Analysis
-
max time kernel
76s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
23-11-2022 21:41
General
-
Target
c616a8c9223aa2e2ad9f66143b89d08f52348d0b0f61d4229b873a27975523bb.exe
-
Size
78KB
-
MD5
52ab702160cd1e8bc3f5bac2e26920d0
-
SHA1
e6d9b10458d4ab44c1e176fa17151be2eee819a4
-
SHA256
c616a8c9223aa2e2ad9f66143b89d08f52348d0b0f61d4229b873a27975523bb
-
SHA512
052c037c93425e6dc8fbe3cc494de4f2ff4c5dacccec9257aa8a3b23715bfc5c98c10476a87b1611f635d22db2936a73aa3a5b281126100d517351def05b6983
-
SSDEEP
768:RpQNwC3BEddsEqOt/hyJF+x3BEJwRrPHisKl4qhR:7eTce/U/hKYuKPHisKldhR
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\c616a8c9223aa2e2ad9f66143b89d08f52348d0b0f61d4229b873a27975523bb.exe"C:\Users\Admin\AppData\Local\Temp\c616a8c9223aa2e2ad9f66143b89d08f52348d0b0f61d4229b873a27975523bb.exe"2⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\c616a8c9223aa2e2ad9f66143b89d08f52348d0b0f61d4229b873a27975523bb.exe"C:\Users\Admin\AppData\Local\Temp\c616a8c9223aa2e2ad9f66143b89d08f52348d0b0f61d4229b873a27975523bb.exe"3⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1984946439\backup.exeC:\Users\Admin\AppData\Local\Temp\1984946439\backup.exe C:\Users\Admin\AppData\Local\Temp\1984946439\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\10⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\10⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\11⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\11⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\11⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\11⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\11⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\11⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\10⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\10⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\10⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\10⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\10⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\10⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\10⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\update.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\10⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\10⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\10⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\10⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\10⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\10⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\10⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\10⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\10⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\9⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\9⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\10⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\en-US\data.exe"C:\Program Files\Common Files\System\ado\en-US\data.exe" C:\Program Files\Common Files\System\ado\en-US\10⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\10⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\10⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\10⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\10⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\9⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\9⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\9⤵
-
-
C:\Program Files\Common Files\System\fr-FR\update.exe"C:\Program Files\Common Files\System\fr-FR\update.exe" C:\Program Files\Common Files\System\fr-FR\9⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\9⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\de-DE\update.exe"C:\Program Files\DVD Maker\de-DE\update.exe" C:\Program Files\DVD Maker\de-DE\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\8⤵
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\ja-JP\data.exe"C:\Program Files\DVD Maker\ja-JP\data.exe" C:\Program Files\DVD Maker\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\data.exe"C:\Program Files\DVD Maker\Shared\data.exe" C:\Program Files\DVD Maker\Shared\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\10⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\10⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\10⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\10⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\10⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\7⤵
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\10⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\11⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\11⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\11⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\data.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\data.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\11⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\11⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\11⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\11⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\11⤵
-
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\10⤵
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\10⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\7⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\7⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\7⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\7⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\7⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\data.exe"C:\Program Files (x86)\Adobe\data.exe" C:\Program Files (x86)\Adobe\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\10⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\10⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\10⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\10⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\11⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\10⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\10⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\10⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\10⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\9⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\update.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\update.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\10⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\9⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\8⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\8⤵
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\8⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\8⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\8⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\7⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\7⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\update.exe"C:\Program Files (x86)\Microsoft Office\update.exe" C:\Program Files (x86)\Microsoft Office\7⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\update.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\update.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\7⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\7⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\7⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\8⤵
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\8⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\8⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\8⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\8⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\8⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\8⤵
-
-
C:\Users\Admin\Saved Games\data.exe"C:\Users\Admin\Saved Games\data.exe" C:\Users\Admin\Saved Games\8⤵
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\8⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\7⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\6⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
78KB
MD522cae2fb0c4f08a9cebdb4b9d95b45b6
SHA189062c744a1676f24e8b413d8f5e1f1cf66512cd
SHA256953d61d73c8f1522b5bd976e1cb44ccd3c302b1115294df369810f2369763c4f
SHA512b94d2f003a709f46c957447688282052f89abe156a006702e8a65b0a86c66d499e46d98355b69847fee5777b3ad44ef2452b5a4d11e22a089d8b6f28b8a42bb1
-
Filesize
78KB
MD5b73bfac5915bc3c61559959de1bbf4dc
SHA1da1218b898997a2dd2b494b77638d07ae837c2bc
SHA25685f6c0a69da5598a149549b3c12a3645f2aef4eb30796b0d1dc9e1bf1f8ff25a
SHA5121b7ed3a026f97d9d40a30ba3cffec83625d983dff8bd642c11fb492148c093da8ff46031cba4002be5d4267438e2a67465aee82b28a62df06e0d96d84afb3db8
-
Filesize
78KB
MD5b73bfac5915bc3c61559959de1bbf4dc
SHA1da1218b898997a2dd2b494b77638d07ae837c2bc
SHA25685f6c0a69da5598a149549b3c12a3645f2aef4eb30796b0d1dc9e1bf1f8ff25a
SHA5121b7ed3a026f97d9d40a30ba3cffec83625d983dff8bd642c11fb492148c093da8ff46031cba4002be5d4267438e2a67465aee82b28a62df06e0d96d84afb3db8
-
Filesize
78KB
MD555fc97e395188e496747efcda93a21fb
SHA1de2e909396eef80bcb12b258119a3ac6dcbd18cf
SHA2564d22f3b852ef2dfac7f613407b88b40d4a70d61d4ec0b802d10f9f9f21068e8c
SHA512c514f4a6f778f57193492e70c96fb541491438f1581f1b1bb628e23eb79d047fb05e70f55cc6db39abf20c87f7b5a068d23f5b161a36e1dd294e749370e134e8
-
Filesize
78KB
MD5e97dd452600b511b973f6291b4a60611
SHA1c962f8b6488159c522298c4db1e11b7eda801ca5
SHA2567e25babf45d450119e8bee98618788e6fa3403ca2c97976538fae52c3b6a5383
SHA512af3d9afd1fd706755162eadfb3b422e1e0c52b407b4cf4eef1d262f7caf1ae95b3839d1d8391ab0f09adcc831a9847ae9a375a14d38e08957809a9653df91600
-
Filesize
78KB
MD5e97dd452600b511b973f6291b4a60611
SHA1c962f8b6488159c522298c4db1e11b7eda801ca5
SHA2567e25babf45d450119e8bee98618788e6fa3403ca2c97976538fae52c3b6a5383
SHA512af3d9afd1fd706755162eadfb3b422e1e0c52b407b4cf4eef1d262f7caf1ae95b3839d1d8391ab0f09adcc831a9847ae9a375a14d38e08957809a9653df91600
-
Filesize
78KB
MD5dcdd34aafc1987d1876433474ce9a150
SHA1b8d9cd099050912125aa4ef204e49f37dd7fd03a
SHA256d4fa766f4877464475f5a127f63b37e983f526f5dc171db217938247fb240ce9
SHA5126b7a93b0718873d7197e0dfebfdf754c5aa5d31c80fc16487c82074cd24a80bae146ff660096e747b57811d927fb78c1dc62389030c74dd91be9c156ca2bf033
-
Filesize
78KB
MD555fc97e395188e496747efcda93a21fb
SHA1de2e909396eef80bcb12b258119a3ac6dcbd18cf
SHA2564d22f3b852ef2dfac7f613407b88b40d4a70d61d4ec0b802d10f9f9f21068e8c
SHA512c514f4a6f778f57193492e70c96fb541491438f1581f1b1bb628e23eb79d047fb05e70f55cc6db39abf20c87f7b5a068d23f5b161a36e1dd294e749370e134e8
-
Filesize
78KB
MD555fc97e395188e496747efcda93a21fb
SHA1de2e909396eef80bcb12b258119a3ac6dcbd18cf
SHA2564d22f3b852ef2dfac7f613407b88b40d4a70d61d4ec0b802d10f9f9f21068e8c
SHA512c514f4a6f778f57193492e70c96fb541491438f1581f1b1bb628e23eb79d047fb05e70f55cc6db39abf20c87f7b5a068d23f5b161a36e1dd294e749370e134e8
-
Filesize
78KB
MD5598dd94d2f97648543fbff4291265ab8
SHA1d196b9dfe8528b4c358be953f1c7138275ac63db
SHA25652006e583422e166982ff9761c82c2a064fb7748d4756654e95f6ccfadd55119
SHA512bd39ab303c9cf3011aad62de3030f4fc600f7430bd2d9418cc05cbb7dae7f99767a0bb0459af22e5823c63970c57787e5f930f941b9f7fb91b710fe70ed41789
-
Filesize
78KB
MD5dcdd34aafc1987d1876433474ce9a150
SHA1b8d9cd099050912125aa4ef204e49f37dd7fd03a
SHA256d4fa766f4877464475f5a127f63b37e983f526f5dc171db217938247fb240ce9
SHA5126b7a93b0718873d7197e0dfebfdf754c5aa5d31c80fc16487c82074cd24a80bae146ff660096e747b57811d927fb78c1dc62389030c74dd91be9c156ca2bf033
-
Filesize
78KB
MD5dcdd34aafc1987d1876433474ce9a150
SHA1b8d9cd099050912125aa4ef204e49f37dd7fd03a
SHA256d4fa766f4877464475f5a127f63b37e983f526f5dc171db217938247fb240ce9
SHA5126b7a93b0718873d7197e0dfebfdf754c5aa5d31c80fc16487c82074cd24a80bae146ff660096e747b57811d927fb78c1dc62389030c74dd91be9c156ca2bf033
-
Filesize
78KB
MD5598dd94d2f97648543fbff4291265ab8
SHA1d196b9dfe8528b4c358be953f1c7138275ac63db
SHA25652006e583422e166982ff9761c82c2a064fb7748d4756654e95f6ccfadd55119
SHA512bd39ab303c9cf3011aad62de3030f4fc600f7430bd2d9418cc05cbb7dae7f99767a0bb0459af22e5823c63970c57787e5f930f941b9f7fb91b710fe70ed41789
-
Filesize
78KB
MD5e97dd452600b511b973f6291b4a60611
SHA1c962f8b6488159c522298c4db1e11b7eda801ca5
SHA2567e25babf45d450119e8bee98618788e6fa3403ca2c97976538fae52c3b6a5383
SHA512af3d9afd1fd706755162eadfb3b422e1e0c52b407b4cf4eef1d262f7caf1ae95b3839d1d8391ab0f09adcc831a9847ae9a375a14d38e08957809a9653df91600
-
Filesize
78KB
MD5e97dd452600b511b973f6291b4a60611
SHA1c962f8b6488159c522298c4db1e11b7eda801ca5
SHA2567e25babf45d450119e8bee98618788e6fa3403ca2c97976538fae52c3b6a5383
SHA512af3d9afd1fd706755162eadfb3b422e1e0c52b407b4cf4eef1d262f7caf1ae95b3839d1d8391ab0f09adcc831a9847ae9a375a14d38e08957809a9653df91600
-
Filesize
78KB
MD5e31303da29fa3013eb1b2f2292ad2bdc
SHA19119372a99a6596c77ade4363093012e92a99faf
SHA256c445da201751c426164c77131b1c0641d5b7a07c53094ad1f6f1cf8dbe7f5754
SHA512b9fb17ce11f4d3a1c219459c302c1621c5b87c288901ad17f917dcef56e01305abd1c0c5bf3723d584d06cd484ccf1ed9921cd6ddedf8a97e57825dfec768dd8
-
Filesize
78KB
MD5e31303da29fa3013eb1b2f2292ad2bdc
SHA19119372a99a6596c77ade4363093012e92a99faf
SHA256c445da201751c426164c77131b1c0641d5b7a07c53094ad1f6f1cf8dbe7f5754
SHA512b9fb17ce11f4d3a1c219459c302c1621c5b87c288901ad17f917dcef56e01305abd1c0c5bf3723d584d06cd484ccf1ed9921cd6ddedf8a97e57825dfec768dd8
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD587c2062ecbd4990ee972f92edcdbbd0d
SHA112913910cedfd7295e5678a808ec2e38b8d11049
SHA256800183e0441e1570638ff77582525c36ac446ea9b8bed2319647850a71372cce
SHA512eef2da6435a9d037a0dfc9de422f07734f4fd85a2c064cb7b5e7149ee2250b1a94f8c971c134a3e85c54e7f2ba55afc511adc829e1013765708fdf4448a51b93
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5410ed843126f892551b8da1381846e30
SHA1a57bf67237fcaf424f189325304cffb3d89537d9
SHA2565ae7180deef25d3458a49f2f41987cd851c23a0c14992d86ad70163d2cbd78d1
SHA512b4f07141c167f155ca8ab639bf57f6f833e75ef7c9db4a2073d8da2aff8801783569700e177125ee85e47e6465c2f8e7bcde21ac44ddf9c58975454cf715b443
-
Filesize
78KB
MD5410ed843126f892551b8da1381846e30
SHA1a57bf67237fcaf424f189325304cffb3d89537d9
SHA2565ae7180deef25d3458a49f2f41987cd851c23a0c14992d86ad70163d2cbd78d1
SHA512b4f07141c167f155ca8ab639bf57f6f833e75ef7c9db4a2073d8da2aff8801783569700e177125ee85e47e6465c2f8e7bcde21ac44ddf9c58975454cf715b443
-
Filesize
78KB
MD522cae2fb0c4f08a9cebdb4b9d95b45b6
SHA189062c744a1676f24e8b413d8f5e1f1cf66512cd
SHA256953d61d73c8f1522b5bd976e1cb44ccd3c302b1115294df369810f2369763c4f
SHA512b94d2f003a709f46c957447688282052f89abe156a006702e8a65b0a86c66d499e46d98355b69847fee5777b3ad44ef2452b5a4d11e22a089d8b6f28b8a42bb1
-
Filesize
78KB
MD522cae2fb0c4f08a9cebdb4b9d95b45b6
SHA189062c744a1676f24e8b413d8f5e1f1cf66512cd
SHA256953d61d73c8f1522b5bd976e1cb44ccd3c302b1115294df369810f2369763c4f
SHA512b94d2f003a709f46c957447688282052f89abe156a006702e8a65b0a86c66d499e46d98355b69847fee5777b3ad44ef2452b5a4d11e22a089d8b6f28b8a42bb1
-
Filesize
78KB
MD5b73bfac5915bc3c61559959de1bbf4dc
SHA1da1218b898997a2dd2b494b77638d07ae837c2bc
SHA25685f6c0a69da5598a149549b3c12a3645f2aef4eb30796b0d1dc9e1bf1f8ff25a
SHA5121b7ed3a026f97d9d40a30ba3cffec83625d983dff8bd642c11fb492148c093da8ff46031cba4002be5d4267438e2a67465aee82b28a62df06e0d96d84afb3db8
-
Filesize
78KB
MD5b73bfac5915bc3c61559959de1bbf4dc
SHA1da1218b898997a2dd2b494b77638d07ae837c2bc
SHA25685f6c0a69da5598a149549b3c12a3645f2aef4eb30796b0d1dc9e1bf1f8ff25a
SHA5121b7ed3a026f97d9d40a30ba3cffec83625d983dff8bd642c11fb492148c093da8ff46031cba4002be5d4267438e2a67465aee82b28a62df06e0d96d84afb3db8
-
Filesize
78KB
MD555fc97e395188e496747efcda93a21fb
SHA1de2e909396eef80bcb12b258119a3ac6dcbd18cf
SHA2564d22f3b852ef2dfac7f613407b88b40d4a70d61d4ec0b802d10f9f9f21068e8c
SHA512c514f4a6f778f57193492e70c96fb541491438f1581f1b1bb628e23eb79d047fb05e70f55cc6db39abf20c87f7b5a068d23f5b161a36e1dd294e749370e134e8
-
Filesize
78KB
MD555fc97e395188e496747efcda93a21fb
SHA1de2e909396eef80bcb12b258119a3ac6dcbd18cf
SHA2564d22f3b852ef2dfac7f613407b88b40d4a70d61d4ec0b802d10f9f9f21068e8c
SHA512c514f4a6f778f57193492e70c96fb541491438f1581f1b1bb628e23eb79d047fb05e70f55cc6db39abf20c87f7b5a068d23f5b161a36e1dd294e749370e134e8
-
Filesize
78KB
MD5e97dd452600b511b973f6291b4a60611
SHA1c962f8b6488159c522298c4db1e11b7eda801ca5
SHA2567e25babf45d450119e8bee98618788e6fa3403ca2c97976538fae52c3b6a5383
SHA512af3d9afd1fd706755162eadfb3b422e1e0c52b407b4cf4eef1d262f7caf1ae95b3839d1d8391ab0f09adcc831a9847ae9a375a14d38e08957809a9653df91600
-
Filesize
78KB
MD5e97dd452600b511b973f6291b4a60611
SHA1c962f8b6488159c522298c4db1e11b7eda801ca5
SHA2567e25babf45d450119e8bee98618788e6fa3403ca2c97976538fae52c3b6a5383
SHA512af3d9afd1fd706755162eadfb3b422e1e0c52b407b4cf4eef1d262f7caf1ae95b3839d1d8391ab0f09adcc831a9847ae9a375a14d38e08957809a9653df91600
-
Filesize
78KB
MD5dcdd34aafc1987d1876433474ce9a150
SHA1b8d9cd099050912125aa4ef204e49f37dd7fd03a
SHA256d4fa766f4877464475f5a127f63b37e983f526f5dc171db217938247fb240ce9
SHA5126b7a93b0718873d7197e0dfebfdf754c5aa5d31c80fc16487c82074cd24a80bae146ff660096e747b57811d927fb78c1dc62389030c74dd91be9c156ca2bf033
-
Filesize
78KB
MD5dcdd34aafc1987d1876433474ce9a150
SHA1b8d9cd099050912125aa4ef204e49f37dd7fd03a
SHA256d4fa766f4877464475f5a127f63b37e983f526f5dc171db217938247fb240ce9
SHA5126b7a93b0718873d7197e0dfebfdf754c5aa5d31c80fc16487c82074cd24a80bae146ff660096e747b57811d927fb78c1dc62389030c74dd91be9c156ca2bf033
-
Filesize
78KB
MD555fc97e395188e496747efcda93a21fb
SHA1de2e909396eef80bcb12b258119a3ac6dcbd18cf
SHA2564d22f3b852ef2dfac7f613407b88b40d4a70d61d4ec0b802d10f9f9f21068e8c
SHA512c514f4a6f778f57193492e70c96fb541491438f1581f1b1bb628e23eb79d047fb05e70f55cc6db39abf20c87f7b5a068d23f5b161a36e1dd294e749370e134e8
-
Filesize
78KB
MD555fc97e395188e496747efcda93a21fb
SHA1de2e909396eef80bcb12b258119a3ac6dcbd18cf
SHA2564d22f3b852ef2dfac7f613407b88b40d4a70d61d4ec0b802d10f9f9f21068e8c
SHA512c514f4a6f778f57193492e70c96fb541491438f1581f1b1bb628e23eb79d047fb05e70f55cc6db39abf20c87f7b5a068d23f5b161a36e1dd294e749370e134e8
-
Filesize
78KB
MD5598dd94d2f97648543fbff4291265ab8
SHA1d196b9dfe8528b4c358be953f1c7138275ac63db
SHA25652006e583422e166982ff9761c82c2a064fb7748d4756654e95f6ccfadd55119
SHA512bd39ab303c9cf3011aad62de3030f4fc600f7430bd2d9418cc05cbb7dae7f99767a0bb0459af22e5823c63970c57787e5f930f941b9f7fb91b710fe70ed41789
-
Filesize
78KB
MD5598dd94d2f97648543fbff4291265ab8
SHA1d196b9dfe8528b4c358be953f1c7138275ac63db
SHA25652006e583422e166982ff9761c82c2a064fb7748d4756654e95f6ccfadd55119
SHA512bd39ab303c9cf3011aad62de3030f4fc600f7430bd2d9418cc05cbb7dae7f99767a0bb0459af22e5823c63970c57787e5f930f941b9f7fb91b710fe70ed41789
-
Filesize
78KB
MD5dcdd34aafc1987d1876433474ce9a150
SHA1b8d9cd099050912125aa4ef204e49f37dd7fd03a
SHA256d4fa766f4877464475f5a127f63b37e983f526f5dc171db217938247fb240ce9
SHA5126b7a93b0718873d7197e0dfebfdf754c5aa5d31c80fc16487c82074cd24a80bae146ff660096e747b57811d927fb78c1dc62389030c74dd91be9c156ca2bf033
-
Filesize
78KB
MD5dcdd34aafc1987d1876433474ce9a150
SHA1b8d9cd099050912125aa4ef204e49f37dd7fd03a
SHA256d4fa766f4877464475f5a127f63b37e983f526f5dc171db217938247fb240ce9
SHA5126b7a93b0718873d7197e0dfebfdf754c5aa5d31c80fc16487c82074cd24a80bae146ff660096e747b57811d927fb78c1dc62389030c74dd91be9c156ca2bf033
-
Filesize
78KB
MD5598dd94d2f97648543fbff4291265ab8
SHA1d196b9dfe8528b4c358be953f1c7138275ac63db
SHA25652006e583422e166982ff9761c82c2a064fb7748d4756654e95f6ccfadd55119
SHA512bd39ab303c9cf3011aad62de3030f4fc600f7430bd2d9418cc05cbb7dae7f99767a0bb0459af22e5823c63970c57787e5f930f941b9f7fb91b710fe70ed41789
-
Filesize
78KB
MD5598dd94d2f97648543fbff4291265ab8
SHA1d196b9dfe8528b4c358be953f1c7138275ac63db
SHA25652006e583422e166982ff9761c82c2a064fb7748d4756654e95f6ccfadd55119
SHA512bd39ab303c9cf3011aad62de3030f4fc600f7430bd2d9418cc05cbb7dae7f99767a0bb0459af22e5823c63970c57787e5f930f941b9f7fb91b710fe70ed41789
-
Filesize
78KB
MD5ebe439a26e9827c20b521e33e26c8816
SHA1e5aece038727fa2a9fcac4de3889cea8257c863d
SHA256d1f667e6675861e4066aaa4494c57bac635cd5a5c94722325eb9bf6d249e6296
SHA512dc2d0a54a9d1e1ab6547249064ea2850dd25653610470b839b9f8881d14df4f398d97ebe70600d65762f9770034a70a6841211e54fbcb5e2e67de387f170b86e
-
Filesize
78KB
MD5e97dd452600b511b973f6291b4a60611
SHA1c962f8b6488159c522298c4db1e11b7eda801ca5
SHA2567e25babf45d450119e8bee98618788e6fa3403ca2c97976538fae52c3b6a5383
SHA512af3d9afd1fd706755162eadfb3b422e1e0c52b407b4cf4eef1d262f7caf1ae95b3839d1d8391ab0f09adcc831a9847ae9a375a14d38e08957809a9653df91600
-
Filesize
78KB
MD5e97dd452600b511b973f6291b4a60611
SHA1c962f8b6488159c522298c4db1e11b7eda801ca5
SHA2567e25babf45d450119e8bee98618788e6fa3403ca2c97976538fae52c3b6a5383
SHA512af3d9afd1fd706755162eadfb3b422e1e0c52b407b4cf4eef1d262f7caf1ae95b3839d1d8391ab0f09adcc831a9847ae9a375a14d38e08957809a9653df91600
-
Filesize
78KB
MD5e31303da29fa3013eb1b2f2292ad2bdc
SHA19119372a99a6596c77ade4363093012e92a99faf
SHA256c445da201751c426164c77131b1c0641d5b7a07c53094ad1f6f1cf8dbe7f5754
SHA512b9fb17ce11f4d3a1c219459c302c1621c5b87c288901ad17f917dcef56e01305abd1c0c5bf3723d584d06cd484ccf1ed9921cd6ddedf8a97e57825dfec768dd8
-
Filesize
78KB
MD5e31303da29fa3013eb1b2f2292ad2bdc
SHA19119372a99a6596c77ade4363093012e92a99faf
SHA256c445da201751c426164c77131b1c0641d5b7a07c53094ad1f6f1cf8dbe7f5754
SHA512b9fb17ce11f4d3a1c219459c302c1621c5b87c288901ad17f917dcef56e01305abd1c0c5bf3723d584d06cd484ccf1ed9921cd6ddedf8a97e57825dfec768dd8
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD587c2062ecbd4990ee972f92edcdbbd0d
SHA112913910cedfd7295e5678a808ec2e38b8d11049
SHA256800183e0441e1570638ff77582525c36ac446ea9b8bed2319647850a71372cce
SHA512eef2da6435a9d037a0dfc9de422f07734f4fd85a2c064cb7b5e7149ee2250b1a94f8c971c134a3e85c54e7f2ba55afc511adc829e1013765708fdf4448a51b93
-
Filesize
78KB
MD587c2062ecbd4990ee972f92edcdbbd0d
SHA112913910cedfd7295e5678a808ec2e38b8d11049
SHA256800183e0441e1570638ff77582525c36ac446ea9b8bed2319647850a71372cce
SHA512eef2da6435a9d037a0dfc9de422f07734f4fd85a2c064cb7b5e7149ee2250b1a94f8c971c134a3e85c54e7f2ba55afc511adc829e1013765708fdf4448a51b93
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
Filesize
78KB
MD5ae4643642b2e30b0332879bc7ccc0a46
SHA187fafbfacb56bd89cdb038236816ae5387d72bbf
SHA256f026e45311fb531fd8cf17216a10213d30aed674d41db0439bc20f2290f10bdf
SHA51236268b12c6a813ebede91c879ae2302648e90f63f5a7dbbd831f230f984ef7c0e7d8af0dafb07d13ce6ebbf5dfd565cf00738c40f8e168981df62b5a8f94a7da
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
-
-
Filesize
84KB
-
-
Filesize
84KB
-
-
Filesize
84KB
-
-
-
Filesize
84KB
-
-
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
-
Filesize
84KB
-
-
Filesize
84KB
-
-
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
-
-
Filesize
84KB
-
-
-
-
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
8KB
-
-
Filesize
8KB
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
4KB
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
-
-
Filesize
84KB
-
-
-
-
Filesize
84KB
-
Filesize
84KB
-
-
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
-
-
-
Filesize
84KB
-
Filesize
84KB
-
-
-
-
Filesize
84KB
-
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
-
-
Filesize
84KB
-
-
Filesize
84KB
-
-
Filesize
84KB
-
-
Filesize
84KB
-
-
-
-
-
Filesize
84KB
-
-
Filesize
84KB
-
-
Filesize
84KB
-
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
-
-
Filesize
84KB
-
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB