e018fc32e1e803d2fee7d837f662a
SHA1e44e8bd4629747d04192053f5598ad1494ad7c80
SHA256f880b279d7d74e0126f470467c038fc0ce86c381161ab84f24969f74de1b2027
SHA51223bc07c209d10b078e126baf8084df0adf97e8575c5e98667941766d9cce8e9e9341963dd24b8d9eb9c200e0664430f2fb859d2a57f4d143f3d7f3d8d2af284f
-
Filesize
72KB
MD55a5e018fc32e1e803d2fee7d837f662a
SHA1e44e8bd4629747d04192053f5598ad1494ad7c80
SHA256f880b279d7d74e0126f470467c038fc0ce86c381161ab84f24969f74de1b2027
SHA51223bc07c209d10b078e126baf8084df0adf97e8575c5e98667941766d9cce8e9e9341963dd24b8d9eb9c200e0664430f2fb859d2a57f4d143f3d7f3d8d2af284f
-
Filesize
72KB
MD5bd285db3414bc8934b05d7497d8d62e9
SHA131a1fa2b41f5010d9fa6ccb890938dab211c1579
SHA2565a6b54c21be51bf1e138f33dbd9e6b79d1204b1426b4004731071f831f7ee729
SHA512116dd3c5290a66a4dc034d712189aa74b52db370e23e13be65bf58f6135bb5f9b165934039b1d8bce984ea7933419c37e707d5ad462527ad606390539aafb79e
-
Filesize
72KB
MD5bd285db3414bc8934b05d7497d8d62e9
SHA131a1fa2b41f5010d9fa6ccb890938dab211c1579
SHA2565a6b54c21be51bf1e138f33dbd9e6b79d1204b1426b4004731071f831f7ee729
SHA512116dd3c5290a66a4dc034d712189aa74b52db370e23e13be65bf58f6135bb5f9b165934039b1d8bce984ea7933419c37e707d5ad462527ad606390539aafb79e
-
Filesize
72KB
MD5f8554fc24171005d3c200bedfd9df1ee
SHA158a37078546514c2026c179c29a303c5db5f6f34
SHA2561c1f033bc0219665f93b6760428ec505e6753cb2f27cf1e874cb18809ec6a02c
SHA512606e6b47f6cb00229bd171b11066ff73e059527d1da85bfe09aaa9bd25452dce7d88fa961540ba4f4d701575d41218429b412a8575a856afe841b40dc2068647
-
Filesize
72KB
MD5f8554fc24171005d3c200bedfd9df1ee
SHA158a37078546514c2026c179c29a303c5db5f6f34
SHA2561c1f033bc0219665f93b6760428ec505e6753cb2f27cf1e874cb18809ec6a02c
SHA512606e6b47f6cb00229bd171b11066ff73e059527d1da85bfe09aaa9bd25452dce7d88fa961540ba4f4d701575d41218429b412a8575a856afe841b40dc2068647
-
Filesize
72KB
MD57758a4bbfa9dcc76da077b8d3630c3bc
SHA177a165a422e8ed1de15729b886ed7efca17cdf47
SHA2561d3d60b177b6b4f3458aa2e084094ae233747334c8a80101cc71ba834884a9fa
SHA5122b59bc32b597316860e3d78ac423a032270429b67234294ec048d7c42bb4da0bb7aa7f078ac4fe2d5061093faac891eb4428209b6de9d6c8aa420c6a4f788810
-
Filesize
72KB
MD57758a4bbfa9dcc76da077b8d3630c3bc
SHA177a165a422e8ed1de15729b886ed7efca17cdf47
SHA2561d3d60b177b6b4f3458aa2e084094ae233747334c8a80101cc71ba834884a9fa
SHA5122b59bc32b597316860e3d78ac423a032270429b67234294ec048d7c42bb4da0bb7aa7f078ac4fe2d5061093faac891eb4428209b6de9d6c8aa420c6a4f788810
-
Filesize
72KB
MD55a5e018fc32e1e803d2fee7d837f662a
SHA1e44e8bd4629747d04192053f5598ad1494ad7c80
SHA256f880b279d7d74e0126f470467c038fc0ce86c381161ab84f24969f74de1b2027
SHA51223bc07c209d10b078e126baf8084df0adf97e8575c5e98667941766d9cce8e9e9341963dd24b8d9eb9c200e0664430f2fb859d2a57f4d143f3d7f3d8d2af284f
-
Filesize
72KB
MD55a5e018fc32e1e803d2fee7d837f662a
SHA1e44e8bd4629747d04192053f5598ad1494ad7c80
SHA256f880b279d7d74e0126f470467c038fc0ce86c381161ab84f24969f74de1b2027
SHA51223bc07c209d10b078e126baf8084df0adf97e8575c5e98667941766d9cce8e9e9341963dd24b8d9eb9c200e0664430f2fb859d2a57f4d143f3d7f3d8d2af284f
-
Filesize
72KB
MD5f8554fc24171005d3c200bedfd9df1ee
SHA158a37078546514c2026c179c29a303c5db5f6f34
SHA2561c1f033bc0219665f93b6760428ec505e6753cb2f27cf1e874cb18809ec6a02c
SHA512606e6b47f6cb00229bd171b11066ff73e059527d1da85bfe09aaa9bd25452dce7d88fa961540ba4f4d701575d41218429b412a8575a856afe841b40dc2068647
-
Filesize
72KB
MD5f8554fc24171005d3c200bedfd9df1ee
SHA158a37078546514c2026c179c29a303c5db5f6f34
SHA2561c1f033bc0219665f93b6760428ec505e6753cb2f27cf1e874cb18809ec6a02c
SHA512606e6b47f6cb00229bd171b11066ff73e059527d1da85bfe09aaa9bd25452dce7d88fa961540ba4f4d701575d41218429b412a8575a856afe841b40dc2068647
-
Filesize
72KB
MD56372847765e7c1a40e707aa7d7f8f664
SHA14d97f548eaf7281c9a05d401cc2e079e41c00a0d
SHA25661a7a28143fac4901399b80fca4dd04b286655d8143d2aa1c7c5754a03608106
SHA512a9f7c7401c92e57587a890c73bf72d33d867d80b10bbe11affdcc1797c5a20d0a4ab41d703d3463f74cb4e8312e097406b5d130df7b6c2225350714d64b1a7f6
-
Filesize
72KB
MD56372847765e7c1a40e707aa7d7f8f664
SHA14d97f548eaf7281c9a05d401cc2e079e41c00a0d
SHA25661a7a28143fac4901399b80fca4dd04b286655d8143d2aa1c7c5754a03608106
SHA512a9f7c7401c92e57587a890c73bf72d33d867d80b10bbe11affdcc1797c5a20d0a4ab41d703d3463f74cb4e8312e097406b5d130df7b6c2225350714d64b1a7f6
-
Filesize
72KB
MD5c2ee62a0edb0bd1c1c2bfd23ff1b6270
SHA1dc6a95c0e279b1fd7326ef642eca306566b9464a
SHA256c25ab7896e06e9f46a9fd2e25b86367c671cb55dbe43f58d884f3a19ffdc2c82
SHA512db5cbd7f293718625e36901e8914ff0d4f878f9863dcccb916530a2b4c05069ae5a4857f8e67217ee40eb4744782bb395f3ba28ae3a2bdec8f4702e0f39a45ee
-
Filesize
72KB
MD5c2ee62a0edb0bd1c1c2bfd23ff1b6270
SHA1dc6a95c0e279b1fd7326ef642eca306566b9464a
SHA256c25ab7896e06e9f46a9fd2e25b86367c671cb55dbe43f58d884f3a19ffdc2c82
SHA512db5cbd7f293718625e36901e8914ff0d4f878f9863dcccb916530a2b4c05069ae5a4857f8e67217ee40eb4744782bb395f3ba28ae3a2bdec8f4702e0f39a45ee