Analysis
-
max time kernel
65s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
07-11-2022 00:32
General
-
Target
c22661060594e0f2967626f51a93fc7e247b45f967b04603ecadd61a740e132a.exe
-
Size
72KB
-
MD5
0eda847d475bf48f5a484f67796c7739
-
SHA1
49d48359f4d07c95cec80338ff4d7e88da4a6eb4
-
SHA256
c22661060594e0f2967626f51a93fc7e247b45f967b04603ecadd61a740e132a
-
SHA512
f7d25584e5f9a06f42107a43984b481bc277bf459b0fcff0ebce3e81e6cfe70b59c9e0209406b8426375494e633a49cafb06754f3b490fd991debae6a1e1e6e9
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2T:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPH
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c22661060594e0f2967626f51a93fc7e247b45f967b04603ecadd61a740e132a.exe"C:\Users\Admin\AppData\Local\Temp\c22661060594e0f2967626f51a93fc7e247b45f967b04603ecadd61a740e132a.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3189228300\backup.exeC:\Users\Admin\AppData\Local\Temp\3189228300\backup.exe C:\Users\Admin\AppData\Local\Temp\3189228300\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\data.exe"C:\Program Files\Common Files\Microsoft Shared\VC\data.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\update.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\update.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Executes dropped EXE
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\System Restore.exe"C:\Program Files\Common Files\System\it-IT\System Restore.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
-
-
-
C:\Program Files\Internet Explorer\data.exe"C:\Program Files\Internet Explorer\data.exe" C:\Program Files\Internet Explorer\5⤵
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\update.exe"C:\Program Files\Internet Explorer\es-ES\update.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\update.exe"C:\Program Files\Mozilla Firefox\update.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\update.exe"C:\Program Files (x86)\Common Files\Adobe\update.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\System Restore.exe"C:\Users\Admin\Links\System Restore.exe" C:\Users\Admin\Links\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\update.exe"C:\Users\Admin\Saved Games\update.exe" C:\Users\Admin\Saved Games\6⤵
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
C:\Users\Public\Music\Sample Music\backup.exe"C:\Users\Public\Music\Sample Music\backup.exe" C:\Users\Public\Music\Sample Music\7⤵
-
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
C:\Users\Public\Pictures\Sample Pictures\backup.exe"C:\Users\Public\Pictures\Sample Pictures\backup.exe" C:\Users\Public\Pictures\Sample Pictures\7⤵
-
-
-
C:\Users\Public\Recorded TV\backup.exe"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\6⤵
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
-
-
-
C:\Windows\System Restore.exe"C:\Windows\System Restore.exe" C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- System policy modification
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
C:\Windows\AppPatch\AppPatch64\backup.exeC:\Windows\AppPatch\AppPatch64\backup.exe C:\Windows\AppPatch\AppPatch64\6⤵
-
-
C:\Windows\AppPatch\Custom\backup.exeC:\Windows\AppPatch\Custom\backup.exe C:\Windows\AppPatch\Custom\6⤵
-
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
-
C:\Windows\CSC\System Restore.exe"C:\Windows\CSC\System Restore.exe" C:\Windows\CSC\5⤵
-
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
-
C:\Windows\debug\backup.exeC:\Windows\debug\backup.exe C:\Windows\debug\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5680edfe56b3ef4b6ac17d697a835595d
SHA1471c0d43ee5167fc69171abb01669ed3a32c3314
SHA2565eb3068d043efe64b324101871fedc0d2c4706c4211f408904cb93e9b62f5bbf
SHA512c69d28e02e4d74ea6d5907d9903c520e6f8b4d188ba62473eb0df04e58a297bfed64e576ec61106b6f9b889c7fca262d3d4e1b24a396f8d6e48053c59bae4d79
-
Filesize
72KB
MD5a5b45d5a55f6b1e974836049a4de2d50
SHA18bdcd71cfdc95c84c941b18e6bded45ba21d515a
SHA2569ac8be3a7405b749bd457ab00d5529262ca4969fb6336f10c22f21b843da58b4
SHA51281eb8327258872e10265d92bfbeeaa5636a185349779024c7355e2979a55a186f4dc0803f4cfc8c7a668036fc3f02c56d16b53730257109ac5a3e2c082f9d021
-
Filesize
72KB
MD5a5b45d5a55f6b1e974836049a4de2d50
SHA18bdcd71cfdc95c84c941b18e6bded45ba21d515a
SHA2569ac8be3a7405b749bd457ab00d5529262ca4969fb6336f10c22f21b843da58b4
SHA51281eb8327258872e10265d92bfbeeaa5636a185349779024c7355e2979a55a186f4dc0803f4cfc8c7a668036fc3f02c56d16b53730257109ac5a3e2c082f9d021
-
Filesize
72KB
MD56962cbe5a3fc3ec46b98caa15bea7237
SHA13ca987f69c56cf71353d602b3290acd1f072e5f4
SHA2562711233427f4da2dc079bf15051745ed354216c856b50977062835ff511f6c60
SHA51260a36fda87b02e38330cf4a7e8a0b1c392f71d3a08ba52ea9f0bd04273bf2541d383f23fa11eae4050a18910097d4f9be3618c9eec1ec196715e4f0a8ad490b7
-
Filesize
72KB
MD5970dcdd21817ff3a7fde3ab700b5e71b
SHA1f39d4607995603742bd65d6cc1ef899a5a20f719
SHA256612a9476b8e90f05db7ebbca4b0610f8f1bcac41579d2dcd3968ef8565e9d2bb
SHA512bbc5dea747951975e4657e05d605022e89f741b3e38ab46ce0ebe87f27aa6d36a4ffe3921efa8d15dfd695c4e79c937a886a5b612bd343573fa8ba6da64b37a9
-
Filesize
72KB
MD5970dcdd21817ff3a7fde3ab700b5e71b
SHA1f39d4607995603742bd65d6cc1ef899a5a20f719
SHA256612a9476b8e90f05db7ebbca4b0610f8f1bcac41579d2dcd3968ef8565e9d2bb
SHA512bbc5dea747951975e4657e05d605022e89f741b3e38ab46ce0ebe87f27aa6d36a4ffe3921efa8d15dfd695c4e79c937a886a5b612bd343573fa8ba6da64b37a9
-
Filesize
72KB
MD54a96d0dd0e927dd36119e3e5df7e326c
SHA121b426c2b782c020ed1f9cc2912a770437f06196
SHA256e4e2b7601a279a8da83efc77d2e34a8dc5d4feea32914130579b5ba8483c854c
SHA512c4f7102007ca740835797f497d21ac63c3ad5dceecc960796c532f786bd7ca6ef01af278cb356ff6d54a36cbc5f49c7cb2e0386c384656c927cc9694a948721f
-
Filesize
72KB
MD5908f83049984adc79db2e654f9ef11c6
SHA11467baf22139a996c5f33bde1af22b51ffcd5309
SHA256f5dada9ab23c5b4445404d8ef0a4c048fa17ed1d90f16a9d72ddd9d8fc39bacd
SHA5125e6739113ad86dbc0c0e0425346fd482a2d1ea0720724e34d05e7f243ec8b24ec8becbb56c218f230f2cdfdcae40d9510a18e07dbd8884debfcf6361cfb578d7
-
Filesize
72KB
MD5908f83049984adc79db2e654f9ef11c6
SHA11467baf22139a996c5f33bde1af22b51ffcd5309
SHA256f5dada9ab23c5b4445404d8ef0a4c048fa17ed1d90f16a9d72ddd9d8fc39bacd
SHA5125e6739113ad86dbc0c0e0425346fd482a2d1ea0720724e34d05e7f243ec8b24ec8becbb56c218f230f2cdfdcae40d9510a18e07dbd8884debfcf6361cfb578d7
-
Filesize
72KB
MD5baf660917e0df23e2fdc87d8cdb55426
SHA1e7cae326dcfe6c9990b7f8dfb7a5d9a8f03a003a
SHA256c9cc8cb114c53b57cf9d1be184677592e7175720a2eab5a80a8a7ce4c29b37d2
SHA512786bbee18399450e6b022d2628b44882ffff8ad4e630d325d8fdb29446d378774343be124f49da62ee692423401351a74a7ec32113946aa354614e27dcee1808
-
Filesize
72KB
MD54a96d0dd0e927dd36119e3e5df7e326c
SHA121b426c2b782c020ed1f9cc2912a770437f06196
SHA256e4e2b7601a279a8da83efc77d2e34a8dc5d4feea32914130579b5ba8483c854c
SHA512c4f7102007ca740835797f497d21ac63c3ad5dceecc960796c532f786bd7ca6ef01af278cb356ff6d54a36cbc5f49c7cb2e0386c384656c927cc9694a948721f
-
Filesize
72KB
MD54a96d0dd0e927dd36119e3e5df7e326c
SHA121b426c2b782c020ed1f9cc2912a770437f06196
SHA256e4e2b7601a279a8da83efc77d2e34a8dc5d4feea32914130579b5ba8483c854c
SHA512c4f7102007ca740835797f497d21ac63c3ad5dceecc960796c532f786bd7ca6ef01af278cb356ff6d54a36cbc5f49c7cb2e0386c384656c927cc9694a948721f
-
Filesize
72KB
MD53437f92f06014ef3d0c1323cc9f86cc0
SHA1c0ab70dab3f78bdf6bd4a2509506704fa36e74c0
SHA25664854ce4512749fcaa2b181f25ee7910408313ae24494f98f55dafc0cc27e645
SHA5128e80b989105df27290ae18109a8719532afcd10d8d53b87bacec2109147aa6eb6fb02e8f9c719754d836be3fc3991f56c0c84debd2fa74435066645b77b2b3b5
-
Filesize
72KB
MD5c3b5395a85e926d692c6b3258c529fc4
SHA15319df025b10729f55c83b04a9d86242e8af0849
SHA256b8ed6d8026cc820fcc162ae7b19a3721467bc6e86a60a02f4f9f845099bdea3d
SHA512f32b27d4f2c828fcb215984a981cbf07d4669db760919c3d9067f9d59ef15c5dd55024622cb9344c7fbf23c4e8f6ac7dea7a7c0d76fd03dab010d4f2d8645f33
-
Filesize
72KB
MD5c3b5395a85e926d692c6b3258c529fc4
SHA15319df025b10729f55c83b04a9d86242e8af0849
SHA256b8ed6d8026cc820fcc162ae7b19a3721467bc6e86a60a02f4f9f845099bdea3d
SHA512f32b27d4f2c828fcb215984a981cbf07d4669db760919c3d9067f9d59ef15c5dd55024622cb9344c7fbf23c4e8f6ac7dea7a7c0d76fd03dab010d4f2d8645f33
-
Filesize
72KB
MD5474d07896d0530387b347fd25427f759
SHA180f4f9608549c75efb42aa1bcb9020c5abcd7e2e
SHA256414ec27e4998844345fcfbe1dbb9fac1e26dfd6adc1960b1f3aa6a966a0e7074
SHA51253926ad4e4e85e5f3b9a37bf0389f87fb2dae03c7195c98f42ce4ca5173b565e2b86e90425ccfe2e864748d22df3013e904ea41e654eebce380362194c19db49
-
Filesize
72KB
MD5474d07896d0530387b347fd25427f759
SHA180f4f9608549c75efb42aa1bcb9020c5abcd7e2e
SHA256414ec27e4998844345fcfbe1dbb9fac1e26dfd6adc1960b1f3aa6a966a0e7074
SHA51253926ad4e4e85e5f3b9a37bf0389f87fb2dae03c7195c98f42ce4ca5173b565e2b86e90425ccfe2e864748d22df3013e904ea41e654eebce380362194c19db49
-
Filesize
72KB
MD5c0a77cf568d0df69c5d3a43fae0fb12b
SHA148ff095af598566a2f3df5c5a35950ca7fcaf303
SHA2565ec833b78044e96a42641d414fa2de403992a138c5a6342a2e94c2a4e109ecc2
SHA51226e83f8a27bf47f184414243af8fd15d4550aa52a7f50302d8f464f986081b4651c2baa11c0a8239289ed4a6998f439dcf6f88349c5f38e37f6f46a9d2ecd86d
-
Filesize
72KB
MD5c0a77cf568d0df69c5d3a43fae0fb12b
SHA148ff095af598566a2f3df5c5a35950ca7fcaf303
SHA2565ec833b78044e96a42641d414fa2de403992a138c5a6342a2e94c2a4e109ecc2
SHA51226e83f8a27bf47f184414243af8fd15d4550aa52a7f50302d8f464f986081b4651c2baa11c0a8239289ed4a6998f439dcf6f88349c5f38e37f6f46a9d2ecd86d
-
Filesize
72KB
MD517a31623be2de9a1d0cf65ea2fdc41a9
SHA168f3dc0de34020a0db91b60fef79a83d6b857ddd
SHA2569d0374187993b8337e9de28dc810de6ca86d1175477c7f0b6d34ed6afe982bf7
SHA5121743d2ac754977e8fc19dc200ff0bfe4a9e306109e0f368fe119c78994b647bd7a9eb54c169b3c8c4bb8dbd7028e8aa2b2e8330846879d1b28d20ba61de244e0
-
Filesize
72KB
MD517a31623be2de9a1d0cf65ea2fdc41a9
SHA168f3dc0de34020a0db91b60fef79a83d6b857ddd
SHA2569d0374187993b8337e9de28dc810de6ca86d1175477c7f0b6d34ed6afe982bf7
SHA5121743d2ac754977e8fc19dc200ff0bfe4a9e306109e0f368fe119c78994b647bd7a9eb54c169b3c8c4bb8dbd7028e8aa2b2e8330846879d1b28d20ba61de244e0
-
Filesize
72KB
MD538e9b9f5dada9b8107fbdf705000d716
SHA10ac7733c06f97b2af32eeeedfb3b2233f6af3f30
SHA256a0a7073413079d568189d81e9ad9d83b377a3dc58ad7de213a83bad7060c1482
SHA512082a1776b8ee648b2009ef4b7f16f1514c5e6c551bf72ea10bc648e31d0f3bcafb6504052fb393c9c224810d29243f51260471b2b960b092453aaca97257aee6
-
Filesize
72KB
MD538e9b9f5dada9b8107fbdf705000d716
SHA10ac7733c06f97b2af32eeeedfb3b2233f6af3f30
SHA256a0a7073413079d568189d81e9ad9d83b377a3dc58ad7de213a83bad7060c1482
SHA512082a1776b8ee648b2009ef4b7f16f1514c5e6c551bf72ea10bc648e31d0f3bcafb6504052fb393c9c224810d29243f51260471b2b960b092453aaca97257aee6
-
Filesize
72KB
MD5e6d90d1ccf6a513a6510b7173c5e90bb
SHA13ce7c4f28baf375c78abecdf18f8bc5edea6cdab
SHA2562d9621a62afd1a7826e7198f7279c60c57770c5d4c62b482c5197967ea6681f4
SHA51293d9e6ba661bb33b81371114abb2a27a75048c66f828e8b891a7d4fcac717ed46d6aab5073136200b5ad2b5daa6b2640b434abe6729b162f404c386805558612
-
Filesize
72KB
MD538e9b9f5dada9b8107fbdf705000d716
SHA10ac7733c06f97b2af32eeeedfb3b2233f6af3f30
SHA256a0a7073413079d568189d81e9ad9d83b377a3dc58ad7de213a83bad7060c1482
SHA512082a1776b8ee648b2009ef4b7f16f1514c5e6c551bf72ea10bc648e31d0f3bcafb6504052fb393c9c224810d29243f51260471b2b960b092453aaca97257aee6
-
Filesize
72KB
MD5dc1d051bc898e30c3a3673e6a4409fd9
SHA1809a01ba7b91db641bf8f14b0be79beeee0b4231
SHA256e870892b51ebf51531fc60484e9e4e03631301cd372e54ff38fd26e6d59c1b12
SHA512e6dbedbf63918f329fff9483ff0d947ae17d2842fdef5213b4da9b52bfb157d214946bb791694d49834655eac50fb7f4fa4a3d93cf491833a02d53f0c10e2f20
-
Filesize
72KB
MD5dc1d051bc898e30c3a3673e6a4409fd9
SHA1809a01ba7b91db641bf8f14b0be79beeee0b4231
SHA256e870892b51ebf51531fc60484e9e4e03631301cd372e54ff38fd26e6d59c1b12
SHA512e6dbedbf63918f329fff9483ff0d947ae17d2842fdef5213b4da9b52bfb157d214946bb791694d49834655eac50fb7f4fa4a3d93cf491833a02d53f0c10e2f20
-
Filesize
72KB
MD5680edfe56b3ef4b6ac17d697a835595d
SHA1471c0d43ee5167fc69171abb01669ed3a32c3314
SHA2565eb3068d043efe64b324101871fedc0d2c4706c4211f408904cb93e9b62f5bbf
SHA512c69d28e02e4d74ea6d5907d9903c520e6f8b4d188ba62473eb0df04e58a297bfed64e576ec61106b6f9b889c7fca262d3d4e1b24a396f8d6e48053c59bae4d79
-
Filesize
72KB
MD5680edfe56b3ef4b6ac17d697a835595d
SHA1471c0d43ee5167fc69171abb01669ed3a32c3314
SHA2565eb3068d043efe64b324101871fedc0d2c4706c4211f408904cb93e9b62f5bbf
SHA512c69d28e02e4d74ea6d5907d9903c520e6f8b4d188ba62473eb0df04e58a297bfed64e576ec61106b6f9b889c7fca262d3d4e1b24a396f8d6e48053c59bae4d79
-
Filesize
72KB
MD5a5b45d5a55f6b1e974836049a4de2d50
SHA18bdcd71cfdc95c84c941b18e6bded45ba21d515a
SHA2569ac8be3a7405b749bd457ab00d5529262ca4969fb6336f10c22f21b843da58b4
SHA51281eb8327258872e10265d92bfbeeaa5636a185349779024c7355e2979a55a186f4dc0803f4cfc8c7a668036fc3f02c56d16b53730257109ac5a3e2c082f9d021
-
Filesize
72KB
MD5a5b45d5a55f6b1e974836049a4de2d50
SHA18bdcd71cfdc95c84c941b18e6bded45ba21d515a
SHA2569ac8be3a7405b749bd457ab00d5529262ca4969fb6336f10c22f21b843da58b4
SHA51281eb8327258872e10265d92bfbeeaa5636a185349779024c7355e2979a55a186f4dc0803f4cfc8c7a668036fc3f02c56d16b53730257109ac5a3e2c082f9d021
-
Filesize
72KB
MD56962cbe5a3fc3ec46b98caa15bea7237
SHA13ca987f69c56cf71353d602b3290acd1f072e5f4
SHA2562711233427f4da2dc079bf15051745ed354216c856b50977062835ff511f6c60
SHA51260a36fda87b02e38330cf4a7e8a0b1c392f71d3a08ba52ea9f0bd04273bf2541d383f23fa11eae4050a18910097d4f9be3618c9eec1ec196715e4f0a8ad490b7
-
Filesize
72KB
MD56962cbe5a3fc3ec46b98caa15bea7237
SHA13ca987f69c56cf71353d602b3290acd1f072e5f4
SHA2562711233427f4da2dc079bf15051745ed354216c856b50977062835ff511f6c60
SHA51260a36fda87b02e38330cf4a7e8a0b1c392f71d3a08ba52ea9f0bd04273bf2541d383f23fa11eae4050a18910097d4f9be3618c9eec1ec196715e4f0a8ad490b7
-
Filesize
72KB
MD5970dcdd21817ff3a7fde3ab700b5e71b
SHA1f39d4607995603742bd65d6cc1ef899a5a20f719
SHA256612a9476b8e90f05db7ebbca4b0610f8f1bcac41579d2dcd3968ef8565e9d2bb
SHA512bbc5dea747951975e4657e05d605022e89f741b3e38ab46ce0ebe87f27aa6d36a4ffe3921efa8d15dfd695c4e79c937a886a5b612bd343573fa8ba6da64b37a9
-
Filesize
72KB
MD5970dcdd21817ff3a7fde3ab700b5e71b
SHA1f39d4607995603742bd65d6cc1ef899a5a20f719
SHA256612a9476b8e90f05db7ebbca4b0610f8f1bcac41579d2dcd3968ef8565e9d2bb
SHA512bbc5dea747951975e4657e05d605022e89f741b3e38ab46ce0ebe87f27aa6d36a4ffe3921efa8d15dfd695c4e79c937a886a5b612bd343573fa8ba6da64b37a9
-
Filesize
72KB
MD54a96d0dd0e927dd36119e3e5df7e326c
SHA121b426c2b782c020ed1f9cc2912a770437f06196
SHA256e4e2b7601a279a8da83efc77d2e34a8dc5d4feea32914130579b5ba8483c854c
SHA512c4f7102007ca740835797f497d21ac63c3ad5dceecc960796c532f786bd7ca6ef01af278cb356ff6d54a36cbc5f49c7cb2e0386c384656c927cc9694a948721f
-
Filesize
72KB
MD54a96d0dd0e927dd36119e3e5df7e326c
SHA121b426c2b782c020ed1f9cc2912a770437f06196
SHA256e4e2b7601a279a8da83efc77d2e34a8dc5d4feea32914130579b5ba8483c854c
SHA512c4f7102007ca740835797f497d21ac63c3ad5dceecc960796c532f786bd7ca6ef01af278cb356ff6d54a36cbc5f49c7cb2e0386c384656c927cc9694a948721f
-
Filesize
72KB
MD5908f83049984adc79db2e654f9ef11c6
SHA11467baf22139a996c5f33bde1af22b51ffcd5309
SHA256f5dada9ab23c5b4445404d8ef0a4c048fa17ed1d90f16a9d72ddd9d8fc39bacd
SHA5125e6739113ad86dbc0c0e0425346fd482a2d1ea0720724e34d05e7f243ec8b24ec8becbb56c218f230f2cdfdcae40d9510a18e07dbd8884debfcf6361cfb578d7
-
Filesize
72KB
MD5908f83049984adc79db2e654f9ef11c6
SHA11467baf22139a996c5f33bde1af22b51ffcd5309
SHA256f5dada9ab23c5b4445404d8ef0a4c048fa17ed1d90f16a9d72ddd9d8fc39bacd
SHA5125e6739113ad86dbc0c0e0425346fd482a2d1ea0720724e34d05e7f243ec8b24ec8becbb56c218f230f2cdfdcae40d9510a18e07dbd8884debfcf6361cfb578d7
-
Filesize
72KB
MD5baf660917e0df23e2fdc87d8cdb55426
SHA1e7cae326dcfe6c9990b7f8dfb7a5d9a8f03a003a
SHA256c9cc8cb114c53b57cf9d1be184677592e7175720a2eab5a80a8a7ce4c29b37d2
SHA512786bbee18399450e6b022d2628b44882ffff8ad4e630d325d8fdb29446d378774343be124f49da62ee692423401351a74a7ec32113946aa354614e27dcee1808
-
Filesize
72KB
MD5baf660917e0df23e2fdc87d8cdb55426
SHA1e7cae326dcfe6c9990b7f8dfb7a5d9a8f03a003a
SHA256c9cc8cb114c53b57cf9d1be184677592e7175720a2eab5a80a8a7ce4c29b37d2
SHA512786bbee18399450e6b022d2628b44882ffff8ad4e630d325d8fdb29446d378774343be124f49da62ee692423401351a74a7ec32113946aa354614e27dcee1808
-
Filesize
72KB
MD54a96d0dd0e927dd36119e3e5df7e326c
SHA121b426c2b782c020ed1f9cc2912a770437f06196
SHA256e4e2b7601a279a8da83efc77d2e34a8dc5d4feea32914130579b5ba8483c854c
SHA512c4f7102007ca740835797f497d21ac63c3ad5dceecc960796c532f786bd7ca6ef01af278cb356ff6d54a36cbc5f49c7cb2e0386c384656c927cc9694a948721f
-
Filesize
72KB
MD54a96d0dd0e927dd36119e3e5df7e326c
SHA121b426c2b782c020ed1f9cc2912a770437f06196
SHA256e4e2b7601a279a8da83efc77d2e34a8dc5d4feea32914130579b5ba8483c854c
SHA512c4f7102007ca740835797f497d21ac63c3ad5dceecc960796c532f786bd7ca6ef01af278cb356ff6d54a36cbc5f49c7cb2e0386c384656c927cc9694a948721f
-
Filesize
72KB
MD53437f92f06014ef3d0c1323cc9f86cc0
SHA1c0ab70dab3f78bdf6bd4a2509506704fa36e74c0
SHA25664854ce4512749fcaa2b181f25ee7910408313ae24494f98f55dafc0cc27e645
SHA5128e80b989105df27290ae18109a8719532afcd10d8d53b87bacec2109147aa6eb6fb02e8f9c719754d836be3fc3991f56c0c84debd2fa74435066645b77b2b3b5
-
Filesize
72KB
MD53437f92f06014ef3d0c1323cc9f86cc0
SHA1c0ab70dab3f78bdf6bd4a2509506704fa36e74c0
SHA25664854ce4512749fcaa2b181f25ee7910408313ae24494f98f55dafc0cc27e645
SHA5128e80b989105df27290ae18109a8719532afcd10d8d53b87bacec2109147aa6eb6fb02e8f9c719754d836be3fc3991f56c0c84debd2fa74435066645b77b2b3b5
-
Filesize
72KB
MD53437f92f06014ef3d0c1323cc9f86cc0
SHA1c0ab70dab3f78bdf6bd4a2509506704fa36e74c0
SHA25664854ce4512749fcaa2b181f25ee7910408313ae24494f98f55dafc0cc27e645
SHA5128e80b989105df27290ae18109a8719532afcd10d8d53b87bacec2109147aa6eb6fb02e8f9c719754d836be3fc3991f56c0c84debd2fa74435066645b77b2b3b5
-
Filesize
72KB
MD5c3b5395a85e926d692c6b3258c529fc4
SHA15319df025b10729f55c83b04a9d86242e8af0849
SHA256b8ed6d8026cc820fcc162ae7b19a3721467bc6e86a60a02f4f9f845099bdea3d
SHA512f32b27d4f2c828fcb215984a981cbf07d4669db760919c3d9067f9d59ef15c5dd55024622cb9344c7fbf23c4e8f6ac7dea7a7c0d76fd03dab010d4f2d8645f33
-
Filesize
72KB
MD5c3b5395a85e926d692c6b3258c529fc4
SHA15319df025b10729f55c83b04a9d86242e8af0849
SHA256b8ed6d8026cc820fcc162ae7b19a3721467bc6e86a60a02f4f9f845099bdea3d
SHA512f32b27d4f2c828fcb215984a981cbf07d4669db760919c3d9067f9d59ef15c5dd55024622cb9344c7fbf23c4e8f6ac7dea7a7c0d76fd03dab010d4f2d8645f33
-
Filesize
72KB
MD5474d07896d0530387b347fd25427f759
SHA180f4f9608549c75efb42aa1bcb9020c5abcd7e2e
SHA256414ec27e4998844345fcfbe1dbb9fac1e26dfd6adc1960b1f3aa6a966a0e7074
SHA51253926ad4e4e85e5f3b9a37bf0389f87fb2dae03c7195c98f42ce4ca5173b565e2b86e90425ccfe2e864748d22df3013e904ea41e654eebce380362194c19db49
-
Filesize
72KB
MD5474d07896d0530387b347fd25427f759
SHA180f4f9608549c75efb42aa1bcb9020c5abcd7e2e
SHA256414ec27e4998844345fcfbe1dbb9fac1e26dfd6adc1960b1f3aa6a966a0e7074
SHA51253926ad4e4e85e5f3b9a37bf0389f87fb2dae03c7195c98f42ce4ca5173b565e2b86e90425ccfe2e864748d22df3013e904ea41e654eebce380362194c19db49
-
Filesize
72KB
MD5c0a77cf568d0df69c5d3a43fae0fb12b
SHA148ff095af598566a2f3df5c5a35950ca7fcaf303
SHA2565ec833b78044e96a42641d414fa2de403992a138c5a6342a2e94c2a4e109ecc2
SHA51226e83f8a27bf47f184414243af8fd15d4550aa52a7f50302d8f464f986081b4651c2baa11c0a8239289ed4a6998f439dcf6f88349c5f38e37f6f46a9d2ecd86d
-
Filesize
72KB
MD5c0a77cf568d0df69c5d3a43fae0fb12b
SHA148ff095af598566a2f3df5c5a35950ca7fcaf303
SHA2565ec833b78044e96a42641d414fa2de403992a138c5a6342a2e94c2a4e109ecc2
SHA51226e83f8a27bf47f184414243af8fd15d4550aa52a7f50302d8f464f986081b4651c2baa11c0a8239289ed4a6998f439dcf6f88349c5f38e37f6f46a9d2ecd86d
-
Filesize
72KB
MD517a31623be2de9a1d0cf65ea2fdc41a9
SHA168f3dc0de34020a0db91b60fef79a83d6b857ddd
SHA2569d0374187993b8337e9de28dc810de6ca86d1175477c7f0b6d34ed6afe982bf7
SHA5121743d2ac754977e8fc19dc200ff0bfe4a9e306109e0f368fe119c78994b647bd7a9eb54c169b3c8c4bb8dbd7028e8aa2b2e8330846879d1b28d20ba61de244e0
-
Filesize
72KB
MD517a31623be2de9a1d0cf65ea2fdc41a9
SHA168f3dc0de34020a0db91b60fef79a83d6b857ddd
SHA2569d0374187993b8337e9de28dc810de6ca86d1175477c7f0b6d34ed6afe982bf7
SHA5121743d2ac754977e8fc19dc200ff0bfe4a9e306109e0f368fe119c78994b647bd7a9eb54c169b3c8c4bb8dbd7028e8aa2b2e8330846879d1b28d20ba61de244e0
-
Filesize
72KB
MD517a31623be2de9a1d0cf65ea2fdc41a9
SHA168f3dc0de34020a0db91b60fef79a83d6b857ddd
SHA2569d0374187993b8337e9de28dc810de6ca86d1175477c7f0b6d34ed6afe982bf7
SHA5121743d2ac754977e8fc19dc200ff0bfe4a9e306109e0f368fe119c78994b647bd7a9eb54c169b3c8c4bb8dbd7028e8aa2b2e8330846879d1b28d20ba61de244e0
-
Filesize
72KB
MD517a31623be2de9a1d0cf65ea2fdc41a9
SHA168f3dc0de34020a0db91b60fef79a83d6b857ddd
SHA2569d0374187993b8337e9de28dc810de6ca86d1175477c7f0b6d34ed6afe982bf7
SHA5121743d2ac754977e8fc19dc200ff0bfe4a9e306109e0f368fe119c78994b647bd7a9eb54c169b3c8c4bb8dbd7028e8aa2b2e8330846879d1b28d20ba61de244e0
-
Filesize
72KB
MD538e9b9f5dada9b8107fbdf705000d716
SHA10ac7733c06f97b2af32eeeedfb3b2233f6af3f30
SHA256a0a7073413079d568189d81e9ad9d83b377a3dc58ad7de213a83bad7060c1482
SHA512082a1776b8ee648b2009ef4b7f16f1514c5e6c551bf72ea10bc648e31d0f3bcafb6504052fb393c9c224810d29243f51260471b2b960b092453aaca97257aee6
-
Filesize
72KB
MD538e9b9f5dada9b8107fbdf705000d716
SHA10ac7733c06f97b2af32eeeedfb3b2233f6af3f30
SHA256a0a7073413079d568189d81e9ad9d83b377a3dc58ad7de213a83bad7060c1482
SHA512082a1776b8ee648b2009ef4b7f16f1514c5e6c551bf72ea10bc648e31d0f3bcafb6504052fb393c9c224810d29243f51260471b2b960b092453aaca97257aee6
-
Filesize
72KB
MD538e9b9f5dada9b8107fbdf705000d716
SHA10ac7733c06f97b2af32eeeedfb3b2233f6af3f30
SHA256a0a7073413079d568189d81e9ad9d83b377a3dc58ad7de213a83bad7060c1482
SHA512082a1776b8ee648b2009ef4b7f16f1514c5e6c551bf72ea10bc648e31d0f3bcafb6504052fb393c9c224810d29243f51260471b2b960b092453aaca97257aee6
-
Filesize
72KB
MD538e9b9f5dada9b8107fbdf705000d716
SHA10ac7733c06f97b2af32eeeedfb3b2233f6af3f30
SHA256a0a7073413079d568189d81e9ad9d83b377a3dc58ad7de213a83bad7060c1482
SHA512082a1776b8ee648b2009ef4b7f16f1514c5e6c551bf72ea10bc648e31d0f3bcafb6504052fb393c9c224810d29243f51260471b2b960b092453aaca97257aee6
-
Filesize
72KB
MD5e6d90d1ccf6a513a6510b7173c5e90bb
SHA13ce7c4f28baf375c78abecdf18f8bc5edea6cdab
SHA2562d9621a62afd1a7826e7198f7279c60c57770c5d4c62b482c5197967ea6681f4
SHA51293d9e6ba661bb33b81371114abb2a27a75048c66f828e8b891a7d4fcac717ed46d6aab5073136200b5ad2b5daa6b2640b434abe6729b162f404c386805558612
-
Filesize
72KB
MD5e6d90d1ccf6a513a6510b7173c5e90bb
SHA13ce7c4f28baf375c78abecdf18f8bc5edea6cdab
SHA2562d9621a62afd1a7826e7198f7279c60c57770c5d4c62b482c5197967ea6681f4
SHA51293d9e6ba661bb33b81371114abb2a27a75048c66f828e8b891a7d4fcac717ed46d6aab5073136200b5ad2b5daa6b2640b434abe6729b162f404c386805558612
-
Filesize
72KB
MD538e9b9f5dada9b8107fbdf705000d716
SHA10ac7733c06f97b2af32eeeedfb3b2233f6af3f30
SHA256a0a7073413079d568189d81e9ad9d83b377a3dc58ad7de213a83bad7060c1482
SHA512082a1776b8ee648b2009ef4b7f16f1514c5e6c551bf72ea10bc648e31d0f3bcafb6504052fb393c9c224810d29243f51260471b2b960b092453aaca97257aee6
-
Filesize
72KB
MD538e9b9f5dada9b8107fbdf705000d716
SHA10ac7733c06f97b2af32eeeedfb3b2233f6af3f30
SHA256a0a7073413079d568189d81e9ad9d83b377a3dc58ad7de213a83bad7060c1482
SHA512082a1776b8ee648b2009ef4b7f16f1514c5e6c551bf72ea10bc648e31d0f3bcafb6504052fb393c9c224810d29243f51260471b2b960b092453aaca97257aee6
-
Filesize
8KB
-
Filesize
8KB