Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
157s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
29/11/2022, 13:50
General
-
Target
bec314ad1933d5ad67872262acfaff175327d1354345c2b4beca878006c7b47b.exe
-
Size
72KB
-
MD5
0ef9f2e660b02b5efdb99f908b41ac10
-
SHA1
134daad16ac6ad6a9c9ead658b124f8f6804f1b9
-
SHA256
bec314ad1933d5ad67872262acfaff175327d1354345c2b4beca878006c7b47b
-
SHA512
dde8c4cbf7fe7e9070204f6948c7577940728271ed567eedddf8bb456b836cceed7ab3859a37616589c15a1970bae6a8d9366f10758b45d719d1298d7ebf1e3d
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2k:ipQNwC3BEddsEqOt/hyJF+x3BEJwRr4
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bec314ad1933d5ad67872262acfaff175327d1354345c2b4beca878006c7b47b.exe"C:\Users\Admin\AppData\Local\Temp\bec314ad1933d5ad67872262acfaff175327d1354345c2b4beca878006c7b47b.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\4234886684\backup.exeC:\Users\Admin\AppData\Local\Temp\4234886684\backup.exe C:\Users\Admin\AppData\Local\Temp\4234886684\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\update.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\VC\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\System Restore.exe"C:\Program Files\Common Files\System\ado\System Restore.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\data.exe"C:\Program Files\Common Files\System\fr-FR\data.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\data.exe"C:\Program Files\Microsoft Games\data.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\update.exe"C:\Program Files\Mozilla Firefox\update.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\update.exe"C:\Program Files (x86)\Microsoft Sync Framework\update.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Users\Admin\Contacts\System Restore.exe"C:\Users\Admin\Contacts\System Restore.exe" C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\System Restore.exe"C:\Users\Admin\Downloads\System Restore.exe" C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\update.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\update.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD581fa51b2bbbc34e1c6c4c3466287181d
SHA1d7a5f432579efcf0174cbd315bdef67aac277aab
SHA2561cf82798dffc62a2b157eae656b4560d828b19b0f2f0dca9c7896564a135b19b
SHA5128339433ba5d67933acff487c1665717460e7b5203e4b1dd3495b1b8eb6125468a66a7baf0ad6350ec1d395b00f1994d7098e2b7baa95e163d496c2c9dc95bf19
-
Filesize
72KB
MD5ff100a7fa9a48b6da183c2e3f8176396
SHA1449643dc64931609b82244f3f00304d2d151d95b
SHA25606b241f04181abb9cb201bba2d2cd9fbe41812a11452795fa07876d2812dbfa2
SHA51263bacbfc2160ccec7df06f0daa79f216f8b35702e10d28c82b3c11679ad85d30e81b07a29f59cee3f8f94de466dabc23d60825e61f0e2da1b6b4500a244766c6
-
Filesize
72KB
MD5ff100a7fa9a48b6da183c2e3f8176396
SHA1449643dc64931609b82244f3f00304d2d151d95b
SHA25606b241f04181abb9cb201bba2d2cd9fbe41812a11452795fa07876d2812dbfa2
SHA51263bacbfc2160ccec7df06f0daa79f216f8b35702e10d28c82b3c11679ad85d30e81b07a29f59cee3f8f94de466dabc23d60825e61f0e2da1b6b4500a244766c6
-
Filesize
72KB
MD537317b47c2b1f52d6c8db0a607964ea7
SHA1f2edbe97326f7d9484bb9d35f42af367d8118240
SHA2564833961803c4e954bac2287aed0b67518bdc5984d9c9994664050653dfe03233
SHA512ea1e3be56aed4b627aefb590b156f10dbd3929349d3f989976b74b5d978d31a9642e4e3c9e6d133fc23279928d0dfe752f1cf25834ec862e138bd1e197314d9a
-
Filesize
72KB
MD54de0562dfbad9979d40e0081a1830bf2
SHA11d51dd0955319e96f817ad310326aa8e3c912c34
SHA256149264d35f76c7f7f0782e100ff3e83e7f30e11a9e650a5cf8d2b7b309f17348
SHA512b783ac5eba47fe264222a9f72c6a391f7b970ba909c9e9a5ab38229790cc21a84f9be1ddad3f59be8e61bec5a1c2e477d0bd25f8188faf6f34c0bd62d7b09f73
-
Filesize
72KB
MD54de0562dfbad9979d40e0081a1830bf2
SHA11d51dd0955319e96f817ad310326aa8e3c912c34
SHA256149264d35f76c7f7f0782e100ff3e83e7f30e11a9e650a5cf8d2b7b309f17348
SHA512b783ac5eba47fe264222a9f72c6a391f7b970ba909c9e9a5ab38229790cc21a84f9be1ddad3f59be8e61bec5a1c2e477d0bd25f8188faf6f34c0bd62d7b09f73
-
Filesize
72KB
MD5844d00e304f0338b18ad2555b987a99f
SHA164159c211e1f21030766d1431310efbbbbb6ad0c
SHA256d5a96a3cd82bed399d4b42de1c6680349ee051f5ec44cde617cebdf602538b9d
SHA5120a1f6ced035c1a4540279b420e57acd15a99f56660c56133d0616c5f3577a9c1254da131ae5438d704c92abe69d990a6e71085db03a0cadb8a43c7d8af6c513e
-
Filesize
72KB
MD5b63557077d601edfb29369c05c7b5d3f
SHA1c4675dc375636850935efe029788f09cce80d229
SHA256ac110f03c75375d6529bdee64749547da6ea1920cec59922ba95beef450d46db
SHA512a01c4b0405958f382aa6eea0e9ab28c8ae8a1103a571e5f80380221f216e0f371c74ad3ba7abdabec815ca1294f6b7b25950406f0890a804ecf9ead79945b434
-
Filesize
72KB
MD5b63557077d601edfb29369c05c7b5d3f
SHA1c4675dc375636850935efe029788f09cce80d229
SHA256ac110f03c75375d6529bdee64749547da6ea1920cec59922ba95beef450d46db
SHA512a01c4b0405958f382aa6eea0e9ab28c8ae8a1103a571e5f80380221f216e0f371c74ad3ba7abdabec815ca1294f6b7b25950406f0890a804ecf9ead79945b434
-
Filesize
72KB
MD589eb639a10f2bbdd7e401c3a5905a2d3
SHA14d6063b3e93e8725278db7fa2a641c8cdd929a7f
SHA256a16457e02ee67ee6704ccf0f52d288bdbd1d062ac0b4788ad3894c0f87db611c
SHA512f69efd08a3b0d286a11e5ca820910ff3599c743994694156a4bbb71b62cea5695e35758143ac9ac0eb655d428cfb139d76c77ae14cab52713b98087f79163fc6
-
Filesize
72KB
MD55c74a0cc603811eae2e40ca0983dce21
SHA1f45b5448c24d15aa6e8ac60a083daf05dc2c8cb4
SHA2567df2256678b6f3e40da1523f972f96f27daa72f3236de4b0a2f8c35621b45bce
SHA51267e16c9be2a4d962bc0e2bfca652852f1c67dca3c3ea21cde8e2b8b61e88c08006fcf4c9a34a25a20ec4de9869e50ba4a846e7d46eaa437bb7c7fe84374a5f3a
-
Filesize
72KB
MD55c74a0cc603811eae2e40ca0983dce21
SHA1f45b5448c24d15aa6e8ac60a083daf05dc2c8cb4
SHA2567df2256678b6f3e40da1523f972f96f27daa72f3236de4b0a2f8c35621b45bce
SHA51267e16c9be2a4d962bc0e2bfca652852f1c67dca3c3ea21cde8e2b8b61e88c08006fcf4c9a34a25a20ec4de9869e50ba4a846e7d46eaa437bb7c7fe84374a5f3a
-
Filesize
72KB
MD5c14fcf0c45f4a71f5b6c8ea811f27acd
SHA12efa359fcb751c7c7505192b02c55fa84903c44c
SHA2564027c54b9d83338e37d258a19eee244f5740bd3fb5f5185c84b3d2da36b01121
SHA5128f5b2c5f798d666d35423a4e2ba9e56355bcf29adedfd5300f2f7cde200d31078bb01bb15de648db560ebdf90ba0e5b9cb6081a70f641f38939c8927fdaa8b51
-
Filesize
72KB
MD592bd19bd8d0f6382740b1ac6ea5d5f0c
SHA19e1996a0886400d43b04f343e8ecdc377663e723
SHA256bd0cd9058a21cc3fa01adfc54cfd5fa10dbf26fe1c8799e39307a40984ea0ca5
SHA51250a161683e155750e2292d44e6e51658b8a66e47ad92b5fa73d3580bf5599932de5798d8bf8c758155785bd43de7eec2d8f907e974b45a9d79103b10c271477b
-
Filesize
72KB
MD599a855111ac0c158e704232c84aaabf2
SHA157eb9e9386fe2ef1abafdb4ef87c8707ff094b9c
SHA256aa3a8dfab1408b64c397922bccc35950dd3a5e37921d7469e5d6a3fd49d49f4c
SHA51249b71723ade67002c110c3281b1ba3528cb1b1d24b3680031c2e79d1aabab53cba889657d42dffa1f7ba02a4375d9e740307f4fa99a60faec85e2baf1c76ce9a
-
Filesize
72KB
MD599a855111ac0c158e704232c84aaabf2
SHA157eb9e9386fe2ef1abafdb4ef87c8707ff094b9c
SHA256aa3a8dfab1408b64c397922bccc35950dd3a5e37921d7469e5d6a3fd49d49f4c
SHA51249b71723ade67002c110c3281b1ba3528cb1b1d24b3680031c2e79d1aabab53cba889657d42dffa1f7ba02a4375d9e740307f4fa99a60faec85e2baf1c76ce9a
-
Filesize
72KB
MD569fdaf32b0173a2367fe8b992e640c66
SHA14fe80c4afe15ae389900d41a09d142b1ba42e8d5
SHA256aa3cb2bcbd14e1c98c86c8f34df7cef00b25bd0e76946a851818879877e74f82
SHA512c36d3d5f7ba209011f6348e7bba0e6ab7f69c46f064a64c0e23048a6bb65fbc4f016a8ff762e9ba457df94870df1b41399b85b44190406e0b7e4a22c9b9dc858
-
Filesize
72KB
MD569fdaf32b0173a2367fe8b992e640c66
SHA14fe80c4afe15ae389900d41a09d142b1ba42e8d5
SHA256aa3cb2bcbd14e1c98c86c8f34df7cef00b25bd0e76946a851818879877e74f82
SHA512c36d3d5f7ba209011f6348e7bba0e6ab7f69c46f064a64c0e23048a6bb65fbc4f016a8ff762e9ba457df94870df1b41399b85b44190406e0b7e4a22c9b9dc858
-
Filesize
72KB
MD59e8b5267741fdd6ea7e1571e19c4e638
SHA1a4c371da9f05fab2323b849f6a340f026e55f1a9
SHA25643b6e73f28effdc00c62027ae6827798d015867f0a6389397be83b0993456f35
SHA512be03af451978ab8152c408e5328e67d92a0002fb54f1bf289dbe76afb4d1601eb0a12acb965197fe883bf33db3fbde344c4c773370e39043112843f12d516ece
-
Filesize
72KB
MD59e8b5267741fdd6ea7e1571e19c4e638
SHA1a4c371da9f05fab2323b849f6a340f026e55f1a9
SHA25643b6e73f28effdc00c62027ae6827798d015867f0a6389397be83b0993456f35
SHA512be03af451978ab8152c408e5328e67d92a0002fb54f1bf289dbe76afb4d1601eb0a12acb965197fe883bf33db3fbde344c4c773370e39043112843f12d516ece
-
Filesize
72KB
MD55241da093e239e988b071360cf7de8e2
SHA11736152acd7a189babc35666f24d8fbddcb9b097
SHA256aeb87a2ba150ba9fbc49f698b97318cc632e6e9bb2e35a8b5c77c133988f7db4
SHA512a9b139d8ba253a2fb4af2a9f78a106d5d8750b0da28e69cfe102218c16da536b1bf7ad2bd91192b2cd3822ea21d26df8dda8dbd5a19be1a6be84ab12c9993c6f
-
Filesize
72KB
MD5f6597abd3f577cbf741b478bd9e9d5bc
SHA1a1b38654cd6a780bac13e28d4e56179c93f0045d
SHA2563f598e4a5f3dced10f6ff00a9a64e3a7a17c45c202d3bd6df7cb18fffdf3de19
SHA5129f44aa524e3ac1d63878b5adf3c54a9a02d9f5b5190aa6c815895201fed61b90b26c51e94baa7d2071b30fe1c0df53514f1881a5a735b59b4209fdb39acb73ce
-
Filesize
72KB
MD5f6597abd3f577cbf741b478bd9e9d5bc
SHA1a1b38654cd6a780bac13e28d4e56179c93f0045d
SHA2563f598e4a5f3dced10f6ff00a9a64e3a7a17c45c202d3bd6df7cb18fffdf3de19
SHA5129f44aa524e3ac1d63878b5adf3c54a9a02d9f5b5190aa6c815895201fed61b90b26c51e94baa7d2071b30fe1c0df53514f1881a5a735b59b4209fdb39acb73ce
-
Filesize
72KB
MD53e12680653774a664656d502d968479a
SHA1f99a96339a203f84525c1b1267a1dea237aadb5b
SHA25600aad2846df4efdef924ec940bedd3707a31069300ad2dca716e53528c89fbcb
SHA512b0422af788e510ba44d2d7219590aec9bf90d5e7102962f79bb6179efeda0b3f8366a1319839b8c1c08741566c88b1927ae01c93c3051eb7f2dee6c4a51d5203
-
Filesize
72KB
MD53e12680653774a664656d502d968479a
SHA1f99a96339a203f84525c1b1267a1dea237aadb5b
SHA25600aad2846df4efdef924ec940bedd3707a31069300ad2dca716e53528c89fbcb
SHA512b0422af788e510ba44d2d7219590aec9bf90d5e7102962f79bb6179efeda0b3f8366a1319839b8c1c08741566c88b1927ae01c93c3051eb7f2dee6c4a51d5203
-
Filesize
72KB
MD5150a4978e510d46381e8f22d9186a597
SHA1086a730e8b2a0647327170f89fe1d443ebaa2558
SHA256f026f17f656fd39b177d03fef69d464ae69855001123c2571cf3919cf22f7444
SHA5128a42bb9096fea89a3804677ea0125f8458a6dac78b9d785a8c79f5fefa2bb0406bfff017b22f22a8306bbd38d50a78a8a7ebdf03f68fb581b8e3bb33302ad916
-
Filesize
72KB
MD5150a4978e510d46381e8f22d9186a597
SHA1086a730e8b2a0647327170f89fe1d443ebaa2558
SHA256f026f17f656fd39b177d03fef69d464ae69855001123c2571cf3919cf22f7444
SHA5128a42bb9096fea89a3804677ea0125f8458a6dac78b9d785a8c79f5fefa2bb0406bfff017b22f22a8306bbd38d50a78a8a7ebdf03f68fb581b8e3bb33302ad916
-
Filesize
72KB
MD581fa51b2bbbc34e1c6c4c3466287181d
SHA1d7a5f432579efcf0174cbd315bdef67aac277aab
SHA2561cf82798dffc62a2b157eae656b4560d828b19b0f2f0dca9c7896564a135b19b
SHA5128339433ba5d67933acff487c1665717460e7b5203e4b1dd3495b1b8eb6125468a66a7baf0ad6350ec1d395b00f1994d7098e2b7baa95e163d496c2c9dc95bf19
-
Filesize
72KB
MD581fa51b2bbbc34e1c6c4c3466287181d
SHA1d7a5f432579efcf0174cbd315bdef67aac277aab
SHA2561cf82798dffc62a2b157eae656b4560d828b19b0f2f0dca9c7896564a135b19b
SHA5128339433ba5d67933acff487c1665717460e7b5203e4b1dd3495b1b8eb6125468a66a7baf0ad6350ec1d395b00f1994d7098e2b7baa95e163d496c2c9dc95bf19
-
Filesize
72KB
MD5ff100a7fa9a48b6da183c2e3f8176396
SHA1449643dc64931609b82244f3f00304d2d151d95b
SHA25606b241f04181abb9cb201bba2d2cd9fbe41812a11452795fa07876d2812dbfa2
SHA51263bacbfc2160ccec7df06f0daa79f216f8b35702e10d28c82b3c11679ad85d30e81b07a29f59cee3f8f94de466dabc23d60825e61f0e2da1b6b4500a244766c6
-
Filesize
72KB
MD5ff100a7fa9a48b6da183c2e3f8176396
SHA1449643dc64931609b82244f3f00304d2d151d95b
SHA25606b241f04181abb9cb201bba2d2cd9fbe41812a11452795fa07876d2812dbfa2
SHA51263bacbfc2160ccec7df06f0daa79f216f8b35702e10d28c82b3c11679ad85d30e81b07a29f59cee3f8f94de466dabc23d60825e61f0e2da1b6b4500a244766c6
-
Filesize
72KB
MD537317b47c2b1f52d6c8db0a607964ea7
SHA1f2edbe97326f7d9484bb9d35f42af367d8118240
SHA2564833961803c4e954bac2287aed0b67518bdc5984d9c9994664050653dfe03233
SHA512ea1e3be56aed4b627aefb590b156f10dbd3929349d3f989976b74b5d978d31a9642e4e3c9e6d133fc23279928d0dfe752f1cf25834ec862e138bd1e197314d9a
-
Filesize
72KB
MD537317b47c2b1f52d6c8db0a607964ea7
SHA1f2edbe97326f7d9484bb9d35f42af367d8118240
SHA2564833961803c4e954bac2287aed0b67518bdc5984d9c9994664050653dfe03233
SHA512ea1e3be56aed4b627aefb590b156f10dbd3929349d3f989976b74b5d978d31a9642e4e3c9e6d133fc23279928d0dfe752f1cf25834ec862e138bd1e197314d9a
-
Filesize
72KB
MD54de0562dfbad9979d40e0081a1830bf2
SHA11d51dd0955319e96f817ad310326aa8e3c912c34
SHA256149264d35f76c7f7f0782e100ff3e83e7f30e11a9e650a5cf8d2b7b309f17348
SHA512b783ac5eba47fe264222a9f72c6a391f7b970ba909c9e9a5ab38229790cc21a84f9be1ddad3f59be8e61bec5a1c2e477d0bd25f8188faf6f34c0bd62d7b09f73
-
Filesize
72KB
MD54de0562dfbad9979d40e0081a1830bf2
SHA11d51dd0955319e96f817ad310326aa8e3c912c34
SHA256149264d35f76c7f7f0782e100ff3e83e7f30e11a9e650a5cf8d2b7b309f17348
SHA512b783ac5eba47fe264222a9f72c6a391f7b970ba909c9e9a5ab38229790cc21a84f9be1ddad3f59be8e61bec5a1c2e477d0bd25f8188faf6f34c0bd62d7b09f73
-
Filesize
72KB
MD5844d00e304f0338b18ad2555b987a99f
SHA164159c211e1f21030766d1431310efbbbbb6ad0c
SHA256d5a96a3cd82bed399d4b42de1c6680349ee051f5ec44cde617cebdf602538b9d
SHA5120a1f6ced035c1a4540279b420e57acd15a99f56660c56133d0616c5f3577a9c1254da131ae5438d704c92abe69d990a6e71085db03a0cadb8a43c7d8af6c513e
-
Filesize
72KB
MD5844d00e304f0338b18ad2555b987a99f
SHA164159c211e1f21030766d1431310efbbbbb6ad0c
SHA256d5a96a3cd82bed399d4b42de1c6680349ee051f5ec44cde617cebdf602538b9d
SHA5120a1f6ced035c1a4540279b420e57acd15a99f56660c56133d0616c5f3577a9c1254da131ae5438d704c92abe69d990a6e71085db03a0cadb8a43c7d8af6c513e
-
Filesize
72KB
MD5b63557077d601edfb29369c05c7b5d3f
SHA1c4675dc375636850935efe029788f09cce80d229
SHA256ac110f03c75375d6529bdee64749547da6ea1920cec59922ba95beef450d46db
SHA512a01c4b0405958f382aa6eea0e9ab28c8ae8a1103a571e5f80380221f216e0f371c74ad3ba7abdabec815ca1294f6b7b25950406f0890a804ecf9ead79945b434
-
Filesize
72KB
MD5b63557077d601edfb29369c05c7b5d3f
SHA1c4675dc375636850935efe029788f09cce80d229
SHA256ac110f03c75375d6529bdee64749547da6ea1920cec59922ba95beef450d46db
SHA512a01c4b0405958f382aa6eea0e9ab28c8ae8a1103a571e5f80380221f216e0f371c74ad3ba7abdabec815ca1294f6b7b25950406f0890a804ecf9ead79945b434
-
Filesize
72KB
MD589eb639a10f2bbdd7e401c3a5905a2d3
SHA14d6063b3e93e8725278db7fa2a641c8cdd929a7f
SHA256a16457e02ee67ee6704ccf0f52d288bdbd1d062ac0b4788ad3894c0f87db611c
SHA512f69efd08a3b0d286a11e5ca820910ff3599c743994694156a4bbb71b62cea5695e35758143ac9ac0eb655d428cfb139d76c77ae14cab52713b98087f79163fc6
-
Filesize
72KB
MD589eb639a10f2bbdd7e401c3a5905a2d3
SHA14d6063b3e93e8725278db7fa2a641c8cdd929a7f
SHA256a16457e02ee67ee6704ccf0f52d288bdbd1d062ac0b4788ad3894c0f87db611c
SHA512f69efd08a3b0d286a11e5ca820910ff3599c743994694156a4bbb71b62cea5695e35758143ac9ac0eb655d428cfb139d76c77ae14cab52713b98087f79163fc6
-
Filesize
72KB
MD55c74a0cc603811eae2e40ca0983dce21
SHA1f45b5448c24d15aa6e8ac60a083daf05dc2c8cb4
SHA2567df2256678b6f3e40da1523f972f96f27daa72f3236de4b0a2f8c35621b45bce
SHA51267e16c9be2a4d962bc0e2bfca652852f1c67dca3c3ea21cde8e2b8b61e88c08006fcf4c9a34a25a20ec4de9869e50ba4a846e7d46eaa437bb7c7fe84374a5f3a
-
Filesize
72KB
MD55c74a0cc603811eae2e40ca0983dce21
SHA1f45b5448c24d15aa6e8ac60a083daf05dc2c8cb4
SHA2567df2256678b6f3e40da1523f972f96f27daa72f3236de4b0a2f8c35621b45bce
SHA51267e16c9be2a4d962bc0e2bfca652852f1c67dca3c3ea21cde8e2b8b61e88c08006fcf4c9a34a25a20ec4de9869e50ba4a846e7d46eaa437bb7c7fe84374a5f3a
-
Filesize
72KB
MD5c14fcf0c45f4a71f5b6c8ea811f27acd
SHA12efa359fcb751c7c7505192b02c55fa84903c44c
SHA2564027c54b9d83338e37d258a19eee244f5740bd3fb5f5185c84b3d2da36b01121
SHA5128f5b2c5f798d666d35423a4e2ba9e56355bcf29adedfd5300f2f7cde200d31078bb01bb15de648db560ebdf90ba0e5b9cb6081a70f641f38939c8927fdaa8b51
-
Filesize
72KB
MD5c14fcf0c45f4a71f5b6c8ea811f27acd
SHA12efa359fcb751c7c7505192b02c55fa84903c44c
SHA2564027c54b9d83338e37d258a19eee244f5740bd3fb5f5185c84b3d2da36b01121
SHA5128f5b2c5f798d666d35423a4e2ba9e56355bcf29adedfd5300f2f7cde200d31078bb01bb15de648db560ebdf90ba0e5b9cb6081a70f641f38939c8927fdaa8b51
-
Filesize
72KB
MD592bd19bd8d0f6382740b1ac6ea5d5f0c
SHA19e1996a0886400d43b04f343e8ecdc377663e723
SHA256bd0cd9058a21cc3fa01adfc54cfd5fa10dbf26fe1c8799e39307a40984ea0ca5
SHA51250a161683e155750e2292d44e6e51658b8a66e47ad92b5fa73d3580bf5599932de5798d8bf8c758155785bd43de7eec2d8f907e974b45a9d79103b10c271477b
-
Filesize
72KB
MD592bd19bd8d0f6382740b1ac6ea5d5f0c
SHA19e1996a0886400d43b04f343e8ecdc377663e723
SHA256bd0cd9058a21cc3fa01adfc54cfd5fa10dbf26fe1c8799e39307a40984ea0ca5
SHA51250a161683e155750e2292d44e6e51658b8a66e47ad92b5fa73d3580bf5599932de5798d8bf8c758155785bd43de7eec2d8f907e974b45a9d79103b10c271477b
-
Filesize
72KB
MD599a855111ac0c158e704232c84aaabf2
SHA157eb9e9386fe2ef1abafdb4ef87c8707ff094b9c
SHA256aa3a8dfab1408b64c397922bccc35950dd3a5e37921d7469e5d6a3fd49d49f4c
SHA51249b71723ade67002c110c3281b1ba3528cb1b1d24b3680031c2e79d1aabab53cba889657d42dffa1f7ba02a4375d9e740307f4fa99a60faec85e2baf1c76ce9a
-
Filesize
72KB
MD599a855111ac0c158e704232c84aaabf2
SHA157eb9e9386fe2ef1abafdb4ef87c8707ff094b9c
SHA256aa3a8dfab1408b64c397922bccc35950dd3a5e37921d7469e5d6a3fd49d49f4c
SHA51249b71723ade67002c110c3281b1ba3528cb1b1d24b3680031c2e79d1aabab53cba889657d42dffa1f7ba02a4375d9e740307f4fa99a60faec85e2baf1c76ce9a
-
Filesize
72KB
MD569fdaf32b0173a2367fe8b992e640c66
SHA14fe80c4afe15ae389900d41a09d142b1ba42e8d5
SHA256aa3cb2bcbd14e1c98c86c8f34df7cef00b25bd0e76946a851818879877e74f82
SHA512c36d3d5f7ba209011f6348e7bba0e6ab7f69c46f064a64c0e23048a6bb65fbc4f016a8ff762e9ba457df94870df1b41399b85b44190406e0b7e4a22c9b9dc858
-
Filesize
72KB
MD569fdaf32b0173a2367fe8b992e640c66
SHA14fe80c4afe15ae389900d41a09d142b1ba42e8d5
SHA256aa3cb2bcbd14e1c98c86c8f34df7cef00b25bd0e76946a851818879877e74f82
SHA512c36d3d5f7ba209011f6348e7bba0e6ab7f69c46f064a64c0e23048a6bb65fbc4f016a8ff762e9ba457df94870df1b41399b85b44190406e0b7e4a22c9b9dc858
-
Filesize
72KB
MD59e8b5267741fdd6ea7e1571e19c4e638
SHA1a4c371da9f05fab2323b849f6a340f026e55f1a9
SHA25643b6e73f28effdc00c62027ae6827798d015867f0a6389397be83b0993456f35
SHA512be03af451978ab8152c408e5328e67d92a0002fb54f1bf289dbe76afb4d1601eb0a12acb965197fe883bf33db3fbde344c4c773370e39043112843f12d516ece
-
Filesize
72KB
MD59e8b5267741fdd6ea7e1571e19c4e638
SHA1a4c371da9f05fab2323b849f6a340f026e55f1a9
SHA25643b6e73f28effdc00c62027ae6827798d015867f0a6389397be83b0993456f35
SHA512be03af451978ab8152c408e5328e67d92a0002fb54f1bf289dbe76afb4d1601eb0a12acb965197fe883bf33db3fbde344c4c773370e39043112843f12d516ece
-
Filesize
72KB
MD55241da093e239e988b071360cf7de8e2
SHA11736152acd7a189babc35666f24d8fbddcb9b097
SHA256aeb87a2ba150ba9fbc49f698b97318cc632e6e9bb2e35a8b5c77c133988f7db4
SHA512a9b139d8ba253a2fb4af2a9f78a106d5d8750b0da28e69cfe102218c16da536b1bf7ad2bd91192b2cd3822ea21d26df8dda8dbd5a19be1a6be84ab12c9993c6f
-
Filesize
72KB
MD55241da093e239e988b071360cf7de8e2
SHA11736152acd7a189babc35666f24d8fbddcb9b097
SHA256aeb87a2ba150ba9fbc49f698b97318cc632e6e9bb2e35a8b5c77c133988f7db4
SHA512a9b139d8ba253a2fb4af2a9f78a106d5d8750b0da28e69cfe102218c16da536b1bf7ad2bd91192b2cd3822ea21d26df8dda8dbd5a19be1a6be84ab12c9993c6f
-
Filesize
72KB
MD5f6597abd3f577cbf741b478bd9e9d5bc
SHA1a1b38654cd6a780bac13e28d4e56179c93f0045d
SHA2563f598e4a5f3dced10f6ff00a9a64e3a7a17c45c202d3bd6df7cb18fffdf3de19
SHA5129f44aa524e3ac1d63878b5adf3c54a9a02d9f5b5190aa6c815895201fed61b90b26c51e94baa7d2071b30fe1c0df53514f1881a5a735b59b4209fdb39acb73ce
-
Filesize
72KB
MD5f6597abd3f577cbf741b478bd9e9d5bc
SHA1a1b38654cd6a780bac13e28d4e56179c93f0045d
SHA2563f598e4a5f3dced10f6ff00a9a64e3a7a17c45c202d3bd6df7cb18fffdf3de19
SHA5129f44aa524e3ac1d63878b5adf3c54a9a02d9f5b5190aa6c815895201fed61b90b26c51e94baa7d2071b30fe1c0df53514f1881a5a735b59b4209fdb39acb73ce
-
Filesize
72KB
MD5f6597abd3f577cbf741b478bd9e9d5bc
SHA1a1b38654cd6a780bac13e28d4e56179c93f0045d
SHA2563f598e4a5f3dced10f6ff00a9a64e3a7a17c45c202d3bd6df7cb18fffdf3de19
SHA5129f44aa524e3ac1d63878b5adf3c54a9a02d9f5b5190aa6c815895201fed61b90b26c51e94baa7d2071b30fe1c0df53514f1881a5a735b59b4209fdb39acb73ce
-
Filesize
72KB
MD5f6597abd3f577cbf741b478bd9e9d5bc
SHA1a1b38654cd6a780bac13e28d4e56179c93f0045d
SHA2563f598e4a5f3dced10f6ff00a9a64e3a7a17c45c202d3bd6df7cb18fffdf3de19
SHA5129f44aa524e3ac1d63878b5adf3c54a9a02d9f5b5190aa6c815895201fed61b90b26c51e94baa7d2071b30fe1c0df53514f1881a5a735b59b4209fdb39acb73ce
-
Filesize
72KB
MD52e87aa3a2dc2570c30df64a25094cba2
SHA1d58438972e94fb35e3780f50803ddad29b031282
SHA2566a11aaa5b45466b224c3a32432f1a82a370e25b6560d1e2becc2ea1a94dd8a6c
SHA512cb48c60cdd876efc9d277a6e390bd23af50c46f94bbbc2963801b30cb3f5fa24bba27b339fe276ca5b0332da5ce29e31252dbf483def4e641ea31ee01db9f6d9
-
Filesize
72KB
MD53e12680653774a664656d502d968479a
SHA1f99a96339a203f84525c1b1267a1dea237aadb5b
SHA25600aad2846df4efdef924ec940bedd3707a31069300ad2dca716e53528c89fbcb
SHA512b0422af788e510ba44d2d7219590aec9bf90d5e7102962f79bb6179efeda0b3f8366a1319839b8c1c08741566c88b1927ae01c93c3051eb7f2dee6c4a51d5203
-
Filesize
72KB
MD53e12680653774a664656d502d968479a
SHA1f99a96339a203f84525c1b1267a1dea237aadb5b
SHA25600aad2846df4efdef924ec940bedd3707a31069300ad2dca716e53528c89fbcb
SHA512b0422af788e510ba44d2d7219590aec9bf90d5e7102962f79bb6179efeda0b3f8366a1319839b8c1c08741566c88b1927ae01c93c3051eb7f2dee6c4a51d5203
-
Filesize
72KB
MD53e12680653774a664656d502d968479a
SHA1f99a96339a203f84525c1b1267a1dea237aadb5b
SHA25600aad2846df4efdef924ec940bedd3707a31069300ad2dca716e53528c89fbcb
SHA512b0422af788e510ba44d2d7219590aec9bf90d5e7102962f79bb6179efeda0b3f8366a1319839b8c1c08741566c88b1927ae01c93c3051eb7f2dee6c4a51d5203
-
Filesize
72KB
MD53e12680653774a664656d502d968479a
SHA1f99a96339a203f84525c1b1267a1dea237aadb5b
SHA25600aad2846df4efdef924ec940bedd3707a31069300ad2dca716e53528c89fbcb
SHA512b0422af788e510ba44d2d7219590aec9bf90d5e7102962f79bb6179efeda0b3f8366a1319839b8c1c08741566c88b1927ae01c93c3051eb7f2dee6c4a51d5203
-
Filesize
8KB
-
Filesize
8KB