Analysis
-
max time kernel
187s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
07-11-2022 17:55
General
-
Target
0b310c96de76b3cd0e3066d2c7c7fd27873c1070b56495b3d2e340052ec71919.exe
-
Size
72KB
-
MD5
0f695346e173bb9719d3d8c90aa6d57e
-
SHA1
5c463f44161cdfd74300fca564dbe4d0e90a75cd
-
SHA256
0b310c96de76b3cd0e3066d2c7c7fd27873c1070b56495b3d2e340052ec71919
-
SHA512
e163871749680696599c6701e2e9d9caa2fa61d1a7def52b718acb27d26f99efb1f79e62bab7dd8c220a2652703e2d5c17d9878a8717195999de8b39e3897aa5
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf21:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrp
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b310c96de76b3cd0e3066d2c7c7fd27873c1070b56495b3d2e340052ec71919.exe"C:\Users\Admin\AppData\Local\Temp\0b310c96de76b3cd0e3066d2c7c7fd27873c1070b56495b3d2e340052ec71919.exe"1⤵
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\3151349839\backup.exeC:\Users\Admin\AppData\Local\Temp\3151349839\backup.exe C:\Users\Admin\AppData\Local\Temp\3151349839\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\data.exe\data.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\data.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\data.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\es-ES\System Restore.exe"C:\Program Files\Common Files\System\ado\es-ES\System Restore.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\System\de-DE\data.exe"C:\Program Files\Common Files\System\de-DE\data.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\System Restore.exe"C:\Program Files\DVD Maker\it-IT\System Restore.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Drops file in Program Files directory
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
-
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- System policy modification
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\update.exe"C:\Program Files\Java\jdk1.7.0_80\update.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
-
-
C:\Program Files\Java\jre7\backup.exe"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\6⤵
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\update.exe"C:\Program Files (x86)\Adobe\update.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\10⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\9⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\update.exe"C:\Program Files (x86)\Common Files\Adobe\update.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\10⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\data.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\data.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
-
C:\Users\update.exeC:\Users\update.exe C:\Users\4⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD548a57932f9348ca48810b06b89f0ac76
SHA19977a59ed1173bc72c2b862f1e5030a143a1627d
SHA2567dc69275864678c7bd565c5db9047e7afbe5bd384907f21ff7dc2347cd754277
SHA51278bbc0a97befcde1d746bc6e471debbb1dd5337696b7a544fae80c3428c829ea648f058240e63de1116a81f74b687bac24ec2a5fbb0ef3718c7ca01bc41bf3b6
-
Filesize
72KB
MD5bd613395c1f534d1dc6be8fd45eb9919
SHA1ad06d0c8a307a709675fce10856de980a01b5e71
SHA2562286bb5cc73322c09f61662b769fbf85da69db3c258c59b2acd4730103e33907
SHA5127d137ddf422a8313d46cc4287a514c36883318a807649e2e2d2ad8c74ba8c5351d045d8912b57a76c5afafc632e6199983831a98a8c29457f64396b78045963b
-
Filesize
72KB
MD5bd613395c1f534d1dc6be8fd45eb9919
SHA1ad06d0c8a307a709675fce10856de980a01b5e71
SHA2562286bb5cc73322c09f61662b769fbf85da69db3c258c59b2acd4730103e33907
SHA5127d137ddf422a8313d46cc4287a514c36883318a807649e2e2d2ad8c74ba8c5351d045d8912b57a76c5afafc632e6199983831a98a8c29457f64396b78045963b
-
Filesize
72KB
MD552d29c6a5dd970413bc12cf9a2be84c7
SHA1eb9a36e13709299fd99967f43eb73b0df971d595
SHA256142a28b0b3cc7857947c304b262f9ad35ea19ed81713858d1104db7c6c863f7e
SHA512e6a0e70c06ca486714b33203f872f9dec4033280aabdb5769196837918c9895cd50ca882abd49b5fc6eaffaf90e8d4a7eb6d613a9b8528b882e04131e23cd743
-
Filesize
72KB
MD594ea14ff88e0c2fcdf280740ba3f41bc
SHA149e72e00c13dcdd4cd856ca11a7ee12f4acd4683
SHA25692866e787dcac30a3226e167e994dc1b76eb33ae6fcdb9dd1bbec591d2a6693d
SHA512b5fe7a0f78528b88ff560364209d8a25745a9cb4a8b36ac29aab6457d8ba9f6bbfc9730dd1d328d6c3740e00af37ca167454366c58326e64b6026e6bd1172056
-
Filesize
72KB
MD594ea14ff88e0c2fcdf280740ba3f41bc
SHA149e72e00c13dcdd4cd856ca11a7ee12f4acd4683
SHA25692866e787dcac30a3226e167e994dc1b76eb33ae6fcdb9dd1bbec591d2a6693d
SHA512b5fe7a0f78528b88ff560364209d8a25745a9cb4a8b36ac29aab6457d8ba9f6bbfc9730dd1d328d6c3740e00af37ca167454366c58326e64b6026e6bd1172056
-
Filesize
72KB
MD58ac472133a283d4359161a5deef140b4
SHA1307fee973d4af6e7dcc9a5e879ca8524fbb14dbe
SHA256e19b5b7f72860a3ba524bdba90676bd7381c2023bec28799e7583a79fcb62653
SHA5125e1df3d355622225555fb81f77ff3216f446b45bf5d43d28376ffc26be918a28501adefa93ef3ca30db7951bc9d57c4743f561ace890089ea62b36f19c559bbf
-
Filesize
72KB
MD552d29c6a5dd970413bc12cf9a2be84c7
SHA1eb9a36e13709299fd99967f43eb73b0df971d595
SHA256142a28b0b3cc7857947c304b262f9ad35ea19ed81713858d1104db7c6c863f7e
SHA512e6a0e70c06ca486714b33203f872f9dec4033280aabdb5769196837918c9895cd50ca882abd49b5fc6eaffaf90e8d4a7eb6d613a9b8528b882e04131e23cd743
-
Filesize
72KB
MD552d29c6a5dd970413bc12cf9a2be84c7
SHA1eb9a36e13709299fd99967f43eb73b0df971d595
SHA256142a28b0b3cc7857947c304b262f9ad35ea19ed81713858d1104db7c6c863f7e
SHA512e6a0e70c06ca486714b33203f872f9dec4033280aabdb5769196837918c9895cd50ca882abd49b5fc6eaffaf90e8d4a7eb6d613a9b8528b882e04131e23cd743
-
Filesize
72KB
MD505092d809a49aa88a101c38653b53f67
SHA1852b4b443e79efdc93bffca94c896b3308b1303f
SHA256445adba6c2e3f45937c3e0c627e884c8ad1c4b51c4dfba68c0608c388fb3290d
SHA512ba0db9517b470045484540c0f9432443a699cefa4447ebf6ccbc6323d31adfc5ed02a193311fa1f277ed9283e26b2f86f2fa6c676cc0b3dddd44c1d306a4914b
-
Filesize
72KB
MD5a9ef735a4b3df182d823e2f8c665e9d0
SHA1cb616f02223e7faf0ab4a9075161870fb102ec0b
SHA2560d104784ef9fff0c39d005b60dd39b8c5c3167b643b37651eff8646c3721227f
SHA51295a4f28cc47f8ad9a3890aa12442d64f4b067dd454fe5ea5c62217ebe7d8445f85956c7d121bd00bff22fd0ba6551d3afb6c71b699dc091e0d1652769a942ed9
-
Filesize
72KB
MD5a9ef735a4b3df182d823e2f8c665e9d0
SHA1cb616f02223e7faf0ab4a9075161870fb102ec0b
SHA2560d104784ef9fff0c39d005b60dd39b8c5c3167b643b37651eff8646c3721227f
SHA51295a4f28cc47f8ad9a3890aa12442d64f4b067dd454fe5ea5c62217ebe7d8445f85956c7d121bd00bff22fd0ba6551d3afb6c71b699dc091e0d1652769a942ed9
-
Filesize
72KB
MD505092d809a49aa88a101c38653b53f67
SHA1852b4b443e79efdc93bffca94c896b3308b1303f
SHA256445adba6c2e3f45937c3e0c627e884c8ad1c4b51c4dfba68c0608c388fb3290d
SHA512ba0db9517b470045484540c0f9432443a699cefa4447ebf6ccbc6323d31adfc5ed02a193311fa1f277ed9283e26b2f86f2fa6c676cc0b3dddd44c1d306a4914b
-
Filesize
72KB
MD594ea14ff88e0c2fcdf280740ba3f41bc
SHA149e72e00c13dcdd4cd856ca11a7ee12f4acd4683
SHA25692866e787dcac30a3226e167e994dc1b76eb33ae6fcdb9dd1bbec591d2a6693d
SHA512b5fe7a0f78528b88ff560364209d8a25745a9cb4a8b36ac29aab6457d8ba9f6bbfc9730dd1d328d6c3740e00af37ca167454366c58326e64b6026e6bd1172056
-
Filesize
72KB
MD594ea14ff88e0c2fcdf280740ba3f41bc
SHA149e72e00c13dcdd4cd856ca11a7ee12f4acd4683
SHA25692866e787dcac30a3226e167e994dc1b76eb33ae6fcdb9dd1bbec591d2a6693d
SHA512b5fe7a0f78528b88ff560364209d8a25745a9cb4a8b36ac29aab6457d8ba9f6bbfc9730dd1d328d6c3740e00af37ca167454366c58326e64b6026e6bd1172056
-
Filesize
72KB
MD5b8bac50511e925f122e0e37eea89b3b0
SHA1cf32c1ff7d8682d90c54076f01e04e2e5ae9b9b3
SHA25637dfc20d9d5b1449b7d78db0ec69a80b926c3a23d532fda1966f529a501350c6
SHA512c4d34d52399790337edc60daf33916fa2138da128e5dbf3cdeea8802f8406e2a09fc5a6afbed0a3fa028cdd48b53148d97df64ae618f210fbca5af237278460d
-
Filesize
72KB
MD5b8bac50511e925f122e0e37eea89b3b0
SHA1cf32c1ff7d8682d90c54076f01e04e2e5ae9b9b3
SHA25637dfc20d9d5b1449b7d78db0ec69a80b926c3a23d532fda1966f529a501350c6
SHA512c4d34d52399790337edc60daf33916fa2138da128e5dbf3cdeea8802f8406e2a09fc5a6afbed0a3fa028cdd48b53148d97df64ae618f210fbca5af237278460d
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD597b76bae944b814d1345e37ed3d9916c
SHA114f839a6ac96e40459a692ead7b3114d0a1a9c00
SHA2565e567cd4ad7a6a1fbbe52c1af1d9890bb06c5ddd566f944a8d31f9226b7d89f7
SHA5126fcf7e3cf77f00b8b36755d862d170bcf7dcea69e073377f85096f0ed80b26e7314a983b50760c75825b9dbb3962b417dfda9cc589ee8f867a2c71901102e234
-
Filesize
72KB
MD597b76bae944b814d1345e37ed3d9916c
SHA114f839a6ac96e40459a692ead7b3114d0a1a9c00
SHA2565e567cd4ad7a6a1fbbe52c1af1d9890bb06c5ddd566f944a8d31f9226b7d89f7
SHA5126fcf7e3cf77f00b8b36755d862d170bcf7dcea69e073377f85096f0ed80b26e7314a983b50760c75825b9dbb3962b417dfda9cc589ee8f867a2c71901102e234
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD597b76bae944b814d1345e37ed3d9916c
SHA114f839a6ac96e40459a692ead7b3114d0a1a9c00
SHA2565e567cd4ad7a6a1fbbe52c1af1d9890bb06c5ddd566f944a8d31f9226b7d89f7
SHA5126fcf7e3cf77f00b8b36755d862d170bcf7dcea69e073377f85096f0ed80b26e7314a983b50760c75825b9dbb3962b417dfda9cc589ee8f867a2c71901102e234
-
Filesize
72KB
MD5cd66936754fdc56259fbaed85f451a1b
SHA1bcafb779d342a0e5ac366de9893f74be7499aa12
SHA256a2618e9fdfe9a1491f4494ee5a4eb54287c51c3d16fac4a35401abec954c8f5f
SHA5128fc348e0420219223639b1d3c20cae601b9bbb1cf4e9e2c32a1fafc0079056e81f33d7593ad9ebce7c5666129b8c22ee62f72ab252a34f1168d81e0b093a6212
-
Filesize
72KB
MD5cd66936754fdc56259fbaed85f451a1b
SHA1bcafb779d342a0e5ac366de9893f74be7499aa12
SHA256a2618e9fdfe9a1491f4494ee5a4eb54287c51c3d16fac4a35401abec954c8f5f
SHA5128fc348e0420219223639b1d3c20cae601b9bbb1cf4e9e2c32a1fafc0079056e81f33d7593ad9ebce7c5666129b8c22ee62f72ab252a34f1168d81e0b093a6212
-
Filesize
72KB
MD548a57932f9348ca48810b06b89f0ac76
SHA19977a59ed1173bc72c2b862f1e5030a143a1627d
SHA2567dc69275864678c7bd565c5db9047e7afbe5bd384907f21ff7dc2347cd754277
SHA51278bbc0a97befcde1d746bc6e471debbb1dd5337696b7a544fae80c3428c829ea648f058240e63de1116a81f74b687bac24ec2a5fbb0ef3718c7ca01bc41bf3b6
-
Filesize
72KB
MD548a57932f9348ca48810b06b89f0ac76
SHA19977a59ed1173bc72c2b862f1e5030a143a1627d
SHA2567dc69275864678c7bd565c5db9047e7afbe5bd384907f21ff7dc2347cd754277
SHA51278bbc0a97befcde1d746bc6e471debbb1dd5337696b7a544fae80c3428c829ea648f058240e63de1116a81f74b687bac24ec2a5fbb0ef3718c7ca01bc41bf3b6
-
Filesize
72KB
MD5bd613395c1f534d1dc6be8fd45eb9919
SHA1ad06d0c8a307a709675fce10856de980a01b5e71
SHA2562286bb5cc73322c09f61662b769fbf85da69db3c258c59b2acd4730103e33907
SHA5127d137ddf422a8313d46cc4287a514c36883318a807649e2e2d2ad8c74ba8c5351d045d8912b57a76c5afafc632e6199983831a98a8c29457f64396b78045963b
-
Filesize
72KB
MD5bd613395c1f534d1dc6be8fd45eb9919
SHA1ad06d0c8a307a709675fce10856de980a01b5e71
SHA2562286bb5cc73322c09f61662b769fbf85da69db3c258c59b2acd4730103e33907
SHA5127d137ddf422a8313d46cc4287a514c36883318a807649e2e2d2ad8c74ba8c5351d045d8912b57a76c5afafc632e6199983831a98a8c29457f64396b78045963b
-
Filesize
72KB
MD552d29c6a5dd970413bc12cf9a2be84c7
SHA1eb9a36e13709299fd99967f43eb73b0df971d595
SHA256142a28b0b3cc7857947c304b262f9ad35ea19ed81713858d1104db7c6c863f7e
SHA512e6a0e70c06ca486714b33203f872f9dec4033280aabdb5769196837918c9895cd50ca882abd49b5fc6eaffaf90e8d4a7eb6d613a9b8528b882e04131e23cd743
-
Filesize
72KB
MD552d29c6a5dd970413bc12cf9a2be84c7
SHA1eb9a36e13709299fd99967f43eb73b0df971d595
SHA256142a28b0b3cc7857947c304b262f9ad35ea19ed81713858d1104db7c6c863f7e
SHA512e6a0e70c06ca486714b33203f872f9dec4033280aabdb5769196837918c9895cd50ca882abd49b5fc6eaffaf90e8d4a7eb6d613a9b8528b882e04131e23cd743
-
Filesize
72KB
MD594ea14ff88e0c2fcdf280740ba3f41bc
SHA149e72e00c13dcdd4cd856ca11a7ee12f4acd4683
SHA25692866e787dcac30a3226e167e994dc1b76eb33ae6fcdb9dd1bbec591d2a6693d
SHA512b5fe7a0f78528b88ff560364209d8a25745a9cb4a8b36ac29aab6457d8ba9f6bbfc9730dd1d328d6c3740e00af37ca167454366c58326e64b6026e6bd1172056
-
Filesize
72KB
MD594ea14ff88e0c2fcdf280740ba3f41bc
SHA149e72e00c13dcdd4cd856ca11a7ee12f4acd4683
SHA25692866e787dcac30a3226e167e994dc1b76eb33ae6fcdb9dd1bbec591d2a6693d
SHA512b5fe7a0f78528b88ff560364209d8a25745a9cb4a8b36ac29aab6457d8ba9f6bbfc9730dd1d328d6c3740e00af37ca167454366c58326e64b6026e6bd1172056
-
Filesize
72KB
MD58ac472133a283d4359161a5deef140b4
SHA1307fee973d4af6e7dcc9a5e879ca8524fbb14dbe
SHA256e19b5b7f72860a3ba524bdba90676bd7381c2023bec28799e7583a79fcb62653
SHA5125e1df3d355622225555fb81f77ff3216f446b45bf5d43d28376ffc26be918a28501adefa93ef3ca30db7951bc9d57c4743f561ace890089ea62b36f19c559bbf
-
Filesize
72KB
MD58ac472133a283d4359161a5deef140b4
SHA1307fee973d4af6e7dcc9a5e879ca8524fbb14dbe
SHA256e19b5b7f72860a3ba524bdba90676bd7381c2023bec28799e7583a79fcb62653
SHA5125e1df3d355622225555fb81f77ff3216f446b45bf5d43d28376ffc26be918a28501adefa93ef3ca30db7951bc9d57c4743f561ace890089ea62b36f19c559bbf
-
Filesize
72KB
MD552d29c6a5dd970413bc12cf9a2be84c7
SHA1eb9a36e13709299fd99967f43eb73b0df971d595
SHA256142a28b0b3cc7857947c304b262f9ad35ea19ed81713858d1104db7c6c863f7e
SHA512e6a0e70c06ca486714b33203f872f9dec4033280aabdb5769196837918c9895cd50ca882abd49b5fc6eaffaf90e8d4a7eb6d613a9b8528b882e04131e23cd743
-
Filesize
72KB
MD552d29c6a5dd970413bc12cf9a2be84c7
SHA1eb9a36e13709299fd99967f43eb73b0df971d595
SHA256142a28b0b3cc7857947c304b262f9ad35ea19ed81713858d1104db7c6c863f7e
SHA512e6a0e70c06ca486714b33203f872f9dec4033280aabdb5769196837918c9895cd50ca882abd49b5fc6eaffaf90e8d4a7eb6d613a9b8528b882e04131e23cd743
-
Filesize
72KB
MD505092d809a49aa88a101c38653b53f67
SHA1852b4b443e79efdc93bffca94c896b3308b1303f
SHA256445adba6c2e3f45937c3e0c627e884c8ad1c4b51c4dfba68c0608c388fb3290d
SHA512ba0db9517b470045484540c0f9432443a699cefa4447ebf6ccbc6323d31adfc5ed02a193311fa1f277ed9283e26b2f86f2fa6c676cc0b3dddd44c1d306a4914b
-
Filesize
72KB
MD505092d809a49aa88a101c38653b53f67
SHA1852b4b443e79efdc93bffca94c896b3308b1303f
SHA256445adba6c2e3f45937c3e0c627e884c8ad1c4b51c4dfba68c0608c388fb3290d
SHA512ba0db9517b470045484540c0f9432443a699cefa4447ebf6ccbc6323d31adfc5ed02a193311fa1f277ed9283e26b2f86f2fa6c676cc0b3dddd44c1d306a4914b
-
Filesize
72KB
MD5a9ef735a4b3df182d823e2f8c665e9d0
SHA1cb616f02223e7faf0ab4a9075161870fb102ec0b
SHA2560d104784ef9fff0c39d005b60dd39b8c5c3167b643b37651eff8646c3721227f
SHA51295a4f28cc47f8ad9a3890aa12442d64f4b067dd454fe5ea5c62217ebe7d8445f85956c7d121bd00bff22fd0ba6551d3afb6c71b699dc091e0d1652769a942ed9
-
Filesize
72KB
MD5a9ef735a4b3df182d823e2f8c665e9d0
SHA1cb616f02223e7faf0ab4a9075161870fb102ec0b
SHA2560d104784ef9fff0c39d005b60dd39b8c5c3167b643b37651eff8646c3721227f
SHA51295a4f28cc47f8ad9a3890aa12442d64f4b067dd454fe5ea5c62217ebe7d8445f85956c7d121bd00bff22fd0ba6551d3afb6c71b699dc091e0d1652769a942ed9
-
Filesize
72KB
MD505092d809a49aa88a101c38653b53f67
SHA1852b4b443e79efdc93bffca94c896b3308b1303f
SHA256445adba6c2e3f45937c3e0c627e884c8ad1c4b51c4dfba68c0608c388fb3290d
SHA512ba0db9517b470045484540c0f9432443a699cefa4447ebf6ccbc6323d31adfc5ed02a193311fa1f277ed9283e26b2f86f2fa6c676cc0b3dddd44c1d306a4914b
-
Filesize
72KB
MD505092d809a49aa88a101c38653b53f67
SHA1852b4b443e79efdc93bffca94c896b3308b1303f
SHA256445adba6c2e3f45937c3e0c627e884c8ad1c4b51c4dfba68c0608c388fb3290d
SHA512ba0db9517b470045484540c0f9432443a699cefa4447ebf6ccbc6323d31adfc5ed02a193311fa1f277ed9283e26b2f86f2fa6c676cc0b3dddd44c1d306a4914b
-
Filesize
72KB
MD505092d809a49aa88a101c38653b53f67
SHA1852b4b443e79efdc93bffca94c896b3308b1303f
SHA256445adba6c2e3f45937c3e0c627e884c8ad1c4b51c4dfba68c0608c388fb3290d
SHA512ba0db9517b470045484540c0f9432443a699cefa4447ebf6ccbc6323d31adfc5ed02a193311fa1f277ed9283e26b2f86f2fa6c676cc0b3dddd44c1d306a4914b
-
Filesize
72KB
MD594ea14ff88e0c2fcdf280740ba3f41bc
SHA149e72e00c13dcdd4cd856ca11a7ee12f4acd4683
SHA25692866e787dcac30a3226e167e994dc1b76eb33ae6fcdb9dd1bbec591d2a6693d
SHA512b5fe7a0f78528b88ff560364209d8a25745a9cb4a8b36ac29aab6457d8ba9f6bbfc9730dd1d328d6c3740e00af37ca167454366c58326e64b6026e6bd1172056
-
Filesize
72KB
MD594ea14ff88e0c2fcdf280740ba3f41bc
SHA149e72e00c13dcdd4cd856ca11a7ee12f4acd4683
SHA25692866e787dcac30a3226e167e994dc1b76eb33ae6fcdb9dd1bbec591d2a6693d
SHA512b5fe7a0f78528b88ff560364209d8a25745a9cb4a8b36ac29aab6457d8ba9f6bbfc9730dd1d328d6c3740e00af37ca167454366c58326e64b6026e6bd1172056
-
Filesize
72KB
MD5b8bac50511e925f122e0e37eea89b3b0
SHA1cf32c1ff7d8682d90c54076f01e04e2e5ae9b9b3
SHA25637dfc20d9d5b1449b7d78db0ec69a80b926c3a23d532fda1966f529a501350c6
SHA512c4d34d52399790337edc60daf33916fa2138da128e5dbf3cdeea8802f8406e2a09fc5a6afbed0a3fa028cdd48b53148d97df64ae618f210fbca5af237278460d
-
Filesize
72KB
MD5b8bac50511e925f122e0e37eea89b3b0
SHA1cf32c1ff7d8682d90c54076f01e04e2e5ae9b9b3
SHA25637dfc20d9d5b1449b7d78db0ec69a80b926c3a23d532fda1966f529a501350c6
SHA512c4d34d52399790337edc60daf33916fa2138da128e5dbf3cdeea8802f8406e2a09fc5a6afbed0a3fa028cdd48b53148d97df64ae618f210fbca5af237278460d
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD597b76bae944b814d1345e37ed3d9916c
SHA114f839a6ac96e40459a692ead7b3114d0a1a9c00
SHA2565e567cd4ad7a6a1fbbe52c1af1d9890bb06c5ddd566f944a8d31f9226b7d89f7
SHA5126fcf7e3cf77f00b8b36755d862d170bcf7dcea69e073377f85096f0ed80b26e7314a983b50760c75825b9dbb3962b417dfda9cc589ee8f867a2c71901102e234
-
Filesize
72KB
MD597b76bae944b814d1345e37ed3d9916c
SHA114f839a6ac96e40459a692ead7b3114d0a1a9c00
SHA2565e567cd4ad7a6a1fbbe52c1af1d9890bb06c5ddd566f944a8d31f9226b7d89f7
SHA5126fcf7e3cf77f00b8b36755d862d170bcf7dcea69e073377f85096f0ed80b26e7314a983b50760c75825b9dbb3962b417dfda9cc589ee8f867a2c71901102e234
-
Filesize
72KB
MD597b76bae944b814d1345e37ed3d9916c
SHA114f839a6ac96e40459a692ead7b3114d0a1a9c00
SHA2565e567cd4ad7a6a1fbbe52c1af1d9890bb06c5ddd566f944a8d31f9226b7d89f7
SHA5126fcf7e3cf77f00b8b36755d862d170bcf7dcea69e073377f85096f0ed80b26e7314a983b50760c75825b9dbb3962b417dfda9cc589ee8f867a2c71901102e234
-
Filesize
72KB
MD597b76bae944b814d1345e37ed3d9916c
SHA114f839a6ac96e40459a692ead7b3114d0a1a9c00
SHA2565e567cd4ad7a6a1fbbe52c1af1d9890bb06c5ddd566f944a8d31f9226b7d89f7
SHA5126fcf7e3cf77f00b8b36755d862d170bcf7dcea69e073377f85096f0ed80b26e7314a983b50760c75825b9dbb3962b417dfda9cc589ee8f867a2c71901102e234
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD54462a01e1355f35aad33e55549a7e5f2
SHA135399a966bdb055dab4b86cfc11c5ac04e9251bf
SHA25606d41e9cffee9cf279615b95b65442fe0ad0cd7ed452b6887cc8d1b4a50c8530
SHA512b50bcdba44185bf66451c002f63027a80b6c298debf3e8fe2da120350c629784eb578d3ad4b9403ccd30335c2e7c7890647db1ab308f404955ae7ca87c51c5c4
-
Filesize
72KB
MD597b76bae944b814d1345e37ed3d9916c
SHA114f839a6ac96e40459a692ead7b3114d0a1a9c00
SHA2565e567cd4ad7a6a1fbbe52c1af1d9890bb06c5ddd566f944a8d31f9226b7d89f7
SHA5126fcf7e3cf77f00b8b36755d862d170bcf7dcea69e073377f85096f0ed80b26e7314a983b50760c75825b9dbb3962b417dfda9cc589ee8f867a2c71901102e234
-
Filesize
72KB
MD597b76bae944b814d1345e37ed3d9916c
SHA114f839a6ac96e40459a692ead7b3114d0a1a9c00
SHA2565e567cd4ad7a6a1fbbe52c1af1d9890bb06c5ddd566f944a8d31f9226b7d89f7
SHA5126fcf7e3cf77f00b8b36755d862d170bcf7dcea69e073377f85096f0ed80b26e7314a983b50760c75825b9dbb3962b417dfda9cc589ee8f867a2c71901102e234
-
Filesize
8KB
-
Filesize
8KB