Analysis
-
max time kernel
152s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
23-11-2022 16:52
General
-
Target
2a2c2b932c3e177971ad3ce2bee6bd781170ba059c43e26243063f5b307ecf29.exe
-
Size
72KB
-
MD5
4b6baab6a5f6f6fd78e1d73a970907ec
-
SHA1
881ac73cd0470912490b547c503ab6da75cdd1dc
-
SHA256
2a2c2b932c3e177971ad3ce2bee6bd781170ba059c43e26243063f5b307ecf29
-
SHA512
c4166711ab555258ac86f906953d326df0e8ce9f7e7ac115c477f878ac8da9301b8dd1b3ec7ff1a80c269deb0a0c738aaa1178ad3b9cc4197cba4753eea7fd0f
-
SSDEEP
768:NpQNwC3BESe4Vqth+0V5vKlE3BEJwRrTd3FAyBg+u:HeT7BVwxfvqguKRFAL+u
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a2c2b932c3e177971ad3ce2bee6bd781170ba059c43e26243063f5b307ecf29.exe"C:\Users\Admin\AppData\Local\Temp\2a2c2b932c3e177971ad3ce2bee6bd781170ba059c43e26243063f5b307ecf29.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2612363054\backup.exeC:\Users\Admin\AppData\Local\Temp\2612363054\backup.exe C:\Users\Admin\AppData\Local\Temp\2612363054\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\System Restore.exe"C:\Program Files\7-Zip\System Restore.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\data.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\data.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\update.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\update.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\update.exe"C:\Program Files\Common Files\System\ado\it-IT\update.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\en-US\System Restore.exe"C:\Program Files\Common Files\System\msadc\en-US\System Restore.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\update.exe"C:\Program Files\Common Files\System\msadc\it-IT\update.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\it-IT\update.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\update.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
-
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
-
-
-
C:\Program Files\Internet Explorer\System Restore.exe"C:\Program Files\Internet Explorer\System Restore.exe" C:\Program Files\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\update.exe"C:\Program Files\Internet Explorer\images\update.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\System Restore.exe"C:\Program Files\Microsoft Office\System Restore.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\System Restore.exe"C:\Program Files\MSBuild\System Restore.exe" C:\Program Files\MSBuild\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\System Restore.exe"C:\Program Files (x86)\Common Files\System Restore.exe" C:\Program Files (x86)\Common Files\5⤵
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\System Restore.exe"C:\Program Files (x86)\Microsoft Analysis Services\System Restore.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\update.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\update.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5db221819712373b4f47f83178c396318
SHA1b1fa2f62a9b0e3aa811c7fb4f3d973afa80c6ba1
SHA2563ac22d2d97eba935b2b5665373ac9a4ef4c51fcd75496e171ebd878a380b0d10
SHA5124b5a22d412ad17cc8caf67806f6d02da938f6bcdc4ac86dcd45bf210342f23d80ebff7f2ed655cfd09a9aa6c6ffab4bf88e7c6ef234569a221a7cc451c5c3c0a
-
Filesize
72KB
MD590b1aa303622045cdd4ccc01f9a95f1b
SHA10ee6c0536763f030acada9a5b2ddc38d01a74c29
SHA256f544099b639dcc240b46429bac1c0b3a1241c554f37d3fb0ec9ce06d9975df53
SHA512a0c8d8dba405ef6fb254e2845889029fa938d9296b88d200162eba3152f6d9f707d5e9a399bbc3f8de93ddf497ff4636b8b09ce74bbe55d0b989a14f9bf9330e
-
Filesize
72KB
MD590b1aa303622045cdd4ccc01f9a95f1b
SHA10ee6c0536763f030acada9a5b2ddc38d01a74c29
SHA256f544099b639dcc240b46429bac1c0b3a1241c554f37d3fb0ec9ce06d9975df53
SHA512a0c8d8dba405ef6fb254e2845889029fa938d9296b88d200162eba3152f6d9f707d5e9a399bbc3f8de93ddf497ff4636b8b09ce74bbe55d0b989a14f9bf9330e
-
Filesize
72KB
MD54d5f346ec53c0d0e149cfcb0192edb28
SHA120b9fa613aa3d75bc6755b79a649ac8ff471fd56
SHA256190ab75a018abd6e8bbbc96cd89461984b5ebaa14e12e224bc926210e21e355a
SHA512025c9b4c9872e10a60ab68fae5250add80559c885779f7ad02e199f2133ffe4677c4a7bd94951b9422a0f85ed9f77456ae65aff5f0c571bacf6cfa740eb4f74f
-
Filesize
72KB
MD5e97c3f0e3c6e5b25bf318819af3eb93c
SHA1cd46c61292a592b0934b54a0868cd32fddbf17b7
SHA256f05f780dab5c97163b11cca6e3a273476c36fae0ddca96dcb132c4c647479db5
SHA512ab9e77799f144d9402f7e2e4725f821424ccdf031c07be2f25a2e9d8db6dcb3cd2c40a3782937508bdaf868b01704560ae4f7fab73c884e67e447cff41cbd2a3
-
Filesize
72KB
MD5e97c3f0e3c6e5b25bf318819af3eb93c
SHA1cd46c61292a592b0934b54a0868cd32fddbf17b7
SHA256f05f780dab5c97163b11cca6e3a273476c36fae0ddca96dcb132c4c647479db5
SHA512ab9e77799f144d9402f7e2e4725f821424ccdf031c07be2f25a2e9d8db6dcb3cd2c40a3782937508bdaf868b01704560ae4f7fab73c884e67e447cff41cbd2a3
-
Filesize
72KB
MD51503a2ed2d6866b45710e6fe636bf45c
SHA1d9286bcd412b795f1aa739d0c32e5e78e94f4727
SHA256e43704dba00b0f31d0161fc115a949a30ba8dc0c3e981ff0dd445c0535ac7bf0
SHA5129ceaf8d3d45792ad888610dcc4e2fb98c1c39e8fbce547fca23d6a9dcc295cf4373536179e10ca77a82d4670db41e6b1fbf19e22386355a7bdbb7f432e3ddf17
-
Filesize
72KB
MD51ce2e5a25f2a1de61fd399bcb65c3692
SHA131eed05d7f655b0aaab16eebb73eb4898bfb70a9
SHA2561e946257678d7c4af2c49654ad7cb224ede84c8926b0214b566dcddb735f00da
SHA5125573b6e0d91eb332edc6a91f01e3d77352738c455bc441f35e077d428a58eeb336685ba9a990dab1b9aaa1d0728dfc12b44c224c5efa8bb0a9dd7ec8280e2f0c
-
Filesize
72KB
MD51ce2e5a25f2a1de61fd399bcb65c3692
SHA131eed05d7f655b0aaab16eebb73eb4898bfb70a9
SHA2561e946257678d7c4af2c49654ad7cb224ede84c8926b0214b566dcddb735f00da
SHA5125573b6e0d91eb332edc6a91f01e3d77352738c455bc441f35e077d428a58eeb336685ba9a990dab1b9aaa1d0728dfc12b44c224c5efa8bb0a9dd7ec8280e2f0c
-
Filesize
72KB
MD52b1aa9db8468fd41b848adcb6233712f
SHA1dbee98970b445837478b5f0c1bd2481339a1379b
SHA256f1c63e9b3a1322ea1d670ea9676e01dfac0c6b732238209a4f7a0ea1438f203a
SHA512e998e89c1fd4a3902540e1d246760a8abf56d2333342b6a3b48e0330cc1e899aec1a1919dd84766e15ae4833c6dd3b12f47f17e3bf24099546bf2361682e8f65
-
Filesize
72KB
MD58f655482c6b070ac54e5ec756366ffe7
SHA18f5ea667658c144adfe7c3e14cde9da3e8eb1b7c
SHA2563343f973d6f7aaa87700c16b146711439c4fdc39c285de19e72faced0eab555b
SHA512f60fbf161877c68a956b5c8a8b6d877498eaf1ff0fbe38b9d5d3041e575b63aa257a685587a48af7f0a53dca80706fbef701190caf61f0b98401ec396303354c
-
Filesize
72KB
MD58f655482c6b070ac54e5ec756366ffe7
SHA18f5ea667658c144adfe7c3e14cde9da3e8eb1b7c
SHA2563343f973d6f7aaa87700c16b146711439c4fdc39c285de19e72faced0eab555b
SHA512f60fbf161877c68a956b5c8a8b6d877498eaf1ff0fbe38b9d5d3041e575b63aa257a685587a48af7f0a53dca80706fbef701190caf61f0b98401ec396303354c
-
Filesize
72KB
MD50f6bd4124236b230fd04dc61a22800a3
SHA1f4169759b108131192bdf6c5e88b47e3e5b99a9c
SHA256a5f20913537aedebce482bc719b307f6692d535c4e570d23bc2970dbf78b594b
SHA512c1d898c99e41b9c2ba03977c99c54e574d150e868e2f0b7e1408e089f66cf5e79bdc1cb29a8f49bd716d7e9cd43d1be788a279765546b08bd5cbfd36cf2d1100
-
Filesize
72KB
MD50f6bd4124236b230fd04dc61a22800a3
SHA1f4169759b108131192bdf6c5e88b47e3e5b99a9c
SHA256a5f20913537aedebce482bc719b307f6692d535c4e570d23bc2970dbf78b594b
SHA512c1d898c99e41b9c2ba03977c99c54e574d150e868e2f0b7e1408e089f66cf5e79bdc1cb29a8f49bd716d7e9cd43d1be788a279765546b08bd5cbfd36cf2d1100
-
Filesize
72KB
MD590b1aa303622045cdd4ccc01f9a95f1b
SHA10ee6c0536763f030acada9a5b2ddc38d01a74c29
SHA256f544099b639dcc240b46429bac1c0b3a1241c554f37d3fb0ec9ce06d9975df53
SHA512a0c8d8dba405ef6fb254e2845889029fa938d9296b88d200162eba3152f6d9f707d5e9a399bbc3f8de93ddf497ff4636b8b09ce74bbe55d0b989a14f9bf9330e
-
Filesize
72KB
MD590b1aa303622045cdd4ccc01f9a95f1b
SHA10ee6c0536763f030acada9a5b2ddc38d01a74c29
SHA256f544099b639dcc240b46429bac1c0b3a1241c554f37d3fb0ec9ce06d9975df53
SHA512a0c8d8dba405ef6fb254e2845889029fa938d9296b88d200162eba3152f6d9f707d5e9a399bbc3f8de93ddf497ff4636b8b09ce74bbe55d0b989a14f9bf9330e
-
Filesize
72KB
MD534bf786211f8d385a7d83d54369f5aae
SHA10f7cfa3cd6a36878e17e7ed72b3e215b5797c988
SHA25681e9d4f6abde7273cf3bb174081bdb7dd67b1f9a54f2437005a47b11e33b7be9
SHA5128681a069810060b5d618f684967d1bf0d20e121ca4160ca9ea6099220939d75969c3ba134a49119436b39ab59ab5ab68dee09200ebcf6cdab791c788c38e66dc
-
Filesize
72KB
MD534bf786211f8d385a7d83d54369f5aae
SHA10f7cfa3cd6a36878e17e7ed72b3e215b5797c988
SHA25681e9d4f6abde7273cf3bb174081bdb7dd67b1f9a54f2437005a47b11e33b7be9
SHA5128681a069810060b5d618f684967d1bf0d20e121ca4160ca9ea6099220939d75969c3ba134a49119436b39ab59ab5ab68dee09200ebcf6cdab791c788c38e66dc
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD59d58cefb2c12ca091e25d7173f6b5a47
SHA1b7cf62739cddb199f14e2c7e978d56a64a91fd3b
SHA256083738c409a99297bb792b06d3da804db4c143c16fd2009f2802a06b3b9d6d8f
SHA51274e07ea933f655465ca0a2b9a4dbe277c2d57948693c4a661393844abc94970863b0dad68fbf2cac17fc6e609aff86541ed7bd4f2a731a6c7adcc3eb90cc9887
-
Filesize
72KB
MD59d58cefb2c12ca091e25d7173f6b5a47
SHA1b7cf62739cddb199f14e2c7e978d56a64a91fd3b
SHA256083738c409a99297bb792b06d3da804db4c143c16fd2009f2802a06b3b9d6d8f
SHA51274e07ea933f655465ca0a2b9a4dbe277c2d57948693c4a661393844abc94970863b0dad68fbf2cac17fc6e609aff86541ed7bd4f2a731a6c7adcc3eb90cc9887
-
Filesize
72KB
MD5db221819712373b4f47f83178c396318
SHA1b1fa2f62a9b0e3aa811c7fb4f3d973afa80c6ba1
SHA2563ac22d2d97eba935b2b5665373ac9a4ef4c51fcd75496e171ebd878a380b0d10
SHA5124b5a22d412ad17cc8caf67806f6d02da938f6bcdc4ac86dcd45bf210342f23d80ebff7f2ed655cfd09a9aa6c6ffab4bf88e7c6ef234569a221a7cc451c5c3c0a
-
Filesize
72KB
MD5db221819712373b4f47f83178c396318
SHA1b1fa2f62a9b0e3aa811c7fb4f3d973afa80c6ba1
SHA2563ac22d2d97eba935b2b5665373ac9a4ef4c51fcd75496e171ebd878a380b0d10
SHA5124b5a22d412ad17cc8caf67806f6d02da938f6bcdc4ac86dcd45bf210342f23d80ebff7f2ed655cfd09a9aa6c6ffab4bf88e7c6ef234569a221a7cc451c5c3c0a
-
Filesize
72KB
MD590b1aa303622045cdd4ccc01f9a95f1b
SHA10ee6c0536763f030acada9a5b2ddc38d01a74c29
SHA256f544099b639dcc240b46429bac1c0b3a1241c554f37d3fb0ec9ce06d9975df53
SHA512a0c8d8dba405ef6fb254e2845889029fa938d9296b88d200162eba3152f6d9f707d5e9a399bbc3f8de93ddf497ff4636b8b09ce74bbe55d0b989a14f9bf9330e
-
Filesize
72KB
MD590b1aa303622045cdd4ccc01f9a95f1b
SHA10ee6c0536763f030acada9a5b2ddc38d01a74c29
SHA256f544099b639dcc240b46429bac1c0b3a1241c554f37d3fb0ec9ce06d9975df53
SHA512a0c8d8dba405ef6fb254e2845889029fa938d9296b88d200162eba3152f6d9f707d5e9a399bbc3f8de93ddf497ff4636b8b09ce74bbe55d0b989a14f9bf9330e
-
Filesize
72KB
MD54d5f346ec53c0d0e149cfcb0192edb28
SHA120b9fa613aa3d75bc6755b79a649ac8ff471fd56
SHA256190ab75a018abd6e8bbbc96cd89461984b5ebaa14e12e224bc926210e21e355a
SHA512025c9b4c9872e10a60ab68fae5250add80559c885779f7ad02e199f2133ffe4677c4a7bd94951b9422a0f85ed9f77456ae65aff5f0c571bacf6cfa740eb4f74f
-
Filesize
72KB
MD54d5f346ec53c0d0e149cfcb0192edb28
SHA120b9fa613aa3d75bc6755b79a649ac8ff471fd56
SHA256190ab75a018abd6e8bbbc96cd89461984b5ebaa14e12e224bc926210e21e355a
SHA512025c9b4c9872e10a60ab68fae5250add80559c885779f7ad02e199f2133ffe4677c4a7bd94951b9422a0f85ed9f77456ae65aff5f0c571bacf6cfa740eb4f74f
-
Filesize
72KB
MD5e97c3f0e3c6e5b25bf318819af3eb93c
SHA1cd46c61292a592b0934b54a0868cd32fddbf17b7
SHA256f05f780dab5c97163b11cca6e3a273476c36fae0ddca96dcb132c4c647479db5
SHA512ab9e77799f144d9402f7e2e4725f821424ccdf031c07be2f25a2e9d8db6dcb3cd2c40a3782937508bdaf868b01704560ae4f7fab73c884e67e447cff41cbd2a3
-
Filesize
72KB
MD5e97c3f0e3c6e5b25bf318819af3eb93c
SHA1cd46c61292a592b0934b54a0868cd32fddbf17b7
SHA256f05f780dab5c97163b11cca6e3a273476c36fae0ddca96dcb132c4c647479db5
SHA512ab9e77799f144d9402f7e2e4725f821424ccdf031c07be2f25a2e9d8db6dcb3cd2c40a3782937508bdaf868b01704560ae4f7fab73c884e67e447cff41cbd2a3
-
Filesize
72KB
MD51503a2ed2d6866b45710e6fe636bf45c
SHA1d9286bcd412b795f1aa739d0c32e5e78e94f4727
SHA256e43704dba00b0f31d0161fc115a949a30ba8dc0c3e981ff0dd445c0535ac7bf0
SHA5129ceaf8d3d45792ad888610dcc4e2fb98c1c39e8fbce547fca23d6a9dcc295cf4373536179e10ca77a82d4670db41e6b1fbf19e22386355a7bdbb7f432e3ddf17
-
Filesize
72KB
MD51503a2ed2d6866b45710e6fe636bf45c
SHA1d9286bcd412b795f1aa739d0c32e5e78e94f4727
SHA256e43704dba00b0f31d0161fc115a949a30ba8dc0c3e981ff0dd445c0535ac7bf0
SHA5129ceaf8d3d45792ad888610dcc4e2fb98c1c39e8fbce547fca23d6a9dcc295cf4373536179e10ca77a82d4670db41e6b1fbf19e22386355a7bdbb7f432e3ddf17
-
Filesize
72KB
MD51ce2e5a25f2a1de61fd399bcb65c3692
SHA131eed05d7f655b0aaab16eebb73eb4898bfb70a9
SHA2561e946257678d7c4af2c49654ad7cb224ede84c8926b0214b566dcddb735f00da
SHA5125573b6e0d91eb332edc6a91f01e3d77352738c455bc441f35e077d428a58eeb336685ba9a990dab1b9aaa1d0728dfc12b44c224c5efa8bb0a9dd7ec8280e2f0c
-
Filesize
72KB
MD51ce2e5a25f2a1de61fd399bcb65c3692
SHA131eed05d7f655b0aaab16eebb73eb4898bfb70a9
SHA2561e946257678d7c4af2c49654ad7cb224ede84c8926b0214b566dcddb735f00da
SHA5125573b6e0d91eb332edc6a91f01e3d77352738c455bc441f35e077d428a58eeb336685ba9a990dab1b9aaa1d0728dfc12b44c224c5efa8bb0a9dd7ec8280e2f0c
-
Filesize
72KB
MD52b1aa9db8468fd41b848adcb6233712f
SHA1dbee98970b445837478b5f0c1bd2481339a1379b
SHA256f1c63e9b3a1322ea1d670ea9676e01dfac0c6b732238209a4f7a0ea1438f203a
SHA512e998e89c1fd4a3902540e1d246760a8abf56d2333342b6a3b48e0330cc1e899aec1a1919dd84766e15ae4833c6dd3b12f47f17e3bf24099546bf2361682e8f65
-
Filesize
72KB
MD52b1aa9db8468fd41b848adcb6233712f
SHA1dbee98970b445837478b5f0c1bd2481339a1379b
SHA256f1c63e9b3a1322ea1d670ea9676e01dfac0c6b732238209a4f7a0ea1438f203a
SHA512e998e89c1fd4a3902540e1d246760a8abf56d2333342b6a3b48e0330cc1e899aec1a1919dd84766e15ae4833c6dd3b12f47f17e3bf24099546bf2361682e8f65
-
Filesize
72KB
MD58f655482c6b070ac54e5ec756366ffe7
SHA18f5ea667658c144adfe7c3e14cde9da3e8eb1b7c
SHA2563343f973d6f7aaa87700c16b146711439c4fdc39c285de19e72faced0eab555b
SHA512f60fbf161877c68a956b5c8a8b6d877498eaf1ff0fbe38b9d5d3041e575b63aa257a685587a48af7f0a53dca80706fbef701190caf61f0b98401ec396303354c
-
Filesize
72KB
MD58f655482c6b070ac54e5ec756366ffe7
SHA18f5ea667658c144adfe7c3e14cde9da3e8eb1b7c
SHA2563343f973d6f7aaa87700c16b146711439c4fdc39c285de19e72faced0eab555b
SHA512f60fbf161877c68a956b5c8a8b6d877498eaf1ff0fbe38b9d5d3041e575b63aa257a685587a48af7f0a53dca80706fbef701190caf61f0b98401ec396303354c
-
Filesize
72KB
MD52b1aa9db8468fd41b848adcb6233712f
SHA1dbee98970b445837478b5f0c1bd2481339a1379b
SHA256f1c63e9b3a1322ea1d670ea9676e01dfac0c6b732238209a4f7a0ea1438f203a
SHA512e998e89c1fd4a3902540e1d246760a8abf56d2333342b6a3b48e0330cc1e899aec1a1919dd84766e15ae4833c6dd3b12f47f17e3bf24099546bf2361682e8f65
-
Filesize
72KB
MD50f6bd4124236b230fd04dc61a22800a3
SHA1f4169759b108131192bdf6c5e88b47e3e5b99a9c
SHA256a5f20913537aedebce482bc719b307f6692d535c4e570d23bc2970dbf78b594b
SHA512c1d898c99e41b9c2ba03977c99c54e574d150e868e2f0b7e1408e089f66cf5e79bdc1cb29a8f49bd716d7e9cd43d1be788a279765546b08bd5cbfd36cf2d1100
-
Filesize
72KB
MD50f6bd4124236b230fd04dc61a22800a3
SHA1f4169759b108131192bdf6c5e88b47e3e5b99a9c
SHA256a5f20913537aedebce482bc719b307f6692d535c4e570d23bc2970dbf78b594b
SHA512c1d898c99e41b9c2ba03977c99c54e574d150e868e2f0b7e1408e089f66cf5e79bdc1cb29a8f49bd716d7e9cd43d1be788a279765546b08bd5cbfd36cf2d1100
-
Filesize
72KB
MD590b1aa303622045cdd4ccc01f9a95f1b
SHA10ee6c0536763f030acada9a5b2ddc38d01a74c29
SHA256f544099b639dcc240b46429bac1c0b3a1241c554f37d3fb0ec9ce06d9975df53
SHA512a0c8d8dba405ef6fb254e2845889029fa938d9296b88d200162eba3152f6d9f707d5e9a399bbc3f8de93ddf497ff4636b8b09ce74bbe55d0b989a14f9bf9330e
-
Filesize
72KB
MD590b1aa303622045cdd4ccc01f9a95f1b
SHA10ee6c0536763f030acada9a5b2ddc38d01a74c29
SHA256f544099b639dcc240b46429bac1c0b3a1241c554f37d3fb0ec9ce06d9975df53
SHA512a0c8d8dba405ef6fb254e2845889029fa938d9296b88d200162eba3152f6d9f707d5e9a399bbc3f8de93ddf497ff4636b8b09ce74bbe55d0b989a14f9bf9330e
-
Filesize
72KB
MD534bf786211f8d385a7d83d54369f5aae
SHA10f7cfa3cd6a36878e17e7ed72b3e215b5797c988
SHA25681e9d4f6abde7273cf3bb174081bdb7dd67b1f9a54f2437005a47b11e33b7be9
SHA5128681a069810060b5d618f684967d1bf0d20e121ca4160ca9ea6099220939d75969c3ba134a49119436b39ab59ab5ab68dee09200ebcf6cdab791c788c38e66dc
-
Filesize
72KB
MD534bf786211f8d385a7d83d54369f5aae
SHA10f7cfa3cd6a36878e17e7ed72b3e215b5797c988
SHA25681e9d4f6abde7273cf3bb174081bdb7dd67b1f9a54f2437005a47b11e33b7be9
SHA5128681a069810060b5d618f684967d1bf0d20e121ca4160ca9ea6099220939d75969c3ba134a49119436b39ab59ab5ab68dee09200ebcf6cdab791c788c38e66dc
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
Filesize
72KB
MD5f7b76e6d294447e41cdc6db104a2c7db
SHA1d32dbbe332fe952f441536c2fd34e758a05a975a
SHA256820ef24cb91eb110d200d9a26b7cc6ebd842c87c8f54c635506bb019f4789627
SHA512f19d6798fefb9b2aed83153bafbb5331404b78949e452e3ae1a64b957e260e9499a6b6035139880efc29652468dbe176cedb5ccb8b6b144b26ff1ad657a4408d
-
-
-
-
-
-
-
-
-
-
-
Filesize
8KB
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Filesize
8KB
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-