Analysis
-
max time kernel
174s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-11-2022 17:07
General
-
Target
1aae335e9dae66979aee2cc95b15586f91f206661f72adf53504ef930981b373.exe
-
Size
72KB
-
MD5
05a67ee4b686016eff13ec74c30a5f25
-
SHA1
2070eb5b4b241be40625884f22097644204b4285
-
SHA256
1aae335e9dae66979aee2cc95b15586f91f206661f72adf53504ef930981b373
-
SHA512
9e3f45baa00aca533d6432c8c0acb1a25c63ad9f71c22abe235dafd830c5f86e16f9fbfaea18e97c7899b16230b5b75feaff2c326f7c587aa48c33e2fe8d59c7
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf21:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrp
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 43 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1aae335e9dae66979aee2cc95b15586f91f206661f72adf53504ef930981b373.exe"C:\Users\Admin\AppData\Local\Temp\1aae335e9dae66979aee2cc95b15586f91f206661f72adf53504ef930981b373.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1573491300\backup.exeC:\Users\Admin\AppData\Local\Temp\1573491300\backup.exe C:\Users\Admin\AppData\Local\Temp\1573491300\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\update.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\update.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\data.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\data.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\System Restore.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\System Restore.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
-
C:\Program Files\Common Files\microsoft shared\VC\update.exe"C:\Program Files\Common Files\microsoft shared\VC\update.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
-
C:\Program Files\Common Files\System\ado\en-US\data.exe"C:\Program Files\Common Files\System\ado\en-US\data.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- System policy modification
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
- System policy modification
-
C:\Program Files\Java\data.exe"C:\Program Files\Java\data.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\data.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\data.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
-
C:\Program Files\Java\jre1.8.0_66\backup.exe"C:\Program Files\Java\jre1.8.0_66\backup.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_66\bin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\8⤵
- System policy modification
-
C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\plugin2\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\server\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jre1.8.0_66\lib\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\7⤵
-
C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\amd64\8⤵
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
-
C:\Program Files\Microsoft Office\root\System Restore.exe"C:\Program Files\Microsoft Office\root\System Restore.exe" C:\Program Files\Microsoft Office\root\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\8⤵
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\6⤵
- System policy modification
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Mozilla Firefox\browser\System Restore.exe"C:\Program Files\Mozilla Firefox\browser\System Restore.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Mozilla Firefox\browser\features\backup.exe"C:\Program Files\Mozilla Firefox\browser\features\backup.exe" C:\Program Files\Mozilla Firefox\browser\features\7⤵
-
C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe"C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe" C:\Program Files\Mozilla Firefox\browser\VisualElements\7⤵
-
C:\Program Files\Mozilla Firefox\defaults\backup.exe"C:\Program Files\Mozilla Firefox\defaults\backup.exe" C:\Program Files\Mozilla Firefox\defaults\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe"C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe" C:\Program Files\Mozilla Firefox\defaults\pref\7⤵
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\10⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\10⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\11⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\11⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\12⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\13⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\14⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\14⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- Drops file in Windows directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\System\update.exe"C:\Program Files (x86)\Common Files\System\update.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
C:\Program Files (x86)\Common Files\System\ado\backup.exe"C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\ado\de-DE\8⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
- System policy modification
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\data.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\data.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\9⤵
-
C:\Program Files (x86)\Internet Explorer\System Restore.exe"C:\Program Files (x86)\Internet Explorer\System Restore.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Internet Explorer\images\backup.exe"C:\Program Files (x86)\Internet Explorer\images\backup.exe" C:\Program Files (x86)\Internet Explorer\images\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Internet Explorer\it-IT\update.exe"C:\Program Files (x86)\Internet Explorer\it-IT\update.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe"C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe" C:\Program Files (x86)\Internet Explorer\ja-JP\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe"C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Microsoft\backup.exe"C:\Program Files (x86)\Microsoft\backup.exe" C:\Program Files (x86)\Microsoft\5⤵
-
C:\Program Files (x86)\Microsoft\Edge\backup.exe"C:\Program Files (x86)\Microsoft\Edge\backup.exe" C:\Program Files (x86)\Microsoft\Edge\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Microsoft\Edge\Application\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
C:\Users\Admin\Links\System Restore.exe"C:\Users\Admin\Links\System Restore.exe" C:\Users\Admin\Links\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Music\System Restore.exe"C:\Users\Admin\Music\System Restore.exe" C:\Users\Admin\Music\6⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Public\Downloads\data.exeC:\Users\Public\Downloads\data.exe C:\Users\Public\Downloads\6⤵
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
- Executes dropped EXE
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Drops file in Windows directory
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
-
C:\Windows\apppatch\CustomSDB\backup.exeC:\Windows\apppatch\CustomSDB\backup.exe C:\Windows\apppatch\CustomSDB\6⤵
-
C:\Windows\apppatch\de-DE\update.exeC:\Windows\apppatch\de-DE\update.exe C:\Windows\apppatch\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\apppatch\en-US\backup.exeC:\Windows\apppatch\en-US\backup.exe C:\Windows\apppatch\en-US\6⤵
-
C:\Windows\apppatch\es-ES\backup.exeC:\Windows\apppatch\es-ES\backup.exe C:\Windows\apppatch\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Windows\apppatch\fr-FR\backup.exeC:\Windows\apppatch\fr-FR\backup.exe C:\Windows\apppatch\fr-FR\6⤵
-
C:\Windows\apppatch\it-IT\backup.exeC:\Windows\apppatch\it-IT\backup.exe C:\Windows\apppatch\it-IT\6⤵
-
C:\Windows\apppatch\ja-JP\System Restore.exe"C:\Windows\apppatch\ja-JP\System Restore.exe" C:\Windows\apppatch\ja-JP\6⤵
-
C:\Windows\AppReadiness\backup.exeC:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\5⤵
- Disables RegEdit via registry modification
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC\Extensibility\backup.exeC:\Windows\assembly\GAC\Extensibility\backup.exe C:\Windows\assembly\GAC\Extensibility\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC_32\backup.exeC:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC_32\ISymWrapper\backup.exeC:\Windows\assembly\GAC_32\ISymWrapper\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\7⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\8⤵
- Disables RegEdit via registry modification
-
C:\Windows\bcastdvr\backup.exeC:\Windows\bcastdvr\backup.exe C:\Windows\bcastdvr\5⤵
- System policy modification
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
- Drops file in Windows directory
-
C:\Windows\Branding\Basebrd\backup.exeC:\Windows\Branding\Basebrd\backup.exe C:\Windows\Branding\Basebrd\6⤵
- Drops file in Windows directory
-
C:\Windows\Branding\Basebrd\de-DE\backup.exeC:\Windows\Branding\Basebrd\de-DE\backup.exe C:\Windows\Branding\Basebrd\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Windows\Branding\Basebrd\en-US\System Restore.exe"C:\Windows\Branding\Basebrd\en-US\System Restore.exe" C:\Windows\Branding\Basebrd\en-US\7⤵
- System policy modification
-
C:\Windows\Branding\Basebrd\es-ES\backup.exeC:\Windows\Branding\Basebrd\es-ES\backup.exe C:\Windows\Branding\Basebrd\es-ES\7⤵
-
C:\Windows\Branding\Basebrd\fr-FR\backup.exeC:\Windows\Branding\Basebrd\fr-FR\backup.exe C:\Windows\Branding\Basebrd\fr-FR\7⤵
-
C:\Windows\Branding\Basebrd\it-IT\backup.exeC:\Windows\Branding\Basebrd\it-IT\backup.exe C:\Windows\Branding\Basebrd\it-IT\7⤵
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\acrocef_low\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\update.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\update.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\1⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD573b5be3c909ee0a1a7e498f9c38c80f9
SHA10de6f241544be34a7d5a41c276a7845d09a87780
SHA25646223b73f2b274e59e35958af3777dd4125e20080f0a8a0b89d493b0ba6643f8
SHA512ce2c482634dbfec162b178b54e657e9dd93590ef4b928cdc3c1cf27bd75e7bafad0303ddc0ecb1dcd70cc5b3c5f32f86abfc2ea0ed6339215790c1b48bdc2b8d
-
Filesize
72KB
MD573b5be3c909ee0a1a7e498f9c38c80f9
SHA10de6f241544be34a7d5a41c276a7845d09a87780
SHA25646223b73f2b274e59e35958af3777dd4125e20080f0a8a0b89d493b0ba6643f8
SHA512ce2c482634dbfec162b178b54e657e9dd93590ef4b928cdc3c1cf27bd75e7bafad0303ddc0ecb1dcd70cc5b3c5f32f86abfc2ea0ed6339215790c1b48bdc2b8d
-
Filesize
72KB
MD55be05ab5f61ef28a5e857dda3d62c002
SHA124693d0c5f115b91e2a5e6f4ffee2eea179529a7
SHA2566458c088699e671fc8e297fc8aae9fa35df7ca6418483a17983226c888645e87
SHA512945d361a57d9d81f14a00172381fd859580589dd3e4a0677f455f81072d4f3dffa8a9c1fbed64f6baa7725565cf7b0c18c757f7c28532d510adc30f03eafb92a
-
Filesize
72KB
MD55be05ab5f61ef28a5e857dda3d62c002
SHA124693d0c5f115b91e2a5e6f4ffee2eea179529a7
SHA2566458c088699e671fc8e297fc8aae9fa35df7ca6418483a17983226c888645e87
SHA512945d361a57d9d81f14a00172381fd859580589dd3e4a0677f455f81072d4f3dffa8a9c1fbed64f6baa7725565cf7b0c18c757f7c28532d510adc30f03eafb92a
-
Filesize
72KB
MD5bb877e22971262f984ccbb4be55cc33b
SHA138da37549b8133cc59254db063493f12e51e98db
SHA256d196ec1c377dd9283e417f72381c3b3331b173afdacc5c00757af0676f6eb46a
SHA5121df97ce6a3430a73017c7d48a33ba0c132488d458ba94f9af2f872cda54237da5535e32bcb5d62a20f3b8fe58b2e451b061b631ae67e94a7686068ededec5f8c
-
Filesize
72KB
MD5bb877e22971262f984ccbb4be55cc33b
SHA138da37549b8133cc59254db063493f12e51e98db
SHA256d196ec1c377dd9283e417f72381c3b3331b173afdacc5c00757af0676f6eb46a
SHA5121df97ce6a3430a73017c7d48a33ba0c132488d458ba94f9af2f872cda54237da5535e32bcb5d62a20f3b8fe58b2e451b061b631ae67e94a7686068ededec5f8c
-
Filesize
72KB
MD5f7d8c5f8ba99d9f439df4cb18864d6cf
SHA1d0deb2b98a4ace9156e577d52cf7a5e1e9265633
SHA256acdd0dd3dbe31ba92e98a53c966a62c8f0dae9508aec375f1e392aab191e1e87
SHA512361fceb4db6bbc6842f65b3c2b5fd63ffa24d1bf9c184652aec747cfedf56cf4c196a255d5a359dee7e5616d2c9c24c9ed4580b36246c5a7f91c3606660089c6
-
Filesize
72KB
MD5f7d8c5f8ba99d9f439df4cb18864d6cf
SHA1d0deb2b98a4ace9156e577d52cf7a5e1e9265633
SHA256acdd0dd3dbe31ba92e98a53c966a62c8f0dae9508aec375f1e392aab191e1e87
SHA512361fceb4db6bbc6842f65b3c2b5fd63ffa24d1bf9c184652aec747cfedf56cf4c196a255d5a359dee7e5616d2c9c24c9ed4580b36246c5a7f91c3606660089c6
-
Filesize
72KB
MD5d661aee997f31983963b31a1ce48685c
SHA1b2f3d0cc9fd70e1c6332a9c3da86ce83caa5524a
SHA25626e60dfca60c62a5f67cf65d4f8c22d76513a4f7340d73fb3833136960acdcdd
SHA5125c89516abda7235c3830e3e1221e40795ec3abb965b7af089780f45eb162290a95ae074ae4ec5baa8078e786be597ee0bb337e21dad459cf0e53c325edd52999
-
Filesize
72KB
MD5d661aee997f31983963b31a1ce48685c
SHA1b2f3d0cc9fd70e1c6332a9c3da86ce83caa5524a
SHA25626e60dfca60c62a5f67cf65d4f8c22d76513a4f7340d73fb3833136960acdcdd
SHA5125c89516abda7235c3830e3e1221e40795ec3abb965b7af089780f45eb162290a95ae074ae4ec5baa8078e786be597ee0bb337e21dad459cf0e53c325edd52999
-
Filesize
72KB
MD56b478a69836ea32ef4c6c00eb7ac82c5
SHA1d4089143e7ccdafb094a3eceadda4c985912de61
SHA25683e05d2ebd91c64eec23efb8f9f82587a82b8ef55062cc1b1e7d77b3cb32a8e5
SHA5122007068ccf982ee5d38412092258373d570eab85061fb2f326d0834ea8914f1698be5f8f87536e822d224b43c3a86008d30b7ea0c59a404c52d9712886ad6dcd
-
Filesize
72KB
MD56b478a69836ea32ef4c6c00eb7ac82c5
SHA1d4089143e7ccdafb094a3eceadda4c985912de61
SHA25683e05d2ebd91c64eec23efb8f9f82587a82b8ef55062cc1b1e7d77b3cb32a8e5
SHA5122007068ccf982ee5d38412092258373d570eab85061fb2f326d0834ea8914f1698be5f8f87536e822d224b43c3a86008d30b7ea0c59a404c52d9712886ad6dcd
-
Filesize
72KB
MD5f89fc6ed180bcb521272b3ecb7a63ad1
SHA160578c0a2c7d6649188992f2c6a10896f330f8ec
SHA256a36058bc41eb4aee7c44fae398dc11c10dce7273983bcd7b45f2ea3e181586cf
SHA51242aa077160ad5ed5e60e2be2f587351e5d30040fb919b353e9c6c35e3677d1d8b52306deca94a15637bc69100244e8d212cf66112c1189d9d25c662d2b252ccf
-
Filesize
72KB
MD5f89fc6ed180bcb521272b3ecb7a63ad1
SHA160578c0a2c7d6649188992f2c6a10896f330f8ec
SHA256a36058bc41eb4aee7c44fae398dc11c10dce7273983bcd7b45f2ea3e181586cf
SHA51242aa077160ad5ed5e60e2be2f587351e5d30040fb919b353e9c6c35e3677d1d8b52306deca94a15637bc69100244e8d212cf66112c1189d9d25c662d2b252ccf
-
Filesize
72KB
MD53159231df4e72c6acf12d7f5b80594b1
SHA11e4546e8e914fc3994181e7aa2f158901de33af9
SHA256f78ddf1d422b48e9d4a2d9d2085366810b8974a771a09b541d27cfee034707db
SHA512a325d8a5239f850167db136c20340f62accd2c2b53f34a4ba12e2ed1da802e6784b6288fffdae07617fbe90f227b697bedc3519759c09a16b5e819b101c5b7fa
-
Filesize
72KB
MD53159231df4e72c6acf12d7f5b80594b1
SHA11e4546e8e914fc3994181e7aa2f158901de33af9
SHA256f78ddf1d422b48e9d4a2d9d2085366810b8974a771a09b541d27cfee034707db
SHA512a325d8a5239f850167db136c20340f62accd2c2b53f34a4ba12e2ed1da802e6784b6288fffdae07617fbe90f227b697bedc3519759c09a16b5e819b101c5b7fa
-
Filesize
72KB
MD552fbb4f0fada664964f1ea9acb1024d8
SHA1f0252470158792c5a0ee2cf38a2906721f0a5a98
SHA256e2fa95d23919e617dfe6e1df74831ad5041dfb44f283943b3ac92a82a6d3e8b2
SHA512434479de8c06b983a155bb8be9ea8184fc2a0da5fe560783dd0dc0468ad07d2ac81cd853be7850bf0afbd779d8d49f3068196884d946199bcf90337d228b0694
-
Filesize
72KB
MD552fbb4f0fada664964f1ea9acb1024d8
SHA1f0252470158792c5a0ee2cf38a2906721f0a5a98
SHA256e2fa95d23919e617dfe6e1df74831ad5041dfb44f283943b3ac92a82a6d3e8b2
SHA512434479de8c06b983a155bb8be9ea8184fc2a0da5fe560783dd0dc0468ad07d2ac81cd853be7850bf0afbd779d8d49f3068196884d946199bcf90337d228b0694
-
Filesize
72KB
MD514fa98c5f7c4a74e3cf3e4c5836d889c
SHA1f55a7a34eb2fa968209ded6ebc30074de5e74600
SHA256f8cbfa20e29b60425d1dd000552389ef15e6b269a047c232f20b4de35d078b0a
SHA512733c2e32f295246af7e388e13c206e3179181869f6a3829b8d89cce0418a301c1408700dfc603ef8dad9bd94bb7cc2f8743868e330c5964151e83f9566cf7b72
-
Filesize
72KB
MD514fa98c5f7c4a74e3cf3e4c5836d889c
SHA1f55a7a34eb2fa968209ded6ebc30074de5e74600
SHA256f8cbfa20e29b60425d1dd000552389ef15e6b269a047c232f20b4de35d078b0a
SHA512733c2e32f295246af7e388e13c206e3179181869f6a3829b8d89cce0418a301c1408700dfc603ef8dad9bd94bb7cc2f8743868e330c5964151e83f9566cf7b72
-
Filesize
72KB
MD5719c60a0ec489e894a1a982f7f44c80f
SHA1a2786cfabb18d42207f20d431ef6688c201c4393
SHA256e5920bf9a3946cc029ce3fd5d12c4f0d469618b4625426894ea26c603e463b41
SHA512adfee62e50972a208d665afbddb51e4c2d3b89aa1c6db6ea4a54d8bbf69cb6997ed120a63f666029145e411ee43d4dd6bb897a5a1741dd4c47f683622180e54b
-
Filesize
72KB
MD5719c60a0ec489e894a1a982f7f44c80f
SHA1a2786cfabb18d42207f20d431ef6688c201c4393
SHA256e5920bf9a3946cc029ce3fd5d12c4f0d469618b4625426894ea26c603e463b41
SHA512adfee62e50972a208d665afbddb51e4c2d3b89aa1c6db6ea4a54d8bbf69cb6997ed120a63f666029145e411ee43d4dd6bb897a5a1741dd4c47f683622180e54b
-
Filesize
72KB
MD5c0ad6fc926cc6c6bd5bf14e1425b0e12
SHA15ac8cf9e5adfd49e30f12aee363a0e7c49e01645
SHA256254d789e194ff779da0afdfee6a5bd7bfa50b54cb8f0a57ee344787e51fbef5b
SHA512f4df84d3d96eb9dd65cd0855ca84ad6896d79cdb89433d23f83e497eb24bbe911476bc60f58b91a693f542176f24a841cbb7819f0b30c61419713bba02a19de8
-
Filesize
72KB
MD5c0ad6fc926cc6c6bd5bf14e1425b0e12
SHA15ac8cf9e5adfd49e30f12aee363a0e7c49e01645
SHA256254d789e194ff779da0afdfee6a5bd7bfa50b54cb8f0a57ee344787e51fbef5b
SHA512f4df84d3d96eb9dd65cd0855ca84ad6896d79cdb89433d23f83e497eb24bbe911476bc60f58b91a693f542176f24a841cbb7819f0b30c61419713bba02a19de8
-
Filesize
72KB
MD517256406f131927830abeb0300850d4d
SHA163471e299eed52b654ec7aef471ab6bfda4d18b9
SHA25695cdf0e4b84273c1cbd47b38be1ae6320d2b89ea2616e8fb8a3beb0d0abdddd2
SHA51268a62e1c129a12eb48df95c10bb3779ef512f8aef59fa97cf77577cb7ef2ac15bc7a78c7a3a3dd838531a208e36be583242944288a6f8b741958adc3b7617d39
-
Filesize
72KB
MD517256406f131927830abeb0300850d4d
SHA163471e299eed52b654ec7aef471ab6bfda4d18b9
SHA25695cdf0e4b84273c1cbd47b38be1ae6320d2b89ea2616e8fb8a3beb0d0abdddd2
SHA51268a62e1c129a12eb48df95c10bb3779ef512f8aef59fa97cf77577cb7ef2ac15bc7a78c7a3a3dd838531a208e36be583242944288a6f8b741958adc3b7617d39
-
Filesize
72KB
MD5b0d6137745cbc4ea1ac623af4a2315e0
SHA1b56fde6d54e5983207472861ed114f47c6d82342
SHA256d253e0a48134c9eda4ab282047c69528785fa09c7de38aed84da5f74751d637d
SHA512ac473328f360dfb15231fded304499fbb56b206ad9534f179df6a3efb0d325e149ce793000cb53bc672f745814d587e6e341152ffa9363c89f051226e8c71ff7
-
Filesize
72KB
MD5b0d6137745cbc4ea1ac623af4a2315e0
SHA1b56fde6d54e5983207472861ed114f47c6d82342
SHA256d253e0a48134c9eda4ab282047c69528785fa09c7de38aed84da5f74751d637d
SHA512ac473328f360dfb15231fded304499fbb56b206ad9534f179df6a3efb0d325e149ce793000cb53bc672f745814d587e6e341152ffa9363c89f051226e8c71ff7
-
Filesize
72KB
MD52053776d3c45a9a12e50fe27ab6f43b9
SHA16a2d076e43eb8c4c83d5b287746b9fce699c117f
SHA25636a73bcdc3a12012c6677161387791a73ccc6b01a9896d1883f889b84c0c596e
SHA512c694593bc2984659c42277de9b8c1f6f17fa9dfeabda3af5d404289a3536c3d6b36b35021c39e87fe784408cb2b6110fe0f7cc4381fbbaa66f977d2a63eaec00
-
Filesize
72KB
MD52053776d3c45a9a12e50fe27ab6f43b9
SHA16a2d076e43eb8c4c83d5b287746b9fce699c117f
SHA25636a73bcdc3a12012c6677161387791a73ccc6b01a9896d1883f889b84c0c596e
SHA512c694593bc2984659c42277de9b8c1f6f17fa9dfeabda3af5d404289a3536c3d6b36b35021c39e87fe784408cb2b6110fe0f7cc4381fbbaa66f977d2a63eaec00
-
Filesize
72KB
MD58a703c71256cbd71da00ce2d03a7a681
SHA1ac40df3869df2d376fc91130ca04fdac72f5bfa0
SHA25663aeac695266d01d11716475670a72f29c1dab097fcabdc055b141728bac7d9b
SHA512593e05cc1c4dfdb59569ef09123c986c99941ece1fa497e50658c99bc7e3d9565965ba28f1351415f5a6615ebb44ccf7e3daee7602cdc56118d9d5ebff448e41
-
Filesize
72KB
MD58a703c71256cbd71da00ce2d03a7a681
SHA1ac40df3869df2d376fc91130ca04fdac72f5bfa0
SHA25663aeac695266d01d11716475670a72f29c1dab097fcabdc055b141728bac7d9b
SHA512593e05cc1c4dfdb59569ef09123c986c99941ece1fa497e50658c99bc7e3d9565965ba28f1351415f5a6615ebb44ccf7e3daee7602cdc56118d9d5ebff448e41
-
Filesize
72KB
MD509f2ccce3a936988731d0bb41607bcc8
SHA1e8565a876eaed8fdbcf2408c3b107b8fcbdb5ced
SHA25659eeb102998a8c89ffa8b90d6697e4ae202aa824cb1e0ed66423d15472e3260c
SHA5121157a6f7b4733e9248d4581e9d076b8652607f7388f821e167dcdb26477d3bfc52416ccbfe8874f23337161e1ad74d1f0e3e58db88ebc4846056cbc7d969f1f5
-
Filesize
72KB
MD509f2ccce3a936988731d0bb41607bcc8
SHA1e8565a876eaed8fdbcf2408c3b107b8fcbdb5ced
SHA25659eeb102998a8c89ffa8b90d6697e4ae202aa824cb1e0ed66423d15472e3260c
SHA5121157a6f7b4733e9248d4581e9d076b8652607f7388f821e167dcdb26477d3bfc52416ccbfe8874f23337161e1ad74d1f0e3e58db88ebc4846056cbc7d969f1f5
-
Filesize
72KB
MD5997906525eecee45b1cb28a40e7a26bc
SHA1b97cb4bf724519fd0f51b64cd3ddc8a2a78aad17
SHA256e1f4bd00f3aefd6d035bbb24a5839144462726adfebff174943bcc1aa8010992
SHA512d16afccbd26a22aa0a26cbfafd7a0832277a0057134b14514542dbe0a17ec011bad62dd8dd7879d411df81f94a08b52e864d2486485b1e44870d44bdab0144d0
-
Filesize
72KB
MD5997906525eecee45b1cb28a40e7a26bc
SHA1b97cb4bf724519fd0f51b64cd3ddc8a2a78aad17
SHA256e1f4bd00f3aefd6d035bbb24a5839144462726adfebff174943bcc1aa8010992
SHA512d16afccbd26a22aa0a26cbfafd7a0832277a0057134b14514542dbe0a17ec011bad62dd8dd7879d411df81f94a08b52e864d2486485b1e44870d44bdab0144d0
-
Filesize
72KB
MD57292ebf65a3b370ded4eaa07a7b42d3d
SHA1036656a944cd3a046899d4a4e07fddc6b93ff1a1
SHA2566af1432f4920e873e0f170cac0f44df8929c12c2d8a9980ad7a07197c457b58f
SHA5127b026faaf59538a37e768b6e27cdda50f15c47850c803f50584357a742a6a8cc2fb2fd08f0ba96cd0b9ac18b2c9ec02c5ea99869dc454366fb74763005847bf5
-
Filesize
72KB
MD57292ebf65a3b370ded4eaa07a7b42d3d
SHA1036656a944cd3a046899d4a4e07fddc6b93ff1a1
SHA2566af1432f4920e873e0f170cac0f44df8929c12c2d8a9980ad7a07197c457b58f
SHA5127b026faaf59538a37e768b6e27cdda50f15c47850c803f50584357a742a6a8cc2fb2fd08f0ba96cd0b9ac18b2c9ec02c5ea99869dc454366fb74763005847bf5
-
Filesize
72KB
MD5198aae04593cd87f0b5343eee684b0ec
SHA1d3bf3ecfb9df14cef0a24d4eb733e0c3011528c1
SHA2568741df2f510f86a9df7780904b779605cc970d0e239cd7cf71c711be775208fd
SHA512da1b5b88af1d1158c841290e8cc53f8ffcf4d2f2c9572a2410c5a1cdec5763319f8844515b52e9c4e9b013aad7885638ce8ed1a98610bd5e36f64c2b864a6925
-
Filesize
72KB
MD5198aae04593cd87f0b5343eee684b0ec
SHA1d3bf3ecfb9df14cef0a24d4eb733e0c3011528c1
SHA2568741df2f510f86a9df7780904b779605cc970d0e239cd7cf71c711be775208fd
SHA512da1b5b88af1d1158c841290e8cc53f8ffcf4d2f2c9572a2410c5a1cdec5763319f8844515b52e9c4e9b013aad7885638ce8ed1a98610bd5e36f64c2b864a6925
-
Filesize
72KB
MD5198aae04593cd87f0b5343eee684b0ec
SHA1d3bf3ecfb9df14cef0a24d4eb733e0c3011528c1
SHA2568741df2f510f86a9df7780904b779605cc970d0e239cd7cf71c711be775208fd
SHA512da1b5b88af1d1158c841290e8cc53f8ffcf4d2f2c9572a2410c5a1cdec5763319f8844515b52e9c4e9b013aad7885638ce8ed1a98610bd5e36f64c2b864a6925
-
Filesize
72KB
MD5198aae04593cd87f0b5343eee684b0ec
SHA1d3bf3ecfb9df14cef0a24d4eb733e0c3011528c1
SHA2568741df2f510f86a9df7780904b779605cc970d0e239cd7cf71c711be775208fd
SHA512da1b5b88af1d1158c841290e8cc53f8ffcf4d2f2c9572a2410c5a1cdec5763319f8844515b52e9c4e9b013aad7885638ce8ed1a98610bd5e36f64c2b864a6925
-
Filesize
72KB
MD5198aae04593cd87f0b5343eee684b0ec
SHA1d3bf3ecfb9df14cef0a24d4eb733e0c3011528c1
SHA2568741df2f510f86a9df7780904b779605cc970d0e239cd7cf71c711be775208fd
SHA512da1b5b88af1d1158c841290e8cc53f8ffcf4d2f2c9572a2410c5a1cdec5763319f8844515b52e9c4e9b013aad7885638ce8ed1a98610bd5e36f64c2b864a6925
-
Filesize
72KB
MD5198aae04593cd87f0b5343eee684b0ec
SHA1d3bf3ecfb9df14cef0a24d4eb733e0c3011528c1
SHA2568741df2f510f86a9df7780904b779605cc970d0e239cd7cf71c711be775208fd
SHA512da1b5b88af1d1158c841290e8cc53f8ffcf4d2f2c9572a2410c5a1cdec5763319f8844515b52e9c4e9b013aad7885638ce8ed1a98610bd5e36f64c2b864a6925
-
Filesize
72KB
MD5fff456833d9faee1cab8a895edc18c82
SHA11fde75726f18e4cb961a798b489677241a71cfad
SHA2560c893f2c3cdf3a54d98f42f2943e7ee531371adde56302e0b56b38f177befdaa
SHA512fd6b732f2bc2bc5281f86d0f59ee9f8ab7e2a8bdb0e7e38b9950f7f1ece519f192566c33dcd83659b773139470162d46be76e13a052ba51c45cc39729f18aeba
-
Filesize
72KB
MD5fff456833d9faee1cab8a895edc18c82
SHA11fde75726f18e4cb961a798b489677241a71cfad
SHA2560c893f2c3cdf3a54d98f42f2943e7ee531371adde56302e0b56b38f177befdaa
SHA512fd6b732f2bc2bc5281f86d0f59ee9f8ab7e2a8bdb0e7e38b9950f7f1ece519f192566c33dcd83659b773139470162d46be76e13a052ba51c45cc39729f18aeba
-
Filesize
72KB
MD5198aae04593cd87f0b5343eee684b0ec
SHA1d3bf3ecfb9df14cef0a24d4eb733e0c3011528c1
SHA2568741df2f510f86a9df7780904b779605cc970d0e239cd7cf71c711be775208fd
SHA512da1b5b88af1d1158c841290e8cc53f8ffcf4d2f2c9572a2410c5a1cdec5763319f8844515b52e9c4e9b013aad7885638ce8ed1a98610bd5e36f64c2b864a6925
-
Filesize
72KB
MD5198aae04593cd87f0b5343eee684b0ec
SHA1d3bf3ecfb9df14cef0a24d4eb733e0c3011528c1
SHA2568741df2f510f86a9df7780904b779605cc970d0e239cd7cf71c711be775208fd
SHA512da1b5b88af1d1158c841290e8cc53f8ffcf4d2f2c9572a2410c5a1cdec5763319f8844515b52e9c4e9b013aad7885638ce8ed1a98610bd5e36f64c2b864a6925
-
Filesize
72KB
MD5198aae04593cd87f0b5343eee684b0ec
SHA1d3bf3ecfb9df14cef0a24d4eb733e0c3011528c1
SHA2568741df2f510f86a9df7780904b779605cc970d0e239cd7cf71c711be775208fd
SHA512da1b5b88af1d1158c841290e8cc53f8ffcf4d2f2c9572a2410c5a1cdec5763319f8844515b52e9c4e9b013aad7885638ce8ed1a98610bd5e36f64c2b864a6925
-
Filesize
72KB
MD5198aae04593cd87f0b5343eee684b0ec
SHA1d3bf3ecfb9df14cef0a24d4eb733e0c3011528c1
SHA2568741df2f510f86a9df7780904b779605cc970d0e239cd7cf71c711be775208fd
SHA512da1b5b88af1d1158c841290e8cc53f8ffcf4d2f2c9572a2410c5a1cdec5763319f8844515b52e9c4e9b013aad7885638ce8ed1a98610bd5e36f64c2b864a6925
-
Filesize
72KB
MD5fff456833d9faee1cab8a895edc18c82
SHA11fde75726f18e4cb961a798b489677241a71cfad
SHA2560c893f2c3cdf3a54d98f42f2943e7ee531371adde56302e0b56b38f177befdaa
SHA512fd6b732f2bc2bc5281f86d0f59ee9f8ab7e2a8bdb0e7e38b9950f7f1ece519f192566c33dcd83659b773139470162d46be76e13a052ba51c45cc39729f18aeba
-
Filesize
72KB
MD5fff456833d9faee1cab8a895edc18c82
SHA11fde75726f18e4cb961a798b489677241a71cfad
SHA2560c893f2c3cdf3a54d98f42f2943e7ee531371adde56302e0b56b38f177befdaa
SHA512fd6b732f2bc2bc5281f86d0f59ee9f8ab7e2a8bdb0e7e38b9950f7f1ece519f192566c33dcd83659b773139470162d46be76e13a052ba51c45cc39729f18aeba
-
Filesize
72KB
MD5333996282a919b5969f8bab3ae00888d
SHA17046314edf99e656966b6ec6d2b189381bc7bde7
SHA256eaabf4db6b5956847e80c2c50424bc369eee41ff9e8dcf1d3a9de4d1647d46e3
SHA5128c3f9f4e963cbb7da94e272517a4028c85d9df3001110a36ab828130862368977d26c2f0a38cc8b3c91daaed17b3735a2dfd5568d0055ac25f3fab441b3cdb23
-
Filesize
72KB
MD5333996282a919b5969f8bab3ae00888d
SHA17046314edf99e656966b6ec6d2b189381bc7bde7
SHA256eaabf4db6b5956847e80c2c50424bc369eee41ff9e8dcf1d3a9de4d1647d46e3
SHA5128c3f9f4e963cbb7da94e272517a4028c85d9df3001110a36ab828130862368977d26c2f0a38cc8b3c91daaed17b3735a2dfd5568d0055ac25f3fab441b3cdb23
-
Filesize
72KB
MD56013a8c4c6151ee9a079cb162124e12c
SHA1bdf1e73e0643533e58e381590b4b9d639e463a41
SHA256bec67374a8d9dd361f92aa6d3d35df31ccaf1fc4e8799b8b0f5d0cdc8a6d2242
SHA512cabb3cee1c2eb5cf79da325862264c9f8d1016076656f53740ff9f7e0fcc371dd5a26403bedc2c9b6f148e5165896e70c1e1bea0859ed45687bfd4d1d870dc5b
-
Filesize
72KB
MD56013a8c4c6151ee9a079cb162124e12c
SHA1bdf1e73e0643533e58e381590b4b9d639e463a41
SHA256bec67374a8d9dd361f92aa6d3d35df31ccaf1fc4e8799b8b0f5d0cdc8a6d2242
SHA512cabb3cee1c2eb5cf79da325862264c9f8d1016076656f53740ff9f7e0fcc371dd5a26403bedc2c9b6f148e5165896e70c1e1bea0859ed45687bfd4d1d870dc5b
-
Filesize
72KB
MD56b9a39eab1d2386ab5ae60413b5a319f
SHA1e578865c0c8c4e83405fe93b4d17cd6a4a9de570
SHA2567672688538bb1db59fd70cc5a8f108165c25f7bece86ebb4ea35d666bc181c46
SHA512643c47fca9f7578fba8c7ac0eef85552dec5bf135029fd244183ba6c5a6e718ffc5067a33a8fc7204c0b4bb87324329956a9c01d23050838a175c52fe59773ec
-
Filesize
72KB
MD56b9a39eab1d2386ab5ae60413b5a319f
SHA1e578865c0c8c4e83405fe93b4d17cd6a4a9de570
SHA2567672688538bb1db59fd70cc5a8f108165c25f7bece86ebb4ea35d666bc181c46
SHA512643c47fca9f7578fba8c7ac0eef85552dec5bf135029fd244183ba6c5a6e718ffc5067a33a8fc7204c0b4bb87324329956a9c01d23050838a175c52fe59773ec
-
Filesize
72KB
MD5054e74175439a37cb37e3e0afb1e1430
SHA1260b839b04da850ca726d580da2950e4a8959798
SHA256fb500a7deb8979f822674cd60655d3c9e5fb7524b56035afaf5ec5a49a8eddb0
SHA51293b923ecfb64ec77e9d7d5d86a4b84b9d0c74565948b6acf6de1e8227cce52b97b1a5b79c479b80c5a4cff2d21bdff0aa3a71e1d230bd3bd0f8b7bc12e39a3e9
-
Filesize
72KB
MD5054e74175439a37cb37e3e0afb1e1430
SHA1260b839b04da850ca726d580da2950e4a8959798
SHA256fb500a7deb8979f822674cd60655d3c9e5fb7524b56035afaf5ec5a49a8eddb0
SHA51293b923ecfb64ec77e9d7d5d86a4b84b9d0c74565948b6acf6de1e8227cce52b97b1a5b79c479b80c5a4cff2d21bdff0aa3a71e1d230bd3bd0f8b7bc12e39a3e9
-
Filesize
72KB
MD526a5371ca1fbc5edaa79371792c1fa49
SHA1b71c9b49508468a96e493f9713c80615adb5b07f
SHA256f176537dab35351b233a1cd99f39d217106466dfc8063d918dacceea779f9de1
SHA512ee32cbdfdfa40194ca01381afb62b78bc55de4c7afd7e65a5ba7d1feb43b9d56d8f2cccf0b6fa649f8b265d7b18348b68c701fb5cda133adf5f8d1ccc10f00c0
-
Filesize
72KB
MD526a5371ca1fbc5edaa79371792c1fa49
SHA1b71c9b49508468a96e493f9713c80615adb5b07f
SHA256f176537dab35351b233a1cd99f39d217106466dfc8063d918dacceea779f9de1
SHA512ee32cbdfdfa40194ca01381afb62b78bc55de4c7afd7e65a5ba7d1feb43b9d56d8f2cccf0b6fa649f8b265d7b18348b68c701fb5cda133adf5f8d1ccc10f00c0
-
Filesize
72KB
MD573b5be3c909ee0a1a7e498f9c38c80f9
SHA10de6f241544be34a7d5a41c276a7845d09a87780
SHA25646223b73f2b274e59e35958af3777dd4125e20080f0a8a0b89d493b0ba6643f8
SHA512ce2c482634dbfec162b178b54e657e9dd93590ef4b928cdc3c1cf27bd75e7bafad0303ddc0ecb1dcd70cc5b3c5f32f86abfc2ea0ed6339215790c1b48bdc2b8d
-
Filesize
72KB
MD573b5be3c909ee0a1a7e498f9c38c80f9
SHA10de6f241544be34a7d5a41c276a7845d09a87780
SHA25646223b73f2b274e59e35958af3777dd4125e20080f0a8a0b89d493b0ba6643f8
SHA512ce2c482634dbfec162b178b54e657e9dd93590ef4b928cdc3c1cf27bd75e7bafad0303ddc0ecb1dcd70cc5b3c5f32f86abfc2ea0ed6339215790c1b48bdc2b8d
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-