Analysis
-
max time kernel
156s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
29/11/2022, 13:52
General
-
Target
b2f1cc167bf8018e5db031954b5bf6c47bbdcd7857c316c7c935460c9f3304f3.exe
-
Size
72KB
-
MD5
1225c1213f4e2712a7a18718d75bc900
-
SHA1
9c62cd9d036cf8193a3e3f6cadb3bf14e008c4bb
-
SHA256
b2f1cc167bf8018e5db031954b5bf6c47bbdcd7857c316c7c935460c9f3304f3
-
SHA512
6b6133c00a30a9b33d115499bb27950c1745072cdd153555864f6dd5eb188ef281f551bd43d156643b4a215cfd25e576705eb85413e3630986ffd31bf2f4b73c
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2T:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrv
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b2f1cc167bf8018e5db031954b5bf6c47bbdcd7857c316c7c935460c9f3304f3.exe"C:\Users\Admin\AppData\Local\Temp\b2f1cc167bf8018e5db031954b5bf6c47bbdcd7857c316c7c935460c9f3304f3.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\120738251\backup.exeC:\Users\Admin\AppData\Local\Temp\120738251\backup.exe C:\Users\Admin\AppData\Local\Temp\120738251\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\System Restore.exe"C:\PerfLogs\Admin\System Restore.exe" C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\update.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\System Restore.exe"C:\Program Files\Common Files\System\ado\fr-FR\System Restore.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\ja-JP\update.exe"C:\Program Files\DVD Maker\ja-JP\update.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Internet Explorer\de-DE\System Restore.exe"C:\Program Files\Internet Explorer\de-DE\System Restore.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\update.exe"C:\Program Files\MSBuild\update.exe" C:\Program Files\MSBuild\5⤵
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\8⤵
-
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\update.exe"C:\Program Files (x86)\Common Files\SpeechEngines\update.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\update.exe"C:\Program Files (x86)\Internet Explorer\update.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Internet Explorer\de-DE\data.exe"C:\Program Files (x86)\Internet Explorer\de-DE\data.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\data.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\data.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
-
-
C:\Users\data.exeC:\Users\data.exe C:\Users\4⤵
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
-
C:\Users\Public\Recorded TV\backup.exe"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\6⤵
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
-
-
-
C:\Windows\data.exeC:\Windows\data.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5b2741fdb8d3c11a813cab5146918a107
SHA1d9ad9065d9a99ba9026f141b45ab7a05d84c2bb4
SHA256f5769d35975098137d6721322721997adfbdaed053680dcb78c9901b5c17255a
SHA5121f88487d0803053c8a883f2bd124a94dc9d5e9f91db4aaba590cdb4bd39b61cd9e3cac70ae3fdff4e7a936b3b55fe85ded9a2ff99fe8b3780d091fd172b9fd30
-
Filesize
72KB
MD5a3761d50d3d2dece1bb4abfe282e7093
SHA18ad6cda2a8c65633ad693918101a2536c7f6b700
SHA2561f0f0253c50512dc981802d849817958fd140cf4d5168d3f96a4228b1c2ae8de
SHA5122bb6d488ee45a96342e22beccddc23bb0162fd8ca10167fd99603211da80ebabbd1bd2e303fddef421e956928436d09438c342b3f09c36635e5a5df79c47fd47
-
Filesize
72KB
MD5a3761d50d3d2dece1bb4abfe282e7093
SHA18ad6cda2a8c65633ad693918101a2536c7f6b700
SHA2561f0f0253c50512dc981802d849817958fd140cf4d5168d3f96a4228b1c2ae8de
SHA5122bb6d488ee45a96342e22beccddc23bb0162fd8ca10167fd99603211da80ebabbd1bd2e303fddef421e956928436d09438c342b3f09c36635e5a5df79c47fd47
-
Filesize
72KB
MD5de17ff0f9a666fba6ee0fe59655718bf
SHA13687e0a2fa85097e6095bf8d2bc6bb6824c1c420
SHA256bb2291086978eecd15a2bd046537f1b30c20aa2ac51266dcd7d51e053655a846
SHA512b847301bfdf7f45bd77a27c86a4465fc91dcf1de04318e32647eb398c2e95e7b696d82dab1970d0d26a191ba54e152dcbde896513c0adb45b852f1ccfa54c8fb
-
Filesize
72KB
MD586555b07a8331bfa9827f1b5fb9517cb
SHA15725a524600a74ca361d05c021e643bfc9091919
SHA256379cb77fb34ab620f063d1ff8823644fff38b52b55671bfe412ea3e6b9643ad7
SHA5122b7aeed87170a2c4142a6788d550940d31125d8509fb9251b8461d2ea410e086ac251887f4b09e90c2ea09e806b0e720e091f2632c504990aafd13211663d7cc
-
Filesize
72KB
MD586555b07a8331bfa9827f1b5fb9517cb
SHA15725a524600a74ca361d05c021e643bfc9091919
SHA256379cb77fb34ab620f063d1ff8823644fff38b52b55671bfe412ea3e6b9643ad7
SHA5122b7aeed87170a2c4142a6788d550940d31125d8509fb9251b8461d2ea410e086ac251887f4b09e90c2ea09e806b0e720e091f2632c504990aafd13211663d7cc
-
Filesize
72KB
MD51c238df5b689844765e15a973b82b0b2
SHA193c9028faca9ba67fde5d2161cb71381bf4126dd
SHA256f183ef6fa64c6dd1338aac7b3cd1e5631c4163c873e46e9d0b4afb7e9a94da94
SHA5124c5e51350e1e14710d290e4b4419d4d2b2c510e92990356f9caa926356207cdefa2c7e3573e6d116036686c8398a4c75dd4a671bbf947ccb8b66c56768a3b8b9
-
Filesize
72KB
MD56d32ffc64e5aecfc1af81e15614ca3e1
SHA1ac0854cf5cddd0adba0f4ecdabed65011748ab59
SHA256ad9d9ec6f5291c1ba46d0ff435e89bf4a61e5ba344c678594a23a93da0131526
SHA5120103af0e02e48ebe6d1bbf4279185c1abb143ff44b16b478e83f9bfa1e7be830f08fe698abd44cb7a4e3009b012e465431b0a7dac0e2b013ac419c674d1977d8
-
Filesize
72KB
MD56d32ffc64e5aecfc1af81e15614ca3e1
SHA1ac0854cf5cddd0adba0f4ecdabed65011748ab59
SHA256ad9d9ec6f5291c1ba46d0ff435e89bf4a61e5ba344c678594a23a93da0131526
SHA5120103af0e02e48ebe6d1bbf4279185c1abb143ff44b16b478e83f9bfa1e7be830f08fe698abd44cb7a4e3009b012e465431b0a7dac0e2b013ac419c674d1977d8
-
Filesize
72KB
MD5bc1ebebc12f18d564ee493b3b76a00cc
SHA1363c62c0365fd72d91b3dbe73c47a39f8e4b6547
SHA2568961ddf8c0f50007228937423138eaac2400523ee18385eb39af3a3c9d73aa65
SHA512265866b5e752d3f3af220a08273c510ac51d34bae6b0b42a65868ad6ab8ab63499770ebdbea78e44aa22a03dbc64a8502a7d46abe13ea6fd02c8dbfc8c94fffc
-
Filesize
72KB
MD5bc1ebebc12f18d564ee493b3b76a00cc
SHA1363c62c0365fd72d91b3dbe73c47a39f8e4b6547
SHA2568961ddf8c0f50007228937423138eaac2400523ee18385eb39af3a3c9d73aa65
SHA512265866b5e752d3f3af220a08273c510ac51d34bae6b0b42a65868ad6ab8ab63499770ebdbea78e44aa22a03dbc64a8502a7d46abe13ea6fd02c8dbfc8c94fffc
-
Filesize
72KB
MD51c238df5b689844765e15a973b82b0b2
SHA193c9028faca9ba67fde5d2161cb71381bf4126dd
SHA256f183ef6fa64c6dd1338aac7b3cd1e5631c4163c873e46e9d0b4afb7e9a94da94
SHA5124c5e51350e1e14710d290e4b4419d4d2b2c510e92990356f9caa926356207cdefa2c7e3573e6d116036686c8398a4c75dd4a671bbf947ccb8b66c56768a3b8b9
-
Filesize
72KB
MD51c238df5b689844765e15a973b82b0b2
SHA193c9028faca9ba67fde5d2161cb71381bf4126dd
SHA256f183ef6fa64c6dd1338aac7b3cd1e5631c4163c873e46e9d0b4afb7e9a94da94
SHA5124c5e51350e1e14710d290e4b4419d4d2b2c510e92990356f9caa926356207cdefa2c7e3573e6d116036686c8398a4c75dd4a671bbf947ccb8b66c56768a3b8b9
-
Filesize
72KB
MD50f730a2638f70f77191b27f80398c30d
SHA10eb9d1bc0a9fb94da0211e1643832d4d0121a07e
SHA256bfd175554f79b346c0756bddf8e16dedcef0aca50922a2b081860e6b322544e6
SHA512d6462ec1072dd84ff5926deb5930533ad72fc827d09da802b5f47ce9064f1d17742b4867bc5b19ab65102a4d2b77fd737e22b17df58e2f39aae4ce790fcf18fd
-
Filesize
72KB
MD50f730a2638f70f77191b27f80398c30d
SHA10eb9d1bc0a9fb94da0211e1643832d4d0121a07e
SHA256bfd175554f79b346c0756bddf8e16dedcef0aca50922a2b081860e6b322544e6
SHA512d6462ec1072dd84ff5926deb5930533ad72fc827d09da802b5f47ce9064f1d17742b4867bc5b19ab65102a4d2b77fd737e22b17df58e2f39aae4ce790fcf18fd
-
Filesize
72KB
MD51b8a0419da5f0bc57197d816c59611ca
SHA18ef3f219392f97930c79017021b579fd1cea1269
SHA25613efd19209b6d2dc3741aa524e65683315dc1c10cdcc045cd04955abc3d06e0d
SHA512a5969f2a52658d6cbf0dbcf086ad51cf21dcdb0b933a664592da9681d42690abe916cbea7764382564a112420483ede17be4482f6396e910bb73aecd41179bad
-
Filesize
72KB
MD51b8a0419da5f0bc57197d816c59611ca
SHA18ef3f219392f97930c79017021b579fd1cea1269
SHA25613efd19209b6d2dc3741aa524e65683315dc1c10cdcc045cd04955abc3d06e0d
SHA512a5969f2a52658d6cbf0dbcf086ad51cf21dcdb0b933a664592da9681d42690abe916cbea7764382564a112420483ede17be4482f6396e910bb73aecd41179bad
-
Filesize
72KB
MD5415c395daa2653272fc6c6050d3ee134
SHA1999af115771e7a21111fa8e5c75d4facb647bc91
SHA2568f79553a17b4d3791e33e7956419f4b7d035208ed7af4e6b03cf5a68a3dbe13f
SHA512d7cab247b9224e02628067e85823487d29f8d1ea484dbb8223df28f0ca431cf9dc02234b0e0b8ca56c113f07ec0e100813e55c31575dede6fb15157432e6cf46
-
Filesize
72KB
MD5415c395daa2653272fc6c6050d3ee134
SHA1999af115771e7a21111fa8e5c75d4facb647bc91
SHA2568f79553a17b4d3791e33e7956419f4b7d035208ed7af4e6b03cf5a68a3dbe13f
SHA512d7cab247b9224e02628067e85823487d29f8d1ea484dbb8223df28f0ca431cf9dc02234b0e0b8ca56c113f07ec0e100813e55c31575dede6fb15157432e6cf46
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
72KB
MD5d8cf242d931002e59a8f98626bbda6c1
SHA1ee2d7e42e8ab733d630fb2303dff4c3f4fea83ce
SHA2566e0b4cca9f7dc8364cfc819391ca7cf78c9bf789c257226eb5f23cf32cc3fb23
SHA512a26c75d8b6e20d1c7cab004808ad853295bf91848632514c9b5e8de1e8403202fdfdcca0777e81c38b90a3f6ef6e6f4635740153a94b2d3a1e3507ef20700f0b
-
Filesize
72KB
MD5415c395daa2653272fc6c6050d3ee134
SHA1999af115771e7a21111fa8e5c75d4facb647bc91
SHA2568f79553a17b4d3791e33e7956419f4b7d035208ed7af4e6b03cf5a68a3dbe13f
SHA512d7cab247b9224e02628067e85823487d29f8d1ea484dbb8223df28f0ca431cf9dc02234b0e0b8ca56c113f07ec0e100813e55c31575dede6fb15157432e6cf46
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
72KB
MD55a60e6ceaa8d041f30cd7393dd83ca52
SHA18806aa8f3523094c317d87653e14cbc62263dfcc
SHA2563536ebd715413f2514e1037f66500f9339295d0d2fb9cc848e146b9f7bd897b7
SHA512360fd456adbb6d98e97605d8765cdf1388567dd0be91d775976506422c428931c3287e3bbb82b488620b64023e22639a61bcb3d8eddde464d390ad4c347b19e0
-
Filesize
72KB
MD55a60e6ceaa8d041f30cd7393dd83ca52
SHA18806aa8f3523094c317d87653e14cbc62263dfcc
SHA2563536ebd715413f2514e1037f66500f9339295d0d2fb9cc848e146b9f7bd897b7
SHA512360fd456adbb6d98e97605d8765cdf1388567dd0be91d775976506422c428931c3287e3bbb82b488620b64023e22639a61bcb3d8eddde464d390ad4c347b19e0
-
Filesize
72KB
MD5b2741fdb8d3c11a813cab5146918a107
SHA1d9ad9065d9a99ba9026f141b45ab7a05d84c2bb4
SHA256f5769d35975098137d6721322721997adfbdaed053680dcb78c9901b5c17255a
SHA5121f88487d0803053c8a883f2bd124a94dc9d5e9f91db4aaba590cdb4bd39b61cd9e3cac70ae3fdff4e7a936b3b55fe85ded9a2ff99fe8b3780d091fd172b9fd30
-
Filesize
72KB
MD5b2741fdb8d3c11a813cab5146918a107
SHA1d9ad9065d9a99ba9026f141b45ab7a05d84c2bb4
SHA256f5769d35975098137d6721322721997adfbdaed053680dcb78c9901b5c17255a
SHA5121f88487d0803053c8a883f2bd124a94dc9d5e9f91db4aaba590cdb4bd39b61cd9e3cac70ae3fdff4e7a936b3b55fe85ded9a2ff99fe8b3780d091fd172b9fd30
-
Filesize
72KB
MD5a3761d50d3d2dece1bb4abfe282e7093
SHA18ad6cda2a8c65633ad693918101a2536c7f6b700
SHA2561f0f0253c50512dc981802d849817958fd140cf4d5168d3f96a4228b1c2ae8de
SHA5122bb6d488ee45a96342e22beccddc23bb0162fd8ca10167fd99603211da80ebabbd1bd2e303fddef421e956928436d09438c342b3f09c36635e5a5df79c47fd47
-
Filesize
72KB
MD5a3761d50d3d2dece1bb4abfe282e7093
SHA18ad6cda2a8c65633ad693918101a2536c7f6b700
SHA2561f0f0253c50512dc981802d849817958fd140cf4d5168d3f96a4228b1c2ae8de
SHA5122bb6d488ee45a96342e22beccddc23bb0162fd8ca10167fd99603211da80ebabbd1bd2e303fddef421e956928436d09438c342b3f09c36635e5a5df79c47fd47
-
Filesize
72KB
MD5de17ff0f9a666fba6ee0fe59655718bf
SHA13687e0a2fa85097e6095bf8d2bc6bb6824c1c420
SHA256bb2291086978eecd15a2bd046537f1b30c20aa2ac51266dcd7d51e053655a846
SHA512b847301bfdf7f45bd77a27c86a4465fc91dcf1de04318e32647eb398c2e95e7b696d82dab1970d0d26a191ba54e152dcbde896513c0adb45b852f1ccfa54c8fb
-
Filesize
72KB
MD5de17ff0f9a666fba6ee0fe59655718bf
SHA13687e0a2fa85097e6095bf8d2bc6bb6824c1c420
SHA256bb2291086978eecd15a2bd046537f1b30c20aa2ac51266dcd7d51e053655a846
SHA512b847301bfdf7f45bd77a27c86a4465fc91dcf1de04318e32647eb398c2e95e7b696d82dab1970d0d26a191ba54e152dcbde896513c0adb45b852f1ccfa54c8fb
-
Filesize
72KB
MD586555b07a8331bfa9827f1b5fb9517cb
SHA15725a524600a74ca361d05c021e643bfc9091919
SHA256379cb77fb34ab620f063d1ff8823644fff38b52b55671bfe412ea3e6b9643ad7
SHA5122b7aeed87170a2c4142a6788d550940d31125d8509fb9251b8461d2ea410e086ac251887f4b09e90c2ea09e806b0e720e091f2632c504990aafd13211663d7cc
-
Filesize
72KB
MD586555b07a8331bfa9827f1b5fb9517cb
SHA15725a524600a74ca361d05c021e643bfc9091919
SHA256379cb77fb34ab620f063d1ff8823644fff38b52b55671bfe412ea3e6b9643ad7
SHA5122b7aeed87170a2c4142a6788d550940d31125d8509fb9251b8461d2ea410e086ac251887f4b09e90c2ea09e806b0e720e091f2632c504990aafd13211663d7cc
-
Filesize
72KB
MD51c238df5b689844765e15a973b82b0b2
SHA193c9028faca9ba67fde5d2161cb71381bf4126dd
SHA256f183ef6fa64c6dd1338aac7b3cd1e5631c4163c873e46e9d0b4afb7e9a94da94
SHA5124c5e51350e1e14710d290e4b4419d4d2b2c510e92990356f9caa926356207cdefa2c7e3573e6d116036686c8398a4c75dd4a671bbf947ccb8b66c56768a3b8b9
-
Filesize
72KB
MD51c238df5b689844765e15a973b82b0b2
SHA193c9028faca9ba67fde5d2161cb71381bf4126dd
SHA256f183ef6fa64c6dd1338aac7b3cd1e5631c4163c873e46e9d0b4afb7e9a94da94
SHA5124c5e51350e1e14710d290e4b4419d4d2b2c510e92990356f9caa926356207cdefa2c7e3573e6d116036686c8398a4c75dd4a671bbf947ccb8b66c56768a3b8b9
-
Filesize
72KB
MD56d32ffc64e5aecfc1af81e15614ca3e1
SHA1ac0854cf5cddd0adba0f4ecdabed65011748ab59
SHA256ad9d9ec6f5291c1ba46d0ff435e89bf4a61e5ba344c678594a23a93da0131526
SHA5120103af0e02e48ebe6d1bbf4279185c1abb143ff44b16b478e83f9bfa1e7be830f08fe698abd44cb7a4e3009b012e465431b0a7dac0e2b013ac419c674d1977d8
-
Filesize
72KB
MD56d32ffc64e5aecfc1af81e15614ca3e1
SHA1ac0854cf5cddd0adba0f4ecdabed65011748ab59
SHA256ad9d9ec6f5291c1ba46d0ff435e89bf4a61e5ba344c678594a23a93da0131526
SHA5120103af0e02e48ebe6d1bbf4279185c1abb143ff44b16b478e83f9bfa1e7be830f08fe698abd44cb7a4e3009b012e465431b0a7dac0e2b013ac419c674d1977d8
-
Filesize
72KB
MD5bc1ebebc12f18d564ee493b3b76a00cc
SHA1363c62c0365fd72d91b3dbe73c47a39f8e4b6547
SHA2568961ddf8c0f50007228937423138eaac2400523ee18385eb39af3a3c9d73aa65
SHA512265866b5e752d3f3af220a08273c510ac51d34bae6b0b42a65868ad6ab8ab63499770ebdbea78e44aa22a03dbc64a8502a7d46abe13ea6fd02c8dbfc8c94fffc
-
Filesize
72KB
MD5bc1ebebc12f18d564ee493b3b76a00cc
SHA1363c62c0365fd72d91b3dbe73c47a39f8e4b6547
SHA2568961ddf8c0f50007228937423138eaac2400523ee18385eb39af3a3c9d73aa65
SHA512265866b5e752d3f3af220a08273c510ac51d34bae6b0b42a65868ad6ab8ab63499770ebdbea78e44aa22a03dbc64a8502a7d46abe13ea6fd02c8dbfc8c94fffc
-
Filesize
72KB
MD5bc1ebebc12f18d564ee493b3b76a00cc
SHA1363c62c0365fd72d91b3dbe73c47a39f8e4b6547
SHA2568961ddf8c0f50007228937423138eaac2400523ee18385eb39af3a3c9d73aa65
SHA512265866b5e752d3f3af220a08273c510ac51d34bae6b0b42a65868ad6ab8ab63499770ebdbea78e44aa22a03dbc64a8502a7d46abe13ea6fd02c8dbfc8c94fffc
-
Filesize
72KB
MD5bc1ebebc12f18d564ee493b3b76a00cc
SHA1363c62c0365fd72d91b3dbe73c47a39f8e4b6547
SHA2568961ddf8c0f50007228937423138eaac2400523ee18385eb39af3a3c9d73aa65
SHA512265866b5e752d3f3af220a08273c510ac51d34bae6b0b42a65868ad6ab8ab63499770ebdbea78e44aa22a03dbc64a8502a7d46abe13ea6fd02c8dbfc8c94fffc
-
Filesize
72KB
MD51c238df5b689844765e15a973b82b0b2
SHA193c9028faca9ba67fde5d2161cb71381bf4126dd
SHA256f183ef6fa64c6dd1338aac7b3cd1e5631c4163c873e46e9d0b4afb7e9a94da94
SHA5124c5e51350e1e14710d290e4b4419d4d2b2c510e92990356f9caa926356207cdefa2c7e3573e6d116036686c8398a4c75dd4a671bbf947ccb8b66c56768a3b8b9
-
Filesize
72KB
MD51c238df5b689844765e15a973b82b0b2
SHA193c9028faca9ba67fde5d2161cb71381bf4126dd
SHA256f183ef6fa64c6dd1338aac7b3cd1e5631c4163c873e46e9d0b4afb7e9a94da94
SHA5124c5e51350e1e14710d290e4b4419d4d2b2c510e92990356f9caa926356207cdefa2c7e3573e6d116036686c8398a4c75dd4a671bbf947ccb8b66c56768a3b8b9
-
Filesize
72KB
MD5d1c1cb68021c325b18c629f45155825a
SHA14d5abff5155f28d5339be3e059e75cd58a5179a4
SHA256cad4ced4c4f2c00f6c1cd33f1602cad062df13b6ca147cda6c9c7fa3cc2e7b57
SHA512819587c536ea1898a752448afb77eccce79162c58181b2718bbfacdbc9c5abc968663dd7d814b39723be695581e0c2aa6fccf3ac1afe5a6db20a0b8d8ad209b9
-
Filesize
72KB
MD50f730a2638f70f77191b27f80398c30d
SHA10eb9d1bc0a9fb94da0211e1643832d4d0121a07e
SHA256bfd175554f79b346c0756bddf8e16dedcef0aca50922a2b081860e6b322544e6
SHA512d6462ec1072dd84ff5926deb5930533ad72fc827d09da802b5f47ce9064f1d17742b4867bc5b19ab65102a4d2b77fd737e22b17df58e2f39aae4ce790fcf18fd
-
Filesize
72KB
MD50f730a2638f70f77191b27f80398c30d
SHA10eb9d1bc0a9fb94da0211e1643832d4d0121a07e
SHA256bfd175554f79b346c0756bddf8e16dedcef0aca50922a2b081860e6b322544e6
SHA512d6462ec1072dd84ff5926deb5930533ad72fc827d09da802b5f47ce9064f1d17742b4867bc5b19ab65102a4d2b77fd737e22b17df58e2f39aae4ce790fcf18fd
-
Filesize
72KB
MD51b8a0419da5f0bc57197d816c59611ca
SHA18ef3f219392f97930c79017021b579fd1cea1269
SHA25613efd19209b6d2dc3741aa524e65683315dc1c10cdcc045cd04955abc3d06e0d
SHA512a5969f2a52658d6cbf0dbcf086ad51cf21dcdb0b933a664592da9681d42690abe916cbea7764382564a112420483ede17be4482f6396e910bb73aecd41179bad
-
Filesize
72KB
MD51b8a0419da5f0bc57197d816c59611ca
SHA18ef3f219392f97930c79017021b579fd1cea1269
SHA25613efd19209b6d2dc3741aa524e65683315dc1c10cdcc045cd04955abc3d06e0d
SHA512a5969f2a52658d6cbf0dbcf086ad51cf21dcdb0b933a664592da9681d42690abe916cbea7764382564a112420483ede17be4482f6396e910bb73aecd41179bad
-
Filesize
72KB
MD5415c395daa2653272fc6c6050d3ee134
SHA1999af115771e7a21111fa8e5c75d4facb647bc91
SHA2568f79553a17b4d3791e33e7956419f4b7d035208ed7af4e6b03cf5a68a3dbe13f
SHA512d7cab247b9224e02628067e85823487d29f8d1ea484dbb8223df28f0ca431cf9dc02234b0e0b8ca56c113f07ec0e100813e55c31575dede6fb15157432e6cf46
-
Filesize
72KB
MD5415c395daa2653272fc6c6050d3ee134
SHA1999af115771e7a21111fa8e5c75d4facb647bc91
SHA2568f79553a17b4d3791e33e7956419f4b7d035208ed7af4e6b03cf5a68a3dbe13f
SHA512d7cab247b9224e02628067e85823487d29f8d1ea484dbb8223df28f0ca431cf9dc02234b0e0b8ca56c113f07ec0e100813e55c31575dede6fb15157432e6cf46
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
72KB
MD5d8cf242d931002e59a8f98626bbda6c1
SHA1ee2d7e42e8ab733d630fb2303dff4c3f4fea83ce
SHA2566e0b4cca9f7dc8364cfc819391ca7cf78c9bf789c257226eb5f23cf32cc3fb23
SHA512a26c75d8b6e20d1c7cab004808ad853295bf91848632514c9b5e8de1e8403202fdfdcca0777e81c38b90a3f6ef6e6f4635740153a94b2d3a1e3507ef20700f0b
-
Filesize
72KB
MD5d8cf242d931002e59a8f98626bbda6c1
SHA1ee2d7e42e8ab733d630fb2303dff4c3f4fea83ce
SHA2566e0b4cca9f7dc8364cfc819391ca7cf78c9bf789c257226eb5f23cf32cc3fb23
SHA512a26c75d8b6e20d1c7cab004808ad853295bf91848632514c9b5e8de1e8403202fdfdcca0777e81c38b90a3f6ef6e6f4635740153a94b2d3a1e3507ef20700f0b
-
Filesize
72KB
MD5415c395daa2653272fc6c6050d3ee134
SHA1999af115771e7a21111fa8e5c75d4facb647bc91
SHA2568f79553a17b4d3791e33e7956419f4b7d035208ed7af4e6b03cf5a68a3dbe13f
SHA512d7cab247b9224e02628067e85823487d29f8d1ea484dbb8223df28f0ca431cf9dc02234b0e0b8ca56c113f07ec0e100813e55c31575dede6fb15157432e6cf46
-
Filesize
72KB
MD5415c395daa2653272fc6c6050d3ee134
SHA1999af115771e7a21111fa8e5c75d4facb647bc91
SHA2568f79553a17b4d3791e33e7956419f4b7d035208ed7af4e6b03cf5a68a3dbe13f
SHA512d7cab247b9224e02628067e85823487d29f8d1ea484dbb8223df28f0ca431cf9dc02234b0e0b8ca56c113f07ec0e100813e55c31575dede6fb15157432e6cf46
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
72KB
MD5be38ff76b2c9c34b601aad5b30a9e99d
SHA1c8711c64a416747e094ff893be37de5eefa12cca
SHA2563c093d1c53d9806c6544c7bab1e6d7bd9d9d3576642f36dc3b444e7e291bd767
SHA51227bb0d7fc24a37d6cfec0f7b3a57d0220fa65f6b0c05f3b76bd78687fecb2b59eab28b1d84dbaab1a9c8e3a1a16a9a6ca961b2ab31b43d7498cd014581c35ae7
-
Filesize
8KB