Analysis
-
max time kernel
75s -
max time network
56s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
21/11/2022, 14:22
General
-
Target
794af7ef1be44aad226ad3435b0a364aa2e59b5690691edf4e38e1f7342d68f3.exe
-
Size
72KB
-
MD5
10ea304473b85897c08bc436beba1593
-
SHA1
cc535a77adbc62f088811ed17cd39de315b10a65
-
SHA256
794af7ef1be44aad226ad3435b0a364aa2e59b5690691edf4e38e1f7342d68f3
-
SHA512
ed81df34baa9315975f6a1678d33403b22f31929bec597980a25708d0527492c642576668d07ed62e74e3e53c8fb3f239816b38f20bf40dce1df468a18d2b9b1
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf29:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPp
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\794af7ef1be44aad226ad3435b0a364aa2e59b5690691edf4e38e1f7342d68f3.exe"C:\Users\Admin\AppData\Local\Temp\794af7ef1be44aad226ad3435b0a364aa2e59b5690691edf4e38e1f7342d68f3.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1573594878\backup.exeC:\Users\Admin\AppData\Local\Temp\1573594878\backup.exe C:\Users\Admin\AppData\Local\Temp\1573594878\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\update.exeC:\PerfLogs\Admin\update.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\data.exe"C:\Program Files\Common Files\data.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\es-ES\data.exe"C:\Program Files\Common Files\System\es-ES\data.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\update.exe"C:\Program Files\Internet Explorer\es-ES\update.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\update.exe"C:\Program Files\Java\jdk1.7.0_80\update.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
-
-
C:\Program Files\Java\jre7\backup.exe"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\6⤵
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Games\Chess\backup.exe"C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\6⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\backup.exe"C:\Program Files\Microsoft Games\FreeCell\backup.exe" C:\Program Files\Microsoft Games\FreeCell\6⤵
-
-
C:\Program Files\Microsoft Games\Hearts\backup.exe"C:\Program Files\Microsoft Games\Hearts\backup.exe" C:\Program Files\Microsoft Games\Hearts\6⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\backup.exe"C:\Program Files\Microsoft Games\Mahjong\backup.exe" C:\Program Files\Microsoft Games\Mahjong\6⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\6⤵
-
-
C:\Program Files\Microsoft Games\More Games\backup.exe"C:\Program Files\Microsoft Games\More Games\backup.exe" C:\Program Files\Microsoft Games\More Games\6⤵
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\10⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\update.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\update.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\8⤵
-
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\data.exe"C:\Program Files (x86)\Common Files\System\data.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\update.exe"C:\Program Files (x86)\Google\Update\update.exe" C:\Program Files (x86)\Google\Update\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\6⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\7⤵
-
-
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\System Restore.exe"C:\Users\Admin\Desktop\System Restore.exe" C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
-
C:\Windows\CSC\backup.exeC:\Windows\CSC\backup.exe C:\Windows\CSC\5⤵
-
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\data.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\data.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\WPDNSE\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD538822c82e6f4c92b2cedac78e1fa991e
SHA18bfc45d8a436e042000d886d255029ebbc2308cd
SHA2567d63b0f6b162d5a4955577e1647d552a93b86b893abb6205e5aaabfbab399c07
SHA512c6a18399a9006eb255dbc0ebddd375c9719e85330a63bda4ce282c82966c234db0c34552e0f3a8b379b51808ee60b559e56c124c60ef4e908e29c662786dd199
-
Filesize
72KB
MD538822c82e6f4c92b2cedac78e1fa991e
SHA18bfc45d8a436e042000d886d255029ebbc2308cd
SHA2567d63b0f6b162d5a4955577e1647d552a93b86b893abb6205e5aaabfbab399c07
SHA512c6a18399a9006eb255dbc0ebddd375c9719e85330a63bda4ce282c82966c234db0c34552e0f3a8b379b51808ee60b559e56c124c60ef4e908e29c662786dd199
-
Filesize
72KB
MD55f3b678928694bfe8d4702a9463aff66
SHA19db3ec6c20533a9cde9e9a77947e8b0bba806314
SHA256085437de0fe79880d065fecc4e694092b4ce116a987e1bb6a123bbc28adbde14
SHA5127521b7f13079e4ae4d9cf07b3f913cc7f4b2b09f37f2ffdc61bc47ba53ab0642c11b7b557b50b0c2b28c1ad75eda765d439bcc122094c7d3d21243c9cb565a75
-
Filesize
72KB
MD55f3b678928694bfe8d4702a9463aff66
SHA19db3ec6c20533a9cde9e9a77947e8b0bba806314
SHA256085437de0fe79880d065fecc4e694092b4ce116a987e1bb6a123bbc28adbde14
SHA5127521b7f13079e4ae4d9cf07b3f913cc7f4b2b09f37f2ffdc61bc47ba53ab0642c11b7b557b50b0c2b28c1ad75eda765d439bcc122094c7d3d21243c9cb565a75
-
Filesize
72KB
MD53312945c9685763999ba5b67723c2c5a
SHA1c177eb463910d60c618243272abb42507d8cadfc
SHA2562eaac650d4055ec6e79a1426ac5fa455a0806d94084b9a1c5e2bcc3bd40bf49b
SHA5125d3a358279d6e82f50d3b3b22dc5f602bdfd5a3adab24ac388c50a5a5ef583545aeb137c33f2b2cff24a73356c53180f52f228760e5bf087c4c3abf49c556d2e
-
Filesize
72KB
MD5030beecd669641ce1a9b1cf2de320027
SHA10e4468b2573699ffa4762339f17043ae8b8bb74c
SHA25607c4cb3c2733195c873c3729110cc194ed10bd19900bfdf09a60d6d96fe0f80a
SHA5128a8eb5e9badefce45e6deecce9accc5d0fcb0f3caa0ca60f4cc4e1b1e3d5728a07045fe9f9174a4987c7f16d8c6f871b5ee4a40cecbdfa755bdb62e9e15f1188
-
Filesize
72KB
MD5030beecd669641ce1a9b1cf2de320027
SHA10e4468b2573699ffa4762339f17043ae8b8bb74c
SHA25607c4cb3c2733195c873c3729110cc194ed10bd19900bfdf09a60d6d96fe0f80a
SHA5128a8eb5e9badefce45e6deecce9accc5d0fcb0f3caa0ca60f4cc4e1b1e3d5728a07045fe9f9174a4987c7f16d8c6f871b5ee4a40cecbdfa755bdb62e9e15f1188
-
Filesize
72KB
MD58a5bded27578e9d7fa59a63322b9a6b8
SHA1403363f1312d4c7765459ad26b1a41de3a379dea
SHA256908f32132ebb0c1e56cc52ff898793687adb56ed613ad8c43f9c961aa831a90d
SHA512a0f6fab30fdb687a8c644516f80a47e3546f88193f7b6cad584afa47b67220ad205b4cae740e3249898fccc0f0ad4f608b0531f069199fd19b9a44f80868d0b8
-
Filesize
72KB
MD5e2724095d67b11efaefae21c363be890
SHA179307777aa3f2dd480505b400c62fda08832ca9b
SHA2568dcc7e521d747e25b454664312cc7835c31776d40d91b9375f929812e7e3191a
SHA512bb5c69e3fdb5a3157eb5b86ca73b1b9226f11ad7fa13e0abbcb9a7422b5d9d2f767cec4ee629aaa4ca35bb3067f02705eb1b4e3eec9b2dcb5b0beb53d46853ad
-
Filesize
72KB
MD5e2724095d67b11efaefae21c363be890
SHA179307777aa3f2dd480505b400c62fda08832ca9b
SHA2568dcc7e521d747e25b454664312cc7835c31776d40d91b9375f929812e7e3191a
SHA512bb5c69e3fdb5a3157eb5b86ca73b1b9226f11ad7fa13e0abbcb9a7422b5d9d2f767cec4ee629aaa4ca35bb3067f02705eb1b4e3eec9b2dcb5b0beb53d46853ad
-
Filesize
72KB
MD56979c5aa53a57cc3008e573d8145ce53
SHA1f9e94a1d6157a437f97b419a8b1bb409e2ccf5c7
SHA256bdc40cd20ecc5fa21966dac07a633951c7ff346820cab105d708346b928b841d
SHA512aee50d58df47db1d37716e88d0e8a74dd0151abd87bb5115c046482293a0ed8270483752719e0b78421a0c8463a1218977fb8a00449cf970a8c3a93baa51b5a9
-
Filesize
72KB
MD58a5bded27578e9d7fa59a63322b9a6b8
SHA1403363f1312d4c7765459ad26b1a41de3a379dea
SHA256908f32132ebb0c1e56cc52ff898793687adb56ed613ad8c43f9c961aa831a90d
SHA512a0f6fab30fdb687a8c644516f80a47e3546f88193f7b6cad584afa47b67220ad205b4cae740e3249898fccc0f0ad4f608b0531f069199fd19b9a44f80868d0b8
-
Filesize
72KB
MD58a5bded27578e9d7fa59a63322b9a6b8
SHA1403363f1312d4c7765459ad26b1a41de3a379dea
SHA256908f32132ebb0c1e56cc52ff898793687adb56ed613ad8c43f9c961aa831a90d
SHA512a0f6fab30fdb687a8c644516f80a47e3546f88193f7b6cad584afa47b67220ad205b4cae740e3249898fccc0f0ad4f608b0531f069199fd19b9a44f80868d0b8
-
Filesize
72KB
MD5a212c92db2b381ece6ec1606dbd620a7
SHA179aaaefda3e1b7f55de947eb58cc7e332e8a2bf5
SHA256331bd04c4b86f97ed3b73b188fe6ad4417bd5adeae5434cc916ec47f3d1b622a
SHA512542a2529c8febfac92fe3ce66dc13799731045c4570755daaed02a0a99ce04be78a2334313595c076c8c77f1bb8384a6185bb27ed60fabdf9ea2d2059fc0cbfd
-
Filesize
72KB
MD5a212c92db2b381ece6ec1606dbd620a7
SHA179aaaefda3e1b7f55de947eb58cc7e332e8a2bf5
SHA256331bd04c4b86f97ed3b73b188fe6ad4417bd5adeae5434cc916ec47f3d1b622a
SHA512542a2529c8febfac92fe3ce66dc13799731045c4570755daaed02a0a99ce04be78a2334313595c076c8c77f1bb8384a6185bb27ed60fabdf9ea2d2059fc0cbfd
-
Filesize
72KB
MD5071be538096524efd697594d9d6baf15
SHA11e5322ef7762679b344a17a507fee2d0b546d52e
SHA2560c0bd0fcdd6a1d46a85f3ecd53fef536b793752d2ea06a158dd2c33898f84fa8
SHA512c403a3ba10a3b1b819393053f215c3a9eae51b9b4b6c757532a4c4884e62d64fd051ae391048c723883a64957dc96bc2d662d08628cf8bef4aabb8bfbd4c6645
-
Filesize
72KB
MD5071be538096524efd697594d9d6baf15
SHA11e5322ef7762679b344a17a507fee2d0b546d52e
SHA2560c0bd0fcdd6a1d46a85f3ecd53fef536b793752d2ea06a158dd2c33898f84fa8
SHA512c403a3ba10a3b1b819393053f215c3a9eae51b9b4b6c757532a4c4884e62d64fd051ae391048c723883a64957dc96bc2d662d08628cf8bef4aabb8bfbd4c6645
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD58581a8c7c9962ef8105973c738dc4fb1
SHA1da94bf50abab560c2eaadf15f4f8478485636b05
SHA2561045a4b6997e4d365a8c9cb8cc5ade840997eb925ae3c0a84ad79423305d4760
SHA51287c2beb6d06ec5cf57b2f8ace32dd344e3de475819990a973ca8d1c5a66c20894f9ae2d8123feb7688741e427aabe24c6321c81d620820a7390c117e6b25506b
-
Filesize
72KB
MD58581a8c7c9962ef8105973c738dc4fb1
SHA1da94bf50abab560c2eaadf15f4f8478485636b05
SHA2561045a4b6997e4d365a8c9cb8cc5ade840997eb925ae3c0a84ad79423305d4760
SHA51287c2beb6d06ec5cf57b2f8ace32dd344e3de475819990a973ca8d1c5a66c20894f9ae2d8123feb7688741e427aabe24c6321c81d620820a7390c117e6b25506b
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD58581a8c7c9962ef8105973c738dc4fb1
SHA1da94bf50abab560c2eaadf15f4f8478485636b05
SHA2561045a4b6997e4d365a8c9cb8cc5ade840997eb925ae3c0a84ad79423305d4760
SHA51287c2beb6d06ec5cf57b2f8ace32dd344e3de475819990a973ca8d1c5a66c20894f9ae2d8123feb7688741e427aabe24c6321c81d620820a7390c117e6b25506b
-
Filesize
72KB
MD5f8732088fc88ac5be07c620c40a4f56e
SHA1c7cecd31f4fb787473af922d057c5853f729a789
SHA2565a6f7bd0c6e249575a3a4931dc7a0ac4442dfa8347949e990976c879cc9a90ff
SHA51259ae68f491b355baf1043fcf6920d2f95684a0bc7c02725a71c8438ccc5ebf593693f2bf447ba46128364741dfe067327f38f0c4e724bdb02c84c369db05e432
-
Filesize
72KB
MD5f8732088fc88ac5be07c620c40a4f56e
SHA1c7cecd31f4fb787473af922d057c5853f729a789
SHA2565a6f7bd0c6e249575a3a4931dc7a0ac4442dfa8347949e990976c879cc9a90ff
SHA51259ae68f491b355baf1043fcf6920d2f95684a0bc7c02725a71c8438ccc5ebf593693f2bf447ba46128364741dfe067327f38f0c4e724bdb02c84c369db05e432
-
Filesize
72KB
MD538822c82e6f4c92b2cedac78e1fa991e
SHA18bfc45d8a436e042000d886d255029ebbc2308cd
SHA2567d63b0f6b162d5a4955577e1647d552a93b86b893abb6205e5aaabfbab399c07
SHA512c6a18399a9006eb255dbc0ebddd375c9719e85330a63bda4ce282c82966c234db0c34552e0f3a8b379b51808ee60b559e56c124c60ef4e908e29c662786dd199
-
Filesize
72KB
MD538822c82e6f4c92b2cedac78e1fa991e
SHA18bfc45d8a436e042000d886d255029ebbc2308cd
SHA2567d63b0f6b162d5a4955577e1647d552a93b86b893abb6205e5aaabfbab399c07
SHA512c6a18399a9006eb255dbc0ebddd375c9719e85330a63bda4ce282c82966c234db0c34552e0f3a8b379b51808ee60b559e56c124c60ef4e908e29c662786dd199
-
Filesize
72KB
MD538822c82e6f4c92b2cedac78e1fa991e
SHA18bfc45d8a436e042000d886d255029ebbc2308cd
SHA2567d63b0f6b162d5a4955577e1647d552a93b86b893abb6205e5aaabfbab399c07
SHA512c6a18399a9006eb255dbc0ebddd375c9719e85330a63bda4ce282c82966c234db0c34552e0f3a8b379b51808ee60b559e56c124c60ef4e908e29c662786dd199
-
Filesize
72KB
MD538822c82e6f4c92b2cedac78e1fa991e
SHA18bfc45d8a436e042000d886d255029ebbc2308cd
SHA2567d63b0f6b162d5a4955577e1647d552a93b86b893abb6205e5aaabfbab399c07
SHA512c6a18399a9006eb255dbc0ebddd375c9719e85330a63bda4ce282c82966c234db0c34552e0f3a8b379b51808ee60b559e56c124c60ef4e908e29c662786dd199
-
Filesize
72KB
MD55f3b678928694bfe8d4702a9463aff66
SHA19db3ec6c20533a9cde9e9a77947e8b0bba806314
SHA256085437de0fe79880d065fecc4e694092b4ce116a987e1bb6a123bbc28adbde14
SHA5127521b7f13079e4ae4d9cf07b3f913cc7f4b2b09f37f2ffdc61bc47ba53ab0642c11b7b557b50b0c2b28c1ad75eda765d439bcc122094c7d3d21243c9cb565a75
-
Filesize
72KB
MD55f3b678928694bfe8d4702a9463aff66
SHA19db3ec6c20533a9cde9e9a77947e8b0bba806314
SHA256085437de0fe79880d065fecc4e694092b4ce116a987e1bb6a123bbc28adbde14
SHA5127521b7f13079e4ae4d9cf07b3f913cc7f4b2b09f37f2ffdc61bc47ba53ab0642c11b7b557b50b0c2b28c1ad75eda765d439bcc122094c7d3d21243c9cb565a75
-
Filesize
72KB
MD53312945c9685763999ba5b67723c2c5a
SHA1c177eb463910d60c618243272abb42507d8cadfc
SHA2562eaac650d4055ec6e79a1426ac5fa455a0806d94084b9a1c5e2bcc3bd40bf49b
SHA5125d3a358279d6e82f50d3b3b22dc5f602bdfd5a3adab24ac388c50a5a5ef583545aeb137c33f2b2cff24a73356c53180f52f228760e5bf087c4c3abf49c556d2e
-
Filesize
72KB
MD53312945c9685763999ba5b67723c2c5a
SHA1c177eb463910d60c618243272abb42507d8cadfc
SHA2562eaac650d4055ec6e79a1426ac5fa455a0806d94084b9a1c5e2bcc3bd40bf49b
SHA5125d3a358279d6e82f50d3b3b22dc5f602bdfd5a3adab24ac388c50a5a5ef583545aeb137c33f2b2cff24a73356c53180f52f228760e5bf087c4c3abf49c556d2e
-
Filesize
72KB
MD5030beecd669641ce1a9b1cf2de320027
SHA10e4468b2573699ffa4762339f17043ae8b8bb74c
SHA25607c4cb3c2733195c873c3729110cc194ed10bd19900bfdf09a60d6d96fe0f80a
SHA5128a8eb5e9badefce45e6deecce9accc5d0fcb0f3caa0ca60f4cc4e1b1e3d5728a07045fe9f9174a4987c7f16d8c6f871b5ee4a40cecbdfa755bdb62e9e15f1188
-
Filesize
72KB
MD5030beecd669641ce1a9b1cf2de320027
SHA10e4468b2573699ffa4762339f17043ae8b8bb74c
SHA25607c4cb3c2733195c873c3729110cc194ed10bd19900bfdf09a60d6d96fe0f80a
SHA5128a8eb5e9badefce45e6deecce9accc5d0fcb0f3caa0ca60f4cc4e1b1e3d5728a07045fe9f9174a4987c7f16d8c6f871b5ee4a40cecbdfa755bdb62e9e15f1188
-
Filesize
72KB
MD58a5bded27578e9d7fa59a63322b9a6b8
SHA1403363f1312d4c7765459ad26b1a41de3a379dea
SHA256908f32132ebb0c1e56cc52ff898793687adb56ed613ad8c43f9c961aa831a90d
SHA512a0f6fab30fdb687a8c644516f80a47e3546f88193f7b6cad584afa47b67220ad205b4cae740e3249898fccc0f0ad4f608b0531f069199fd19b9a44f80868d0b8
-
Filesize
72KB
MD58a5bded27578e9d7fa59a63322b9a6b8
SHA1403363f1312d4c7765459ad26b1a41de3a379dea
SHA256908f32132ebb0c1e56cc52ff898793687adb56ed613ad8c43f9c961aa831a90d
SHA512a0f6fab30fdb687a8c644516f80a47e3546f88193f7b6cad584afa47b67220ad205b4cae740e3249898fccc0f0ad4f608b0531f069199fd19b9a44f80868d0b8
-
Filesize
72KB
MD5e2724095d67b11efaefae21c363be890
SHA179307777aa3f2dd480505b400c62fda08832ca9b
SHA2568dcc7e521d747e25b454664312cc7835c31776d40d91b9375f929812e7e3191a
SHA512bb5c69e3fdb5a3157eb5b86ca73b1b9226f11ad7fa13e0abbcb9a7422b5d9d2f767cec4ee629aaa4ca35bb3067f02705eb1b4e3eec9b2dcb5b0beb53d46853ad
-
Filesize
72KB
MD5e2724095d67b11efaefae21c363be890
SHA179307777aa3f2dd480505b400c62fda08832ca9b
SHA2568dcc7e521d747e25b454664312cc7835c31776d40d91b9375f929812e7e3191a
SHA512bb5c69e3fdb5a3157eb5b86ca73b1b9226f11ad7fa13e0abbcb9a7422b5d9d2f767cec4ee629aaa4ca35bb3067f02705eb1b4e3eec9b2dcb5b0beb53d46853ad
-
Filesize
72KB
MD56979c5aa53a57cc3008e573d8145ce53
SHA1f9e94a1d6157a437f97b419a8b1bb409e2ccf5c7
SHA256bdc40cd20ecc5fa21966dac07a633951c7ff346820cab105d708346b928b841d
SHA512aee50d58df47db1d37716e88d0e8a74dd0151abd87bb5115c046482293a0ed8270483752719e0b78421a0c8463a1218977fb8a00449cf970a8c3a93baa51b5a9
-
Filesize
72KB
MD56979c5aa53a57cc3008e573d8145ce53
SHA1f9e94a1d6157a437f97b419a8b1bb409e2ccf5c7
SHA256bdc40cd20ecc5fa21966dac07a633951c7ff346820cab105d708346b928b841d
SHA512aee50d58df47db1d37716e88d0e8a74dd0151abd87bb5115c046482293a0ed8270483752719e0b78421a0c8463a1218977fb8a00449cf970a8c3a93baa51b5a9
-
Filesize
72KB
MD58a5bded27578e9d7fa59a63322b9a6b8
SHA1403363f1312d4c7765459ad26b1a41de3a379dea
SHA256908f32132ebb0c1e56cc52ff898793687adb56ed613ad8c43f9c961aa831a90d
SHA512a0f6fab30fdb687a8c644516f80a47e3546f88193f7b6cad584afa47b67220ad205b4cae740e3249898fccc0f0ad4f608b0531f069199fd19b9a44f80868d0b8
-
Filesize
72KB
MD58a5bded27578e9d7fa59a63322b9a6b8
SHA1403363f1312d4c7765459ad26b1a41de3a379dea
SHA256908f32132ebb0c1e56cc52ff898793687adb56ed613ad8c43f9c961aa831a90d
SHA512a0f6fab30fdb687a8c644516f80a47e3546f88193f7b6cad584afa47b67220ad205b4cae740e3249898fccc0f0ad4f608b0531f069199fd19b9a44f80868d0b8
-
Filesize
72KB
MD5eb3f37a4ee8ffcf3df9df81cc1af3627
SHA1f7500d9e3a0c53df6702364319b35f945a72eeb6
SHA256544fd9cbd04f84d14cd2e62e3df57e82fbf8d6297a31201e2d6459e5766fdf30
SHA5127c15024fc7072475f334de0818f0d1fa08dedba4660af12501f29d76a3a87093e61ff0bb1639760ffbd4480a3cbadd587836f5b23225cdc01de2e35e3178be22
-
Filesize
72KB
MD5a212c92db2b381ece6ec1606dbd620a7
SHA179aaaefda3e1b7f55de947eb58cc7e332e8a2bf5
SHA256331bd04c4b86f97ed3b73b188fe6ad4417bd5adeae5434cc916ec47f3d1b622a
SHA512542a2529c8febfac92fe3ce66dc13799731045c4570755daaed02a0a99ce04be78a2334313595c076c8c77f1bb8384a6185bb27ed60fabdf9ea2d2059fc0cbfd
-
Filesize
72KB
MD5a212c92db2b381ece6ec1606dbd620a7
SHA179aaaefda3e1b7f55de947eb58cc7e332e8a2bf5
SHA256331bd04c4b86f97ed3b73b188fe6ad4417bd5adeae5434cc916ec47f3d1b622a
SHA512542a2529c8febfac92fe3ce66dc13799731045c4570755daaed02a0a99ce04be78a2334313595c076c8c77f1bb8384a6185bb27ed60fabdf9ea2d2059fc0cbfd
-
Filesize
72KB
MD5071be538096524efd697594d9d6baf15
SHA11e5322ef7762679b344a17a507fee2d0b546d52e
SHA2560c0bd0fcdd6a1d46a85f3ecd53fef536b793752d2ea06a158dd2c33898f84fa8
SHA512c403a3ba10a3b1b819393053f215c3a9eae51b9b4b6c757532a4c4884e62d64fd051ae391048c723883a64957dc96bc2d662d08628cf8bef4aabb8bfbd4c6645
-
Filesize
72KB
MD5071be538096524efd697594d9d6baf15
SHA11e5322ef7762679b344a17a507fee2d0b546d52e
SHA2560c0bd0fcdd6a1d46a85f3ecd53fef536b793752d2ea06a158dd2c33898f84fa8
SHA512c403a3ba10a3b1b819393053f215c3a9eae51b9b4b6c757532a4c4884e62d64fd051ae391048c723883a64957dc96bc2d662d08628cf8bef4aabb8bfbd4c6645
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD58581a8c7c9962ef8105973c738dc4fb1
SHA1da94bf50abab560c2eaadf15f4f8478485636b05
SHA2561045a4b6997e4d365a8c9cb8cc5ade840997eb925ae3c0a84ad79423305d4760
SHA51287c2beb6d06ec5cf57b2f8ace32dd344e3de475819990a973ca8d1c5a66c20894f9ae2d8123feb7688741e427aabe24c6321c81d620820a7390c117e6b25506b
-
Filesize
72KB
MD58581a8c7c9962ef8105973c738dc4fb1
SHA1da94bf50abab560c2eaadf15f4f8478485636b05
SHA2561045a4b6997e4d365a8c9cb8cc5ade840997eb925ae3c0a84ad79423305d4760
SHA51287c2beb6d06ec5cf57b2f8ace32dd344e3de475819990a973ca8d1c5a66c20894f9ae2d8123feb7688741e427aabe24c6321c81d620820a7390c117e6b25506b
-
Filesize
72KB
MD58581a8c7c9962ef8105973c738dc4fb1
SHA1da94bf50abab560c2eaadf15f4f8478485636b05
SHA2561045a4b6997e4d365a8c9cb8cc5ade840997eb925ae3c0a84ad79423305d4760
SHA51287c2beb6d06ec5cf57b2f8ace32dd344e3de475819990a973ca8d1c5a66c20894f9ae2d8123feb7688741e427aabe24c6321c81d620820a7390c117e6b25506b
-
Filesize
72KB
MD58581a8c7c9962ef8105973c738dc4fb1
SHA1da94bf50abab560c2eaadf15f4f8478485636b05
SHA2561045a4b6997e4d365a8c9cb8cc5ade840997eb925ae3c0a84ad79423305d4760
SHA51287c2beb6d06ec5cf57b2f8ace32dd344e3de475819990a973ca8d1c5a66c20894f9ae2d8123feb7688741e427aabe24c6321c81d620820a7390c117e6b25506b
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD52542ca45c4c697ab15de1bb9eab8eb45
SHA17e5e3245ac60b53cb33d94a85b72ecf839550125
SHA2561e2b750db5e9250647bd9392ad5a977ce2adae0e428deecd5b095aa330c1dc3d
SHA51262b01e7dbbe363b3fbe6187450d8f6e4e730d63f66b5ac9462aa2d2bab6a22e36341569a8ac8c30a28d70e5564e8f7395a129946322cd928ba0c42fbca8e9e46
-
Filesize
72KB
MD58581a8c7c9962ef8105973c738dc4fb1
SHA1da94bf50abab560c2eaadf15f4f8478485636b05
SHA2561045a4b6997e4d365a8c9cb8cc5ade840997eb925ae3c0a84ad79423305d4760
SHA51287c2beb6d06ec5cf57b2f8ace32dd344e3de475819990a973ca8d1c5a66c20894f9ae2d8123feb7688741e427aabe24c6321c81d620820a7390c117e6b25506b
-
Filesize
72KB
MD58581a8c7c9962ef8105973c738dc4fb1
SHA1da94bf50abab560c2eaadf15f4f8478485636b05
SHA2561045a4b6997e4d365a8c9cb8cc5ade840997eb925ae3c0a84ad79423305d4760
SHA51287c2beb6d06ec5cf57b2f8ace32dd344e3de475819990a973ca8d1c5a66c20894f9ae2d8123feb7688741e427aabe24c6321c81d620820a7390c117e6b25506b
-
Filesize
8KB
-
Filesize
8KB