Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
181s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
07/11/2022, 17:55
General
-
Target
04af3247818030bfedf9576d2629879f3265d84f467d026255f27e9a602ed20f.exe
-
Size
72KB
-
MD5
013f5b220a78f31c63fc0118dde1c3f4
-
SHA1
f0e0c80fb94948aa315070249e111e5306159b83
-
SHA256
04af3247818030bfedf9576d2629879f3265d84f467d026255f27e9a602ed20f
-
SHA512
2fc2706d18058769c76ad5fef1559674d1de9fef824fe028aef50c4b66fed07be477d22f56952fafedc7e8f1326d5e080f00ed6d1370a519da42efc38527142e
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2r:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrn
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\04af3247818030bfedf9576d2629879f3265d84f467d026255f27e9a602ed20f.exe"C:\Users\Admin\AppData\Local\Temp\04af3247818030bfedf9576d2629879f3265d84f467d026255f27e9a602ed20f.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1564216846\backup.exeC:\Users\Admin\AppData\Local\Temp\1564216846\backup.exe C:\Users\Admin\AppData\Local\Temp\1564216846\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\update.exeC:\odt\update.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\PerfLogs\System Restore.exe"C:\PerfLogs\System Restore.exe" C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\update.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\update.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\data.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\data.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\System Restore.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\System Restore.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\System Restore.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\System Restore.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\update.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\update.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\data.exe"C:\Program Files\Google\Chrome\Application\data.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
- System policy modification
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\include\update.exe"C:\Program Files\Java\jdk1.8.0_66\include\update.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
-
-
-
-
-
C:\Program Files\Microsoft Office\update.exe"C:\Program Files\Microsoft Office\update.exe" C:\Program Files\Microsoft Office\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
-
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Microsoft Office\root\fre\backup.exe"C:\Program Files\Microsoft Office\root\fre\backup.exe" C:\Program Files\Microsoft Office\root\fre\7⤵
-
-
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Mozilla Firefox\browser\features\backup.exe"C:\Program Files\Mozilla Firefox\browser\features\backup.exe" C:\Program Files\Mozilla Firefox\browser\features\7⤵
-
-
-
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
-
-
C:\Program Files (x86)\System Restore.exe"C:\Program Files (x86)\System Restore.exe" C:\Program Files (x86)\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\10⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\10⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\9⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\11⤵
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Drops file in Program Files directory
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\8⤵
-
-
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\System Restore.exe"C:\Program Files (x86)\Internet Explorer\es-ES\System Restore.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
-
-
-
C:\Users\data.exeC:\Users\data.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- System policy modification
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
- System policy modification
-
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Drops file in Windows directory
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
-
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
-
-
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\data.exeC:\Users\Admin\AppData\Local\Temp\Low\data.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\1⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\2⤵
-
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\1⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\1⤵
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\1⤵
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\update.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\update.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\1⤵
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\2⤵
-
-
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\1⤵
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\update.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\update.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\1⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\1⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\2⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\3⤵
-
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\1⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\1⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\1⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\2⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\1⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\1⤵
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\1⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\1⤵
- System policy modification
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD59360fac8b42f1a02d15b73aa18ce076d
SHA1646454713819d45c860d7757e4757e01856db003
SHA256db5b7b2207cf4b7c2245fb896d444cb560460951c9a227fbedd20dd7a25f0fc3
SHA5123ffefd2e827b8d68b4bb090438563cc5ad91fce429b900a68ba9bae936787950cfcf6bdb6768287a22aa29397ca9f86b06a6e4f88a1a508c9249ba2d55733905
-
Filesize
72KB
MD59360fac8b42f1a02d15b73aa18ce076d
SHA1646454713819d45c860d7757e4757e01856db003
SHA256db5b7b2207cf4b7c2245fb896d444cb560460951c9a227fbedd20dd7a25f0fc3
SHA5123ffefd2e827b8d68b4bb090438563cc5ad91fce429b900a68ba9bae936787950cfcf6bdb6768287a22aa29397ca9f86b06a6e4f88a1a508c9249ba2d55733905
-
Filesize
72KB
MD5da01eace8700d5e141aaff5e727cb3de
SHA1e5d0329c2b646936d1b16070299f6453509a1c39
SHA25600b76d2895973a0208616f14094d1b6cead71ff61e0ab2412c83211593680541
SHA51285bcbc11fdc6d158e981ffd18f8aa3761c6d0f574ce6bd466439c5a812bc26d9b382609eaadb6c3e5d38988faf22d95caa7b470aa9b76286f74a35a24114367e
-
Filesize
72KB
MD5da01eace8700d5e141aaff5e727cb3de
SHA1e5d0329c2b646936d1b16070299f6453509a1c39
SHA25600b76d2895973a0208616f14094d1b6cead71ff61e0ab2412c83211593680541
SHA51285bcbc11fdc6d158e981ffd18f8aa3761c6d0f574ce6bd466439c5a812bc26d9b382609eaadb6c3e5d38988faf22d95caa7b470aa9b76286f74a35a24114367e
-
Filesize
72KB
MD592049b7ca982c93324eb0f0cc99207b5
SHA1aa7b132ee820594e67bcc0a8fb8175a5a5e78140
SHA2567bb2cf008e604f35d0793b06edb8fdd3496e9582ae145e6222ef935717a8dd1d
SHA512fbebe50783496a7f99935a56b2e29b6ef9c76964e86e8cafa08ea555a5546749ef10c52dcfe6fc0be2c7d65ece4b6cc949e59f7dc6ecff0593c64083d5df8569
-
Filesize
72KB
MD592049b7ca982c93324eb0f0cc99207b5
SHA1aa7b132ee820594e67bcc0a8fb8175a5a5e78140
SHA2567bb2cf008e604f35d0793b06edb8fdd3496e9582ae145e6222ef935717a8dd1d
SHA512fbebe50783496a7f99935a56b2e29b6ef9c76964e86e8cafa08ea555a5546749ef10c52dcfe6fc0be2c7d65ece4b6cc949e59f7dc6ecff0593c64083d5df8569
-
Filesize
72KB
MD5167711ae6a94fe35c3bb73af40ebeed1
SHA19970faccc7f680106dfeeff7f9e8f92f33396c8c
SHA256bec5bc53516592096f5fcdda21418f61399e70c361952d3e05653b3d710c88ed
SHA512af7ff9e7d1f8651b34da5d6ad146cfdbaca1b43e93259bf3cd3a5be24893ef3040a6c15374b24446235ee1024190c060a9c9e0323d5a1e03a87023f497e2cf30
-
Filesize
72KB
MD5167711ae6a94fe35c3bb73af40ebeed1
SHA19970faccc7f680106dfeeff7f9e8f92f33396c8c
SHA256bec5bc53516592096f5fcdda21418f61399e70c361952d3e05653b3d710c88ed
SHA512af7ff9e7d1f8651b34da5d6ad146cfdbaca1b43e93259bf3cd3a5be24893ef3040a6c15374b24446235ee1024190c060a9c9e0323d5a1e03a87023f497e2cf30
-
Filesize
72KB
MD51c02d0bc81dc72cd3a4765bcefc939ba
SHA10c2d1ecf4dec6ad390a644232037ba42114b02b4
SHA256eebef418b4eef5778225d59fad7ecf2fa9a64f08397f9c533c7d78b12a2a0ab0
SHA5121e3abcd9951f3f908ba4e82fcc8a8360d25c27d8980918c7abb473408cade153cf338dde9e238adc28683acc444c2c2a5f51511b715e255e186ec403595e44ee
-
Filesize
72KB
MD51c02d0bc81dc72cd3a4765bcefc939ba
SHA10c2d1ecf4dec6ad390a644232037ba42114b02b4
SHA256eebef418b4eef5778225d59fad7ecf2fa9a64f08397f9c533c7d78b12a2a0ab0
SHA5121e3abcd9951f3f908ba4e82fcc8a8360d25c27d8980918c7abb473408cade153cf338dde9e238adc28683acc444c2c2a5f51511b715e255e186ec403595e44ee
-
Filesize
72KB
MD59e32ce60c08569760e4b050150aa7427
SHA1a4aa013e1b36449367e8d4c12b13d25cf591cd23
SHA2568d26cf75bd054581b77ba3aa25e33ee3931c92ae19ef49a2bb4c3b1f625c6d03
SHA512481fdd402e3ab924a677f23bac16856f3984b7ca4efd494f1c756d8dbdbb586ced9dabd419827db543b6cf509edee62be3f4d92d21834f9643e880a4bf0e2941
-
Filesize
72KB
MD59e32ce60c08569760e4b050150aa7427
SHA1a4aa013e1b36449367e8d4c12b13d25cf591cd23
SHA2568d26cf75bd054581b77ba3aa25e33ee3931c92ae19ef49a2bb4c3b1f625c6d03
SHA512481fdd402e3ab924a677f23bac16856f3984b7ca4efd494f1c756d8dbdbb586ced9dabd419827db543b6cf509edee62be3f4d92d21834f9643e880a4bf0e2941
-
Filesize
72KB
MD5732354bf5750dd544bd7f7e804456107
SHA1fd30fcd26d7892f6f8cfb218c48ae2d4278ffbdf
SHA2564b6fb0f8c49edc5d1a5b5c74a9d2307cd293cf613e33e822b4bb479fbcac6372
SHA5121e3739d0a584a8b73ba3c434fb6f97f8c4ac8405f7e41d5b656c91a0706e8ad1c91b5c51a2f566cc96e667ae34df09ad7f21051a2d7eaccf1beca39d64248556
-
Filesize
72KB
MD5732354bf5750dd544bd7f7e804456107
SHA1fd30fcd26d7892f6f8cfb218c48ae2d4278ffbdf
SHA2564b6fb0f8c49edc5d1a5b5c74a9d2307cd293cf613e33e822b4bb479fbcac6372
SHA5121e3739d0a584a8b73ba3c434fb6f97f8c4ac8405f7e41d5b656c91a0706e8ad1c91b5c51a2f566cc96e667ae34df09ad7f21051a2d7eaccf1beca39d64248556
-
Filesize
72KB
MD5bba198d0fb09217de959f2c10333c716
SHA1458e9031d5968e63a7171887039a9064b42ca31e
SHA25621c40c1725e27344015232b6295b8cc8a2992367c8034dcd452fa3c4a4570a90
SHA512da01d9ba4fb581d2cc74abb94b5e20bc10e332215cb51740a6c2fda047df71f0b7f2b531131ebf4f22616a4ef7b96adc7a4163cd98c995be5666dd734104c76b
-
Filesize
72KB
MD5bba198d0fb09217de959f2c10333c716
SHA1458e9031d5968e63a7171887039a9064b42ca31e
SHA25621c40c1725e27344015232b6295b8cc8a2992367c8034dcd452fa3c4a4570a90
SHA512da01d9ba4fb581d2cc74abb94b5e20bc10e332215cb51740a6c2fda047df71f0b7f2b531131ebf4f22616a4ef7b96adc7a4163cd98c995be5666dd734104c76b
-
Filesize
72KB
MD50c535a38a2520e0b3f9a3ca9e28bc6cb
SHA15d05ed8f2260afc5d129b1ae8c3983d0687535d1
SHA256bf8272fd745f08e85fc05274fe1b47d83c1d3081e5b3009cf21811e95bebaba2
SHA512982a80ca1fc2043ad452aa872a0feec9a1d4fcf84853c4a316f048b4a2ddb162dad37167a275729e7483abb1b7070bf2a75f5583c7e1a783d5cd531b105164e2
-
Filesize
72KB
MD50c535a38a2520e0b3f9a3ca9e28bc6cb
SHA15d05ed8f2260afc5d129b1ae8c3983d0687535d1
SHA256bf8272fd745f08e85fc05274fe1b47d83c1d3081e5b3009cf21811e95bebaba2
SHA512982a80ca1fc2043ad452aa872a0feec9a1d4fcf84853c4a316f048b4a2ddb162dad37167a275729e7483abb1b7070bf2a75f5583c7e1a783d5cd531b105164e2
-
Filesize
72KB
MD5da7e7f02777e2462cad0f7a9163bd388
SHA11f82b397f4c1994629fcf49e724cb97c381d806b
SHA2568cc28ad1bc3656602afdc7a6c965aa25b1737f3c50b2f1c19073dce728e45846
SHA5128dd34e888586a20e12bd865d00b3c26a2b34f399eafa95040227639819748ca76015e96d9e2e0d92c843990a9179817f7c34c129e3bc014f795ff840fa3132e1
-
Filesize
72KB
MD5da7e7f02777e2462cad0f7a9163bd388
SHA11f82b397f4c1994629fcf49e724cb97c381d806b
SHA2568cc28ad1bc3656602afdc7a6c965aa25b1737f3c50b2f1c19073dce728e45846
SHA5128dd34e888586a20e12bd865d00b3c26a2b34f399eafa95040227639819748ca76015e96d9e2e0d92c843990a9179817f7c34c129e3bc014f795ff840fa3132e1
-
Filesize
72KB
MD56530792926750a07d22dcec56b95b30b
SHA187b9bb42182db15af07d3a65d31b03f0ef7519a4
SHA256ef0d64aad486825da59297235e8908026573f50bd241336ccfc36df88576c1ab
SHA512377c6ca6433677b51b94b1bdd049b4770ae955d6db29255e11c3c6a8fc8bbbc4f7d9041d747dad1d34ae906e5de3422d5159cfbf38f3bc86587b11d8c96d4860
-
Filesize
72KB
MD56530792926750a07d22dcec56b95b30b
SHA187b9bb42182db15af07d3a65d31b03f0ef7519a4
SHA256ef0d64aad486825da59297235e8908026573f50bd241336ccfc36df88576c1ab
SHA512377c6ca6433677b51b94b1bdd049b4770ae955d6db29255e11c3c6a8fc8bbbc4f7d9041d747dad1d34ae906e5de3422d5159cfbf38f3bc86587b11d8c96d4860
-
Filesize
72KB
MD59e32ce60c08569760e4b050150aa7427
SHA1a4aa013e1b36449367e8d4c12b13d25cf591cd23
SHA2568d26cf75bd054581b77ba3aa25e33ee3931c92ae19ef49a2bb4c3b1f625c6d03
SHA512481fdd402e3ab924a677f23bac16856f3984b7ca4efd494f1c756d8dbdbb586ced9dabd419827db543b6cf509edee62be3f4d92d21834f9643e880a4bf0e2941
-
Filesize
72KB
MD59e32ce60c08569760e4b050150aa7427
SHA1a4aa013e1b36449367e8d4c12b13d25cf591cd23
SHA2568d26cf75bd054581b77ba3aa25e33ee3931c92ae19ef49a2bb4c3b1f625c6d03
SHA512481fdd402e3ab924a677f23bac16856f3984b7ca4efd494f1c756d8dbdbb586ced9dabd419827db543b6cf509edee62be3f4d92d21834f9643e880a4bf0e2941
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5da7e7f02777e2462cad0f7a9163bd388
SHA11f82b397f4c1994629fcf49e724cb97c381d806b
SHA2568cc28ad1bc3656602afdc7a6c965aa25b1737f3c50b2f1c19073dce728e45846
SHA5128dd34e888586a20e12bd865d00b3c26a2b34f399eafa95040227639819748ca76015e96d9e2e0d92c843990a9179817f7c34c129e3bc014f795ff840fa3132e1
-
Filesize
72KB
MD5da7e7f02777e2462cad0f7a9163bd388
SHA11f82b397f4c1994629fcf49e724cb97c381d806b
SHA2568cc28ad1bc3656602afdc7a6c965aa25b1737f3c50b2f1c19073dce728e45846
SHA5128dd34e888586a20e12bd865d00b3c26a2b34f399eafa95040227639819748ca76015e96d9e2e0d92c843990a9179817f7c34c129e3bc014f795ff840fa3132e1
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5bfbc242179723f01b1c5280acc034eb4
SHA1678524ba77b762e477092f0f9549b2159fc3e38f
SHA25632bb485aada0bf68844f0da1ffc853fa90639d1da8b9da024e8f9b7136aacfdb
SHA512f8db14e79faaafc1e043a5b0e014f154e0742b0778a3f5bb1c98d0f6e8085fcd1447dfb749fedb61f69c817c794ef486ac0ed7e6744bb8c73f5a9d7bbe1c6ac6
-
Filesize
72KB
MD5a719232a8d83bd32c219f21ef5ff8a56
SHA1258b20fbd3a0ba97ae5fe2edec1fd90f5a809ac7
SHA256b119e566cbf1c1471d2623ec687950aa709c003e1ecd98483929d9c89ea0386d
SHA512519a585263cd3a01530fc78dbaf05380d936dd833fd649af7dc77002e85fba8004a99c84bb6722b0dde97f71091900421dba640d6931b795c8c31f9263c47224
-
Filesize
72KB
MD5a719232a8d83bd32c219f21ef5ff8a56
SHA1258b20fbd3a0ba97ae5fe2edec1fd90f5a809ac7
SHA256b119e566cbf1c1471d2623ec687950aa709c003e1ecd98483929d9c89ea0386d
SHA512519a585263cd3a01530fc78dbaf05380d936dd833fd649af7dc77002e85fba8004a99c84bb6722b0dde97f71091900421dba640d6931b795c8c31f9263c47224
-
Filesize
72KB
MD5cd040374289251762af1f5b9409532f3
SHA14b923eb7f44597e5948ce2ff13cfd2fee07f8b40
SHA256efcdb48a412ba38a5b34db670dc4d873401be5d83aec48f0e6f2d78bc0674631
SHA5129c0ee420ee78de70fe132fb135ae13d213da1110acfb8bc4a48b820f31c0be52843a213cf078de6f168d64e3fae05280193da236877efc094455f0c65a70d2a2
-
Filesize
72KB
MD5cd040374289251762af1f5b9409532f3
SHA14b923eb7f44597e5948ce2ff13cfd2fee07f8b40
SHA256efcdb48a412ba38a5b34db670dc4d873401be5d83aec48f0e6f2d78bc0674631
SHA5129c0ee420ee78de70fe132fb135ae13d213da1110acfb8bc4a48b820f31c0be52843a213cf078de6f168d64e3fae05280193da236877efc094455f0c65a70d2a2
-
Filesize
72KB
MD5418dcb2456fef03c4c0973109a856703
SHA1923dc96de83859ca6327d74586a1bce162af1930
SHA256b457e3c55d365686b94eaad7e267409ea0ea2f0ca0a26a89b5862d376067f610
SHA5127bd2bdf38e74894788b4552bea103268083f463a243ffed4e7b25fde28fa31eec03e81576e5bb6e7c669cbf86f0764e07b3b6b329c9128f311bfd5ab2fb6c477
-
Filesize
72KB
MD5418dcb2456fef03c4c0973109a856703
SHA1923dc96de83859ca6327d74586a1bce162af1930
SHA256b457e3c55d365686b94eaad7e267409ea0ea2f0ca0a26a89b5862d376067f610
SHA5127bd2bdf38e74894788b4552bea103268083f463a243ffed4e7b25fde28fa31eec03e81576e5bb6e7c669cbf86f0764e07b3b6b329c9128f311bfd5ab2fb6c477
-
Filesize
72KB
MD59360fac8b42f1a02d15b73aa18ce076d
SHA1646454713819d45c860d7757e4757e01856db003
SHA256db5b7b2207cf4b7c2245fb896d444cb560460951c9a227fbedd20dd7a25f0fc3
SHA5123ffefd2e827b8d68b4bb090438563cc5ad91fce429b900a68ba9bae936787950cfcf6bdb6768287a22aa29397ca9f86b06a6e4f88a1a508c9249ba2d55733905
-
Filesize
72KB
MD59360fac8b42f1a02d15b73aa18ce076d
SHA1646454713819d45c860d7757e4757e01856db003
SHA256db5b7b2207cf4b7c2245fb896d444cb560460951c9a227fbedd20dd7a25f0fc3
SHA5123ffefd2e827b8d68b4bb090438563cc5ad91fce429b900a68ba9bae936787950cfcf6bdb6768287a22aa29397ca9f86b06a6e4f88a1a508c9249ba2d55733905
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD521691a6bbbd914fcf32d8d3e3ad8f647
SHA18f1a5402bd8bde8fb06c80bf862d10e4b7a3b0a5
SHA2567bad5927626665c662165c89ab7d2f7dd84d6473240a3a5d5c11a1261fe822a9
SHA512b42e2a368c52305cd9b3810b52230553c81c6fae5cf1bfe834505e0081525a303a398455c3d080964e29d2feb7817969b7a04fb3df59fc51fc53169c1b6bf1bb
-
Filesize
72KB
MD5b941e90f932ec3f67157e1b9fc2fba13
SHA10fef6c03cb1bcbf260a2dbccb7784e1e6494d0cb
SHA2565f7ac3673c41f3f563bb6a28818e06af1f7182157970dc7f98bbb0a92869e21d
SHA512b0fa35dcb90f8aba4ba0e7d298b8edbb36e2718c3e048016cc21531eb0a21127b59ec45a548fe42241111a0dfa121051ec1aca9d392117928eb8aae7cb50680b
-
Filesize
72KB
MD5b941e90f932ec3f67157e1b9fc2fba13
SHA10fef6c03cb1bcbf260a2dbccb7784e1e6494d0cb
SHA2565f7ac3673c41f3f563bb6a28818e06af1f7182157970dc7f98bbb0a92869e21d
SHA512b0fa35dcb90f8aba4ba0e7d298b8edbb36e2718c3e048016cc21531eb0a21127b59ec45a548fe42241111a0dfa121051ec1aca9d392117928eb8aae7cb50680b
-
Filesize
72KB
MD5edf822b90125abc284fead2dd8f9bfd8
SHA161acd1bab1fdc1ea07816b4593359ca5c9d17c27
SHA256a7957a4ed6584be5df11419a67758b7698cd3806a2dc0d1296172bf5565ff8f1
SHA512ea955759b915e09de931c62f7172a67a849dccb0c27730938c9c216abc9606c2c3f5abc12388fb5ffc17e7925427bda766703e9a0fdf86ddeb1632e685c4f3d3
-
Filesize
72KB
MD5edf822b90125abc284fead2dd8f9bfd8
SHA161acd1bab1fdc1ea07816b4593359ca5c9d17c27
SHA256a7957a4ed6584be5df11419a67758b7698cd3806a2dc0d1296172bf5565ff8f1
SHA512ea955759b915e09de931c62f7172a67a849dccb0c27730938c9c216abc9606c2c3f5abc12388fb5ffc17e7925427bda766703e9a0fdf86ddeb1632e685c4f3d3
-
Filesize
72KB
MD59360fac8b42f1a02d15b73aa18ce076d
SHA1646454713819d45c860d7757e4757e01856db003
SHA256db5b7b2207cf4b7c2245fb896d444cb560460951c9a227fbedd20dd7a25f0fc3
SHA5123ffefd2e827b8d68b4bb090438563cc5ad91fce429b900a68ba9bae936787950cfcf6bdb6768287a22aa29397ca9f86b06a6e4f88a1a508c9249ba2d55733905
-
Filesize
72KB
MD59360fac8b42f1a02d15b73aa18ce076d
SHA1646454713819d45c860d7757e4757e01856db003
SHA256db5b7b2207cf4b7c2245fb896d444cb560460951c9a227fbedd20dd7a25f0fc3
SHA5123ffefd2e827b8d68b4bb090438563cc5ad91fce429b900a68ba9bae936787950cfcf6bdb6768287a22aa29397ca9f86b06a6e4f88a1a508c9249ba2d55733905