Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
172s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
23/11/2022, 18:33
General
-
Target
0026c11869068f1a94e0cc86e73cc4669792f1db1ac24f9482fb4e7157a534d4.exe
-
Size
72KB
-
MD5
44ad3c444cafef6921870203cb49b250
-
SHA1
2e11af64aea7a5758773eca7065e732683acf9b6
-
SHA256
0026c11869068f1a94e0cc86e73cc4669792f1db1ac24f9482fb4e7157a534d4
-
SHA512
8b96ed321b9a5e2830d5b81265603d8a49bfab92f68f6da33fa3747e4f2b047c5d53e76b0a6d40fd17327a907e3b3ecc4775ac2672f690430a358221f7e7984c
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2/:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrD
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 30 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0026c11869068f1a94e0cc86e73cc4669792f1db1ac24f9482fb4e7157a534d4.exe"C:\Users\Admin\AppData\Local\Temp\0026c11869068f1a94e0cc86e73cc4669792f1db1ac24f9482fb4e7157a534d4.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3562826218\backup.exeC:\Users\Admin\AppData\Local\Temp\3562826218\backup.exe C:\Users\Admin\AppData\Local\Temp\3562826218\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\Filters\update.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\update.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\update.exe"C:\Program Files\Common Files\SpeechEngines\update.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\System Restore.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\System Restore.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\update.exe"C:\Program Files\Common Files\System\ado\ja-JP\update.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\update.exe"C:\Program Files\Common Files\System\ja-JP\update.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
-
-
C:\Program Files\DVD Maker\System Restore.exe"C:\Program Files\DVD Maker\System Restore.exe" C:\Program Files\DVD Maker\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
-
-
C:\Program Files\DVD Maker\es-ES\System Restore.exe"C:\Program Files\DVD Maker\es-ES\System Restore.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\ja-JP\data.exe"C:\Program Files\DVD Maker\ja-JP\data.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
-
C:\Program Files\Internet Explorer\ja-JP\update.exe"C:\Program Files\Internet Explorer\ja-JP\update.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- System policy modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\10⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\11⤵
-
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\9⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\10⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Drops file in Program Files directory
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\data.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\data.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\10⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\8⤵
-
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EURO\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
-
C:\Program Files (x86)\Google\update.exe"C:\Program Files (x86)\Google\update.exe" C:\Program Files (x86)\Google\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\System Restore.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\System Restore.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
- System policy modification
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Google\Update\Install\{A34133AB-B19C-44B8-A3DD-6C0C95C66814}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{A34133AB-B19C-44B8-A3DD-6C0C95C66814}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{A34133AB-B19C-44B8-A3DD-6C0C95C66814}\8⤵
-
-
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\ja-JP\update.exe"C:\Program Files (x86)\Internet Explorer\ja-JP\update.exe" C:\Program Files (x86)\Internet Explorer\ja-JP\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\data.exe"C:\Users\Admin\Saved Games\data.exe" C:\Users\Admin\Saved Games\6⤵
- System policy modification
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Users\Public\Music\Sample Music\backup.exe"C:\Users\Public\Music\Sample Music\backup.exe" C:\Users\Public\Music\Sample Music\7⤵
-
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Public\Pictures\Sample Pictures\backup.exe"C:\Users\Public\Pictures\Sample Pictures\backup.exe" C:\Users\Public\Pictures\Sample Pictures\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Users\Public\Recorded TV\backup.exe"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\6⤵
-
C:\Users\Public\Recorded TV\Sample Media\backup.exe"C:\Users\Public\Recorded TV\Sample Media\backup.exe" C:\Users\Public\Recorded TV\Sample Media\7⤵
-
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
C:\Users\Public\Videos\Sample Videos\backup.exe"C:\Users\Public\Videos\Sample Videos\backup.exe" C:\Users\Public\Videos\Sample Videos\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\AppPatch\AppPatch64\backup.exeC:\Windows\AppPatch\AppPatch64\backup.exe C:\Windows\AppPatch\AppPatch64\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\AppPatch\Custom\backup.exeC:\Windows\AppPatch\Custom\backup.exe C:\Windows\AppPatch\Custom\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
- System policy modification
-
C:\Windows\AppPatch\Custom\Custom64\System Restore.exe"C:\Windows\AppPatch\Custom\Custom64\System Restore.exe" C:\Windows\AppPatch\Custom\Custom64\7⤵
-
-
-
C:\Windows\AppPatch\de-DE\backup.exeC:\Windows\AppPatch\de-DE\backup.exe C:\Windows\AppPatch\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Windows\AppPatch\en-US\backup.exeC:\Windows\AppPatch\en-US\backup.exe C:\Windows\AppPatch\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\AppPatch\es-ES\System Restore.exe"C:\Windows\AppPatch\es-ES\System Restore.exe" C:\Windows\AppPatch\es-ES\6⤵
-
-
C:\Windows\AppPatch\fr-FR\backup.exeC:\Windows\AppPatch\fr-FR\backup.exe C:\Windows\AppPatch\fr-FR\6⤵
-
-
C:\Windows\AppPatch\it-IT\backup.exeC:\Windows\AppPatch\it-IT\backup.exe C:\Windows\AppPatch\it-IT\6⤵
-
-
C:\Windows\AppPatch\ja-JP\backup.exeC:\Windows\AppPatch\ja-JP\backup.exe C:\Windows\AppPatch\ja-JP\6⤵
-
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC\update.exeC:\Windows\assembly\GAC\update.exe C:\Windows\assembly\GAC\6⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\8⤵
- System policy modification
-
-
-
C:\Windows\assembly\GAC\Extensibility\backup.exeC:\Windows\assembly\GAC\Extensibility\backup.exe C:\Windows\assembly\GAC\Extensibility\7⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Microsoft.Ink\backup.exeC:\Windows\assembly\GAC\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\7⤵
-
-
-
C:\Windows\assembly\GAC_32\backup.exeC:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\6⤵
-
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\Branding\Basebrd\backup.exeC:\Windows\Branding\Basebrd\backup.exe C:\Windows\Branding\Basebrd\6⤵
- Drops file in Windows directory
-
C:\Windows\Branding\Basebrd\de-DE\backup.exeC:\Windows\Branding\Basebrd\de-DE\backup.exe C:\Windows\Branding\Basebrd\de-DE\7⤵
-
-
C:\Windows\Branding\Basebrd\en-US\backup.exeC:\Windows\Branding\Basebrd\en-US\backup.exe C:\Windows\Branding\Basebrd\en-US\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\Branding\Basebrd\es-ES\System Restore.exe"C:\Windows\Branding\Basebrd\es-ES\System Restore.exe" C:\Windows\Branding\Basebrd\es-ES\7⤵
-
-
C:\Windows\Branding\Basebrd\fr-FR\backup.exeC:\Windows\Branding\Basebrd\fr-FR\backup.exe C:\Windows\Branding\Basebrd\fr-FR\7⤵
-
-
-
C:\Windows\Branding\ShellBrd\System Restore.exe"C:\Windows\Branding\ShellBrd\System Restore.exe" C:\Windows\Branding\ShellBrd\6⤵
-
-
-
C:\Windows\CSC\backup.exeC:\Windows\CSC\backup.exe C:\Windows\CSC\5⤵
-
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\WPDNSE\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5348e9412b23a17bd1c0c759974ec1c80
SHA12469e2eec97be9536e86cdb4bbff8b1db92b492a
SHA256585f3fd7ae0c4b8d805b7b5188ed359db839103cea470ad75c443486e1b118fd
SHA512621cedf3feeb5577e0c4db4aa621c70c7ea75e3f0ae246f45e139517400e08a640c84422f1124c3a35fbd645bf7ae6d30d12d92fc4181c3575eea2dbbc6f60c5
-
Filesize
72KB
MD5a456fca721c7af011983e6de8d8f4bf6
SHA1a7913f6a6f27e431c1334b17622b9316c1bab782
SHA256d9995b0ce9a840cc3c779a8294d0cdf1bcf2ba4770b9faf0e14dbd536ed8f9c7
SHA5129e0a60dea914bf7159de71c2944c39ad606705c2bb2e22679705a8726a9491b91cf1239d8bf2173ecb9be0e8376fd43fab7578aafe915406f7634ba05e0fa929
-
Filesize
72KB
MD5a456fca721c7af011983e6de8d8f4bf6
SHA1a7913f6a6f27e431c1334b17622b9316c1bab782
SHA256d9995b0ce9a840cc3c779a8294d0cdf1bcf2ba4770b9faf0e14dbd536ed8f9c7
SHA5129e0a60dea914bf7159de71c2944c39ad606705c2bb2e22679705a8726a9491b91cf1239d8bf2173ecb9be0e8376fd43fab7578aafe915406f7634ba05e0fa929
-
Filesize
72KB
MD5bddd28ada2ca843d471576f7c1129c0e
SHA17fd9a0bce691e50fabb62fab9386c71e2baaabe9
SHA2566641ab722f4ccb1b40f404889633ea78484299cfeb3af50e86f1e0039d45da9d
SHA51200ebc1198f89d8bffc2751c314627a14adfc3e4d80084910269f2cd6015b96fd001495139a46206666121331c35c7ce94b83ca7c69facda984979324046ca66d
-
Filesize
72KB
MD574f462313e44185e6fd8e2c6d622f5bf
SHA1415a8e29f38ac95097727257ae0fdbc4ff229dcc
SHA256002c9f33f42aa560be1489505133310de28ed01bb501d15c6c0ddcddb550ddb2
SHA5125c2ea648bac5c8b7791779f793ffef74d2e4976be4fc046a5f617817d30851d925f222e51daf720359e6cea1512a51703f4c969ebcc1f716cab2553feb26cf2f
-
Filesize
72KB
MD574f462313e44185e6fd8e2c6d622f5bf
SHA1415a8e29f38ac95097727257ae0fdbc4ff229dcc
SHA256002c9f33f42aa560be1489505133310de28ed01bb501d15c6c0ddcddb550ddb2
SHA5125c2ea648bac5c8b7791779f793ffef74d2e4976be4fc046a5f617817d30851d925f222e51daf720359e6cea1512a51703f4c969ebcc1f716cab2553feb26cf2f
-
Filesize
72KB
MD5b801c4c7d1f165beef9f5e1687ecb802
SHA17da228d96e9b44b110d23c0091753ede584ea59c
SHA2566c4805a5192b98c43997811b764fd9a5f34d4a3ac572d6e5ff586b1ca6b73dd5
SHA5126076a3dfaed9999eef4c8cde7dd9ac5de184f59e180856be2aec7df9391152975960f7110738685320f530487bfd9dbe3b41b14873c2c277f412e7cffa8ef535
-
Filesize
72KB
MD5b801c4c7d1f165beef9f5e1687ecb802
SHA17da228d96e9b44b110d23c0091753ede584ea59c
SHA2566c4805a5192b98c43997811b764fd9a5f34d4a3ac572d6e5ff586b1ca6b73dd5
SHA5126076a3dfaed9999eef4c8cde7dd9ac5de184f59e180856be2aec7df9391152975960f7110738685320f530487bfd9dbe3b41b14873c2c277f412e7cffa8ef535
-
Filesize
72KB
MD54807459bee4b7ec59691363b98f3db99
SHA1cd8a8428a87d9f8699d46104a3419b32243119bd
SHA25617f9a94d47646ef551becfda246ff2f452876f0106488062c7f2030021ac32e7
SHA512e3c4b0b21013b65c9d1edeb5dfe6d6e54332890c63495cf934042f666f95f32ab02ac1247bdc696f71aaf428cf945511d47ff02dd0da83b8f4be657729bb4ff2
-
Filesize
72KB
MD54807459bee4b7ec59691363b98f3db99
SHA1cd8a8428a87d9f8699d46104a3419b32243119bd
SHA25617f9a94d47646ef551becfda246ff2f452876f0106488062c7f2030021ac32e7
SHA512e3c4b0b21013b65c9d1edeb5dfe6d6e54332890c63495cf934042f666f95f32ab02ac1247bdc696f71aaf428cf945511d47ff02dd0da83b8f4be657729bb4ff2
-
Filesize
72KB
MD50fdbc94c10d3e53eb346ee04fa399341
SHA17f7d361e8d03085bc630182e316defca43c916f9
SHA256cd7301648b3a8020b3c0c9af704b923d1de14eb3967e748424bca6acacf9d939
SHA512180beb7a87999ccd6f768f27677f79b7dceec42ef1e2df67bb37a2a1f29de8c588507c913a622d57fd81286895bfe09aca5dcd003b9057e29155bc6fc7319b5d
-
Filesize
72KB
MD54f3e408f363389b0824e2e5b5b564545
SHA10b834b7388fd34aa739fec43c47be6e90a0dbc94
SHA2564b8b560e54e037faa92427888fe91a00a387e268f02ec5f1fe2cc59507ddeb2c
SHA5120113f3f68ac50314690a55d34b3c10d858e67fd93f69b93f351f22a7eae1d15e7ae3fe2136c261bf990ff69322f61be210a4503eaccb023be1c5bc1e3edc0223
-
Filesize
72KB
MD54f3e408f363389b0824e2e5b5b564545
SHA10b834b7388fd34aa739fec43c47be6e90a0dbc94
SHA2564b8b560e54e037faa92427888fe91a00a387e268f02ec5f1fe2cc59507ddeb2c
SHA5120113f3f68ac50314690a55d34b3c10d858e67fd93f69b93f351f22a7eae1d15e7ae3fe2136c261bf990ff69322f61be210a4503eaccb023be1c5bc1e3edc0223
-
Filesize
72KB
MD5e3d9c430c20d26a0790306a13e8ebfca
SHA10fab9d694e24281b8eec13a35cda56bed33551e4
SHA256b0caa3f4000244342ce955e2fd03e47a539f47af07c6241a48ad3afde662cfc1
SHA5122209e8abbd7651b0624af6d369cf184dfb82cd5594fcad3e62ed943f7dfd14e5994c4c63a9c3b082094d017a83c2a49e39f31c724744c15cc14bdf441f3f64ec
-
Filesize
72KB
MD5e3d9c430c20d26a0790306a13e8ebfca
SHA10fab9d694e24281b8eec13a35cda56bed33551e4
SHA256b0caa3f4000244342ce955e2fd03e47a539f47af07c6241a48ad3afde662cfc1
SHA5122209e8abbd7651b0624af6d369cf184dfb82cd5594fcad3e62ed943f7dfd14e5994c4c63a9c3b082094d017a83c2a49e39f31c724744c15cc14bdf441f3f64ec
-
Filesize
72KB
MD57778082cabd519d85689b9b2da89f155
SHA1cf1fdf8a2a5d9262648b00193c6bc78af233c128
SHA256f9a00704481fe2db8b8cfe141dce49ef7a40900e797f599c1b5702ba35d5f71e
SHA512778ece660f8073e8f648893323a7a3570305818eed2b7bc7051ceb15ae48395ccc4c8a132535b24d7a005ba938eca729270992184c6f0bc718245c552e367bfa
-
Filesize
72KB
MD57778082cabd519d85689b9b2da89f155
SHA1cf1fdf8a2a5d9262648b00193c6bc78af233c128
SHA256f9a00704481fe2db8b8cfe141dce49ef7a40900e797f599c1b5702ba35d5f71e
SHA512778ece660f8073e8f648893323a7a3570305818eed2b7bc7051ceb15ae48395ccc4c8a132535b24d7a005ba938eca729270992184c6f0bc718245c552e367bfa
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5766198958844dc0efff14a0fb4a4e1ac
SHA179fe8883f9aa0a4a92ab1c623ab4a6cd3fc2e405
SHA256c05926007f97a6c7d301f742b4ffb1aa05738f6078d3886408fc2b1bcb77e50b
SHA5122b0897235d7450c25d3d4a7fe1c0faee92c897768f70b5aa9aa362ef21588553c5eb6692bb0a336eeb590090167574cf58312fe01dee1de3d350812ca3c0d2c3
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD58eabe9e68babaee5d7c8aa7130b9348b
SHA1ad011a88494f20c51c2885205383db1be5ec00db
SHA2560b1fdbe3e8069e8db3c1036a74d8728b4f241488ace760b01f974a098c83bffe
SHA512f120aaff54774e8d14e62215fab03d5bd6f0d4c763e0403a864b4fb4e52adb1daa854c8e7ffa1a21f33a066ac403cedad92c3c20f9d2e6994520fca29e5d7869
-
Filesize
72KB
MD59bd35391a490da6556638f42f91f545a
SHA145ee69af6491e5cc4ed990e0b7d3b775384ed1ed
SHA256a2eccec961ca3e394c0b800c42899df8b7a2ae5110715a6ae9c24847d7bb81ca
SHA512e01ba5e3d2e8a6322ceb8d24df67205b96f84510cc9ff0db8fad11d03eb707d94ebd23533c70898c0fe39b4769b8a3c841f130c6ebf2c962f51b3a3452c167e4
-
Filesize
72KB
MD59bd35391a490da6556638f42f91f545a
SHA145ee69af6491e5cc4ed990e0b7d3b775384ed1ed
SHA256a2eccec961ca3e394c0b800c42899df8b7a2ae5110715a6ae9c24847d7bb81ca
SHA512e01ba5e3d2e8a6322ceb8d24df67205b96f84510cc9ff0db8fad11d03eb707d94ebd23533c70898c0fe39b4769b8a3c841f130c6ebf2c962f51b3a3452c167e4
-
Filesize
72KB
MD5348e9412b23a17bd1c0c759974ec1c80
SHA12469e2eec97be9536e86cdb4bbff8b1db92b492a
SHA256585f3fd7ae0c4b8d805b7b5188ed359db839103cea470ad75c443486e1b118fd
SHA512621cedf3feeb5577e0c4db4aa621c70c7ea75e3f0ae246f45e139517400e08a640c84422f1124c3a35fbd645bf7ae6d30d12d92fc4181c3575eea2dbbc6f60c5
-
Filesize
72KB
MD5348e9412b23a17bd1c0c759974ec1c80
SHA12469e2eec97be9536e86cdb4bbff8b1db92b492a
SHA256585f3fd7ae0c4b8d805b7b5188ed359db839103cea470ad75c443486e1b118fd
SHA512621cedf3feeb5577e0c4db4aa621c70c7ea75e3f0ae246f45e139517400e08a640c84422f1124c3a35fbd645bf7ae6d30d12d92fc4181c3575eea2dbbc6f60c5
-
Filesize
72KB
MD5a456fca721c7af011983e6de8d8f4bf6
SHA1a7913f6a6f27e431c1334b17622b9316c1bab782
SHA256d9995b0ce9a840cc3c779a8294d0cdf1bcf2ba4770b9faf0e14dbd536ed8f9c7
SHA5129e0a60dea914bf7159de71c2944c39ad606705c2bb2e22679705a8726a9491b91cf1239d8bf2173ecb9be0e8376fd43fab7578aafe915406f7634ba05e0fa929
-
Filesize
72KB
MD5a456fca721c7af011983e6de8d8f4bf6
SHA1a7913f6a6f27e431c1334b17622b9316c1bab782
SHA256d9995b0ce9a840cc3c779a8294d0cdf1bcf2ba4770b9faf0e14dbd536ed8f9c7
SHA5129e0a60dea914bf7159de71c2944c39ad606705c2bb2e22679705a8726a9491b91cf1239d8bf2173ecb9be0e8376fd43fab7578aafe915406f7634ba05e0fa929
-
Filesize
72KB
MD5bddd28ada2ca843d471576f7c1129c0e
SHA17fd9a0bce691e50fabb62fab9386c71e2baaabe9
SHA2566641ab722f4ccb1b40f404889633ea78484299cfeb3af50e86f1e0039d45da9d
SHA51200ebc1198f89d8bffc2751c314627a14adfc3e4d80084910269f2cd6015b96fd001495139a46206666121331c35c7ce94b83ca7c69facda984979324046ca66d
-
Filesize
72KB
MD5bddd28ada2ca843d471576f7c1129c0e
SHA17fd9a0bce691e50fabb62fab9386c71e2baaabe9
SHA2566641ab722f4ccb1b40f404889633ea78484299cfeb3af50e86f1e0039d45da9d
SHA51200ebc1198f89d8bffc2751c314627a14adfc3e4d80084910269f2cd6015b96fd001495139a46206666121331c35c7ce94b83ca7c69facda984979324046ca66d
-
Filesize
72KB
MD5bddd28ada2ca843d471576f7c1129c0e
SHA17fd9a0bce691e50fabb62fab9386c71e2baaabe9
SHA2566641ab722f4ccb1b40f404889633ea78484299cfeb3af50e86f1e0039d45da9d
SHA51200ebc1198f89d8bffc2751c314627a14adfc3e4d80084910269f2cd6015b96fd001495139a46206666121331c35c7ce94b83ca7c69facda984979324046ca66d
-
Filesize
72KB
MD574f462313e44185e6fd8e2c6d622f5bf
SHA1415a8e29f38ac95097727257ae0fdbc4ff229dcc
SHA256002c9f33f42aa560be1489505133310de28ed01bb501d15c6c0ddcddb550ddb2
SHA5125c2ea648bac5c8b7791779f793ffef74d2e4976be4fc046a5f617817d30851d925f222e51daf720359e6cea1512a51703f4c969ebcc1f716cab2553feb26cf2f
-
Filesize
72KB
MD574f462313e44185e6fd8e2c6d622f5bf
SHA1415a8e29f38ac95097727257ae0fdbc4ff229dcc
SHA256002c9f33f42aa560be1489505133310de28ed01bb501d15c6c0ddcddb550ddb2
SHA5125c2ea648bac5c8b7791779f793ffef74d2e4976be4fc046a5f617817d30851d925f222e51daf720359e6cea1512a51703f4c969ebcc1f716cab2553feb26cf2f
-
Filesize
72KB
MD5b801c4c7d1f165beef9f5e1687ecb802
SHA17da228d96e9b44b110d23c0091753ede584ea59c
SHA2566c4805a5192b98c43997811b764fd9a5f34d4a3ac572d6e5ff586b1ca6b73dd5
SHA5126076a3dfaed9999eef4c8cde7dd9ac5de184f59e180856be2aec7df9391152975960f7110738685320f530487bfd9dbe3b41b14873c2c277f412e7cffa8ef535
-
Filesize
72KB
MD5b801c4c7d1f165beef9f5e1687ecb802
SHA17da228d96e9b44b110d23c0091753ede584ea59c
SHA2566c4805a5192b98c43997811b764fd9a5f34d4a3ac572d6e5ff586b1ca6b73dd5
SHA5126076a3dfaed9999eef4c8cde7dd9ac5de184f59e180856be2aec7df9391152975960f7110738685320f530487bfd9dbe3b41b14873c2c277f412e7cffa8ef535
-
Filesize
72KB
MD54807459bee4b7ec59691363b98f3db99
SHA1cd8a8428a87d9f8699d46104a3419b32243119bd
SHA25617f9a94d47646ef551becfda246ff2f452876f0106488062c7f2030021ac32e7
SHA512e3c4b0b21013b65c9d1edeb5dfe6d6e54332890c63495cf934042f666f95f32ab02ac1247bdc696f71aaf428cf945511d47ff02dd0da83b8f4be657729bb4ff2
-
Filesize
72KB
MD54807459bee4b7ec59691363b98f3db99
SHA1cd8a8428a87d9f8699d46104a3419b32243119bd
SHA25617f9a94d47646ef551becfda246ff2f452876f0106488062c7f2030021ac32e7
SHA512e3c4b0b21013b65c9d1edeb5dfe6d6e54332890c63495cf934042f666f95f32ab02ac1247bdc696f71aaf428cf945511d47ff02dd0da83b8f4be657729bb4ff2
-
Filesize
72KB
MD50fdbc94c10d3e53eb346ee04fa399341
SHA17f7d361e8d03085bc630182e316defca43c916f9
SHA256cd7301648b3a8020b3c0c9af704b923d1de14eb3967e748424bca6acacf9d939
SHA512180beb7a87999ccd6f768f27677f79b7dceec42ef1e2df67bb37a2a1f29de8c588507c913a622d57fd81286895bfe09aca5dcd003b9057e29155bc6fc7319b5d
-
Filesize
72KB
MD50fdbc94c10d3e53eb346ee04fa399341
SHA17f7d361e8d03085bc630182e316defca43c916f9
SHA256cd7301648b3a8020b3c0c9af704b923d1de14eb3967e748424bca6acacf9d939
SHA512180beb7a87999ccd6f768f27677f79b7dceec42ef1e2df67bb37a2a1f29de8c588507c913a622d57fd81286895bfe09aca5dcd003b9057e29155bc6fc7319b5d
-
Filesize
72KB
MD54f3e408f363389b0824e2e5b5b564545
SHA10b834b7388fd34aa739fec43c47be6e90a0dbc94
SHA2564b8b560e54e037faa92427888fe91a00a387e268f02ec5f1fe2cc59507ddeb2c
SHA5120113f3f68ac50314690a55d34b3c10d858e67fd93f69b93f351f22a7eae1d15e7ae3fe2136c261bf990ff69322f61be210a4503eaccb023be1c5bc1e3edc0223
-
Filesize
72KB
MD54f3e408f363389b0824e2e5b5b564545
SHA10b834b7388fd34aa739fec43c47be6e90a0dbc94
SHA2564b8b560e54e037faa92427888fe91a00a387e268f02ec5f1fe2cc59507ddeb2c
SHA5120113f3f68ac50314690a55d34b3c10d858e67fd93f69b93f351f22a7eae1d15e7ae3fe2136c261bf990ff69322f61be210a4503eaccb023be1c5bc1e3edc0223
-
Filesize
72KB
MD58199b9354fcb9506ae2f81ebbed718e9
SHA1322bbf1dbc015f104c538b2ea095cc257130f6e8
SHA25605a1b247baeaada4376f37dc0550b0f91a0760a84d57528cc5cc702f9eed969c
SHA51273ba13b7bfa2bc326a3712a8fdf8a4f42c5dc5643967ea6e441c7a0e0f0112bf08dc17b9064f1970362ed1674258322b198e63e9fe99a404cdcd4c151431f33d
-
Filesize
72KB
MD58199b9354fcb9506ae2f81ebbed718e9
SHA1322bbf1dbc015f104c538b2ea095cc257130f6e8
SHA25605a1b247baeaada4376f37dc0550b0f91a0760a84d57528cc5cc702f9eed969c
SHA51273ba13b7bfa2bc326a3712a8fdf8a4f42c5dc5643967ea6e441c7a0e0f0112bf08dc17b9064f1970362ed1674258322b198e63e9fe99a404cdcd4c151431f33d
-
Filesize
72KB
MD5e3d9c430c20d26a0790306a13e8ebfca
SHA10fab9d694e24281b8eec13a35cda56bed33551e4
SHA256b0caa3f4000244342ce955e2fd03e47a539f47af07c6241a48ad3afde662cfc1
SHA5122209e8abbd7651b0624af6d369cf184dfb82cd5594fcad3e62ed943f7dfd14e5994c4c63a9c3b082094d017a83c2a49e39f31c724744c15cc14bdf441f3f64ec
-
Filesize
72KB
MD5e3d9c430c20d26a0790306a13e8ebfca
SHA10fab9d694e24281b8eec13a35cda56bed33551e4
SHA256b0caa3f4000244342ce955e2fd03e47a539f47af07c6241a48ad3afde662cfc1
SHA5122209e8abbd7651b0624af6d369cf184dfb82cd5594fcad3e62ed943f7dfd14e5994c4c63a9c3b082094d017a83c2a49e39f31c724744c15cc14bdf441f3f64ec
-
Filesize
72KB
MD57778082cabd519d85689b9b2da89f155
SHA1cf1fdf8a2a5d9262648b00193c6bc78af233c128
SHA256f9a00704481fe2db8b8cfe141dce49ef7a40900e797f599c1b5702ba35d5f71e
SHA512778ece660f8073e8f648893323a7a3570305818eed2b7bc7051ceb15ae48395ccc4c8a132535b24d7a005ba938eca729270992184c6f0bc718245c552e367bfa
-
Filesize
72KB
MD57778082cabd519d85689b9b2da89f155
SHA1cf1fdf8a2a5d9262648b00193c6bc78af233c128
SHA256f9a00704481fe2db8b8cfe141dce49ef7a40900e797f599c1b5702ba35d5f71e
SHA512778ece660f8073e8f648893323a7a3570305818eed2b7bc7051ceb15ae48395ccc4c8a132535b24d7a005ba938eca729270992184c6f0bc718245c552e367bfa
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5766198958844dc0efff14a0fb4a4e1ac
SHA179fe8883f9aa0a4a92ab1c623ab4a6cd3fc2e405
SHA256c05926007f97a6c7d301f742b4ffb1aa05738f6078d3886408fc2b1bcb77e50b
SHA5122b0897235d7450c25d3d4a7fe1c0faee92c897768f70b5aa9aa362ef21588553c5eb6692bb0a336eeb590090167574cf58312fe01dee1de3d350812ca3c0d2c3
-
Filesize
72KB
MD5766198958844dc0efff14a0fb4a4e1ac
SHA179fe8883f9aa0a4a92ab1c623ab4a6cd3fc2e405
SHA256c05926007f97a6c7d301f742b4ffb1aa05738f6078d3886408fc2b1bcb77e50b
SHA5122b0897235d7450c25d3d4a7fe1c0faee92c897768f70b5aa9aa362ef21588553c5eb6692bb0a336eeb590090167574cf58312fe01dee1de3d350812ca3c0d2c3
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD5bd292220f25b03e2f244be421152cb6c
SHA1db09a36ccca3fb578a44434abdba7147e80af6bb
SHA256f006d51b3d6dc38b4a8bd734af4bc02d92031a1f07d10d294672caac3c4a84ae
SHA5122a70e0a79c8fa7d530f0fe40bad38aec3c23986dc42a77d38bf7908e40d6b41bed5911fbf94381b83078e5a5f1279601eecd6ffb51a78a96df7fdd5962dc0fe8
-
Filesize
72KB
MD58eabe9e68babaee5d7c8aa7130b9348b
SHA1ad011a88494f20c51c2885205383db1be5ec00db
SHA2560b1fdbe3e8069e8db3c1036a74d8728b4f241488ace760b01f974a098c83bffe
SHA512f120aaff54774e8d14e62215fab03d5bd6f0d4c763e0403a864b4fb4e52adb1daa854c8e7ffa1a21f33a066ac403cedad92c3c20f9d2e6994520fca29e5d7869
-
Filesize
72KB
MD58eabe9e68babaee5d7c8aa7130b9348b
SHA1ad011a88494f20c51c2885205383db1be5ec00db
SHA2560b1fdbe3e8069e8db3c1036a74d8728b4f241488ace760b01f974a098c83bffe
SHA512f120aaff54774e8d14e62215fab03d5bd6f0d4c763e0403a864b4fb4e52adb1daa854c8e7ffa1a21f33a066ac403cedad92c3c20f9d2e6994520fca29e5d7869
-
Filesize
8KB
-
Filesize
8KB