Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
184s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
29/11/2022, 13:36
General
-
Target
f6b6806a39dd6bc8a5c09869fcddb258c3588ee0a126fc7feaef164bf5e375fe.exe
-
Size
72KB
-
MD5
09af1f83b4fd8208c1432bdce05d939b
-
SHA1
4a159d62986de3d5ed2ca60fc23995eb316a7f7f
-
SHA256
f6b6806a39dd6bc8a5c09869fcddb258c3588ee0a126fc7feaef164bf5e375fe
-
SHA512
dbfdc1864146071b07df8ff4b8bfcbb7cfb01c7dabc1ddd37ff47f55f0dc2f77888c25a2d89b05067d31edefd3d13c7586d79627952ba08653d296d4bf31b2af
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2L:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrP/
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 13 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f6b6806a39dd6bc8a5c09869fcddb258c3588ee0a126fc7feaef164bf5e375fe.exe"C:\Users\Admin\AppData\Local\Temp\f6b6806a39dd6bc8a5c09869fcddb258c3588ee0a126fc7feaef164bf5e375fe.exe"1⤵
- Disables RegEdit via registry modification
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4182241416\backup.exeC:\Users\Admin\AppData\Local\Temp\4182241416\backup.exe C:\Users\Admin\AppData\Local\Temp\4182241416\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\update.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\update.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\update.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\update.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\update.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\update.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-PT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-BR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ro-RO\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ru-RU\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pl-PL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sl-SI\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sk-SK\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\data.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\data.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\9⤵
-
-
-
-
-
C:\Program Files\Common Files\Services\System Restore.exe"C:\Program Files\Common Files\Services\System Restore.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\System\de-DE\update.exe"C:\Program Files\Common Files\System\de-DE\update.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\en-US\System Restore.exe"C:\Program Files\Common Files\System\en-US\System Restore.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\data.exe"C:\Program Files\Common Files\System\es-ES\data.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\System Restore.exe"C:\Program Files\Common Files\System\msadc\fr-FR\System Restore.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\update.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\update.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\update.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\update.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
- System policy modification
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\fr-FR\data.exe"C:\Program Files\Internet Explorer\fr-FR\data.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\update.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\update.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\data.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\data.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\9⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\8⤵
-
-
-
-
C:\Program Files\Java\jre1.8.0_66\backup.exe"C:\Program Files\Java\jre1.8.0_66\backup.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\plugin2\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\server\8⤵
-
-
-
C:\Program Files\Java\jre1.8.0_66\lib\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\7⤵
-
C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\amd64\8⤵
-
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
-
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
-
-
C:\Program Files\Microsoft Office\root\System Restore.exe"C:\Program Files\Microsoft Office\root\System Restore.exe" C:\Program Files\Microsoft Office\root\6⤵
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\8⤵
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\8⤵
-
-
-
-
-
-
C:\Program Files (x86)\data.exe"C:\Program Files (x86)\data.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\update.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\update.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\10⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\update.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\update.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\10⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\11⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\11⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\12⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\13⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\data.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\data.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\14⤵
-
-
-
-
-
-
-
-
-
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\data.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\data.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\8⤵
-
-
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
- Drops file in Program Files directory
- System policy modification
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
-
C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\8⤵
-
-
-
C:\Program Files (x86)\Google\Update\Offline\System Restore.exe"C:\Program Files (x86)\Google\Update\Offline\System Restore.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files (x86)\Internet Explorer\System Restore.exe"C:\Program Files (x86)\Internet Explorer\System Restore.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\images\backup.exe"C:\Program Files (x86)\Internet Explorer\images\backup.exe" C:\Program Files (x86)\Internet Explorer\images\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
-
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
-
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
- System policy modification
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Windows\update.exeC:\Windows\update.exe C:\Windows\4⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- System policy modification
-
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Windows\apppatch\update.exeC:\Windows\apppatch\update.exe C:\Windows\apppatch\5⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
-
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
- Drops file in Windows directory
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
-
-
-
C:\Windows\apppatch\CustomSDB\update.exeC:\Windows\apppatch\CustomSDB\update.exe C:\Windows\apppatch\CustomSDB\6⤵
-
-
C:\Windows\apppatch\en-US\backup.exeC:\Windows\apppatch\en-US\backup.exe C:\Windows\apppatch\en-US\6⤵
-
-
C:\Windows\apppatch\de-DE\backup.exeC:\Windows\apppatch\de-DE\backup.exe C:\Windows\apppatch\de-DE\6⤵
-
-
C:\Windows\apppatch\es-ES\backup.exeC:\Windows\apppatch\es-ES\backup.exe C:\Windows\apppatch\es-ES\6⤵
-
-
C:\Windows\apppatch\fr-FR\backup.exeC:\Windows\apppatch\fr-FR\backup.exe C:\Windows\apppatch\fr-FR\6⤵
-
-
C:\Windows\apppatch\it-IT\update.exeC:\Windows\apppatch\it-IT\update.exe C:\Windows\apppatch\it-IT\6⤵
-
-
-
C:\Windows\AppReadiness\System Restore.exe"C:\Windows\AppReadiness\System Restore.exe" C:\Windows\AppReadiness\5⤵
- System policy modification
-
-
C:\Windows\assembly\System Restore.exe"C:\Windows\assembly\System Restore.exe" C:\Windows\assembly\5⤵
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Extensibility\backup.exeC:\Windows\assembly\GAC\Extensibility\backup.exe C:\Windows\assembly\GAC\Extensibility\7⤵
-
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7⤵
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\update.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\update.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\1⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\2⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\1⤵
- System policy modification
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD52f58e9d11c409580ec94f47b1b1024c5
SHA192397d3450d2217f8a01587eab62546536749553
SHA2569af66e00f51e15d6b727a34e59795ea9da4f88292d0caa02a0c8962c9e281788
SHA5129302458a972ef1836f22c8e7203d7c8c37cce1a84a542674b3947ada6aea8de5faa7c4e3f7fa08e05394a8ee18b6aa2edc829fa1e9c05c5c6318256b682cd44c
-
Filesize
72KB
MD52f58e9d11c409580ec94f47b1b1024c5
SHA192397d3450d2217f8a01587eab62546536749553
SHA2569af66e00f51e15d6b727a34e59795ea9da4f88292d0caa02a0c8962c9e281788
SHA5129302458a972ef1836f22c8e7203d7c8c37cce1a84a542674b3947ada6aea8de5faa7c4e3f7fa08e05394a8ee18b6aa2edc829fa1e9c05c5c6318256b682cd44c
-
Filesize
72KB
MD547ca97b11ef36be5e3aa2d7490adf8d2
SHA1b5665f0e48ef37a268dd6d35366d323a9f1be419
SHA2563121a3065e060950f4ad926a4386edc19a22bef7ea460e4502935ee07ad09867
SHA5123b5200068c0a1b7d5b4eff45e456984700d8c08e541e5f6f95c8411bd30fc5eec11c82a5d179f700e64e4084ff9c955d52229b42a9aa7077565ac6c3881474a2
-
Filesize
72KB
MD547ca97b11ef36be5e3aa2d7490adf8d2
SHA1b5665f0e48ef37a268dd6d35366d323a9f1be419
SHA2563121a3065e060950f4ad926a4386edc19a22bef7ea460e4502935ee07ad09867
SHA5123b5200068c0a1b7d5b4eff45e456984700d8c08e541e5f6f95c8411bd30fc5eec11c82a5d179f700e64e4084ff9c955d52229b42a9aa7077565ac6c3881474a2
-
Filesize
72KB
MD5bdde1630567c591ad5973b2255be7da9
SHA120c55a7ba49661b5d66a82024aed124821e059f4
SHA256851b0c4bc53378dd5fee9d304875961ebc823a8e4ba36b134035d6c267da80d0
SHA5120729438fdf0143a7eb86ad4b396b84ea5af5dad23de4fa8082afd8a16f3278a144f70d424a2ccabc332cff51c52e7666a63cac92751436db52a8af3950ded00d
-
Filesize
72KB
MD5bdde1630567c591ad5973b2255be7da9
SHA120c55a7ba49661b5d66a82024aed124821e059f4
SHA256851b0c4bc53378dd5fee9d304875961ebc823a8e4ba36b134035d6c267da80d0
SHA5120729438fdf0143a7eb86ad4b396b84ea5af5dad23de4fa8082afd8a16f3278a144f70d424a2ccabc332cff51c52e7666a63cac92751436db52a8af3950ded00d
-
Filesize
72KB
MD569935129b14c741b45ac3ec8e3b4d094
SHA1af9febf486b73c08f642801d41be65e61600fc37
SHA256dba5279576e96fafde3d5cc2d408bab1d4d6de3362fa6811313ec1158e6ea7ca
SHA512ffd8bb791d9c5b5ab8474dd2f3940dbdcb16c7273776be5544f74f5725773a92912e0dddd175bf515db33167f9a24e070588265ed59b828d9d558834cf3d5d1f
-
Filesize
72KB
MD569935129b14c741b45ac3ec8e3b4d094
SHA1af9febf486b73c08f642801d41be65e61600fc37
SHA256dba5279576e96fafde3d5cc2d408bab1d4d6de3362fa6811313ec1158e6ea7ca
SHA512ffd8bb791d9c5b5ab8474dd2f3940dbdcb16c7273776be5544f74f5725773a92912e0dddd175bf515db33167f9a24e070588265ed59b828d9d558834cf3d5d1f
-
Filesize
72KB
MD55e4408ed6866e1e18e6c8a18b024ae02
SHA1a66152c97afc5ee6b15a3096198ed70f45684924
SHA256d27380ba3e5010f6a69c55aa28b731e87a9e381f9b3bdfd2756aa68287198797
SHA512bfce3b3192dc090daf786e472d83edf17bcd86313def9a2e239bf8886c2b4fd51a6e311c2f0e2ce16cf0a5f134f8e673bafd971610c225b166f05554c59bd91c
-
Filesize
72KB
MD55e4408ed6866e1e18e6c8a18b024ae02
SHA1a66152c97afc5ee6b15a3096198ed70f45684924
SHA256d27380ba3e5010f6a69c55aa28b731e87a9e381f9b3bdfd2756aa68287198797
SHA512bfce3b3192dc090daf786e472d83edf17bcd86313def9a2e239bf8886c2b4fd51a6e311c2f0e2ce16cf0a5f134f8e673bafd971610c225b166f05554c59bd91c
-
Filesize
72KB
MD55645dd068dee125653f5dc815d766d7d
SHA141c50ca9e7dec72aba1fd8b4e1b7a4bb2cf333e9
SHA256b7b01ab32c73ba8985496c13b88a49ccd6cc6c347817ba52a8d4ec18db2b95f2
SHA51245e9c96634df94ccf8287068aa9dcfdb79c27b12c9c68204437270d9698954853cc4a85e4a7a5e6b329ea90287b81f0036ff61bc8512273569257462be5e835e
-
Filesize
72KB
MD55645dd068dee125653f5dc815d766d7d
SHA141c50ca9e7dec72aba1fd8b4e1b7a4bb2cf333e9
SHA256b7b01ab32c73ba8985496c13b88a49ccd6cc6c347817ba52a8d4ec18db2b95f2
SHA51245e9c96634df94ccf8287068aa9dcfdb79c27b12c9c68204437270d9698954853cc4a85e4a7a5e6b329ea90287b81f0036ff61bc8512273569257462be5e835e
-
Filesize
72KB
MD5d7b00e3adcc56ea2951aebb1eb183e69
SHA1969276fa12868b510ae0cdc58120158c48d9fb37
SHA25629c52b7f322c83fea98eb8845ef2e25806b538dcc3a49a2ffa31cfb52443de83
SHA512528a4b358d4bd6a3a90669086dc8132bae79afe257e9c299b934af7a60c7fbc04ced20772c3e57355a419b51ff3ba0a7cc484d9963f3a369de1d46050808a936
-
Filesize
72KB
MD5d7b00e3adcc56ea2951aebb1eb183e69
SHA1969276fa12868b510ae0cdc58120158c48d9fb37
SHA25629c52b7f322c83fea98eb8845ef2e25806b538dcc3a49a2ffa31cfb52443de83
SHA512528a4b358d4bd6a3a90669086dc8132bae79afe257e9c299b934af7a60c7fbc04ced20772c3e57355a419b51ff3ba0a7cc484d9963f3a369de1d46050808a936
-
Filesize
72KB
MD5f137575a39ae358fc66d93ecfaff805c
SHA15460af6437f163be584037f9a52de905e9ce4f45
SHA256db0bc894a3916d736b92e520a4d9b3b8559faac2c424d0c71879e66fc9ade545
SHA512eba03d38b5507421ed84dd049fe1df18a6c8a243d2c1f5e4a5bbc6b2e7c48de5b9cc348e1b971849faa444ba2380f04284584eb6908a3e4ad6468153cf3e2dd2
-
Filesize
72KB
MD5f137575a39ae358fc66d93ecfaff805c
SHA15460af6437f163be584037f9a52de905e9ce4f45
SHA256db0bc894a3916d736b92e520a4d9b3b8559faac2c424d0c71879e66fc9ade545
SHA512eba03d38b5507421ed84dd049fe1df18a6c8a243d2c1f5e4a5bbc6b2e7c48de5b9cc348e1b971849faa444ba2380f04284584eb6908a3e4ad6468153cf3e2dd2
-
Filesize
72KB
MD55e4408ed6866e1e18e6c8a18b024ae02
SHA1a66152c97afc5ee6b15a3096198ed70f45684924
SHA256d27380ba3e5010f6a69c55aa28b731e87a9e381f9b3bdfd2756aa68287198797
SHA512bfce3b3192dc090daf786e472d83edf17bcd86313def9a2e239bf8886c2b4fd51a6e311c2f0e2ce16cf0a5f134f8e673bafd971610c225b166f05554c59bd91c
-
Filesize
72KB
MD55e4408ed6866e1e18e6c8a18b024ae02
SHA1a66152c97afc5ee6b15a3096198ed70f45684924
SHA256d27380ba3e5010f6a69c55aa28b731e87a9e381f9b3bdfd2756aa68287198797
SHA512bfce3b3192dc090daf786e472d83edf17bcd86313def9a2e239bf8886c2b4fd51a6e311c2f0e2ce16cf0a5f134f8e673bafd971610c225b166f05554c59bd91c
-
Filesize
72KB
MD5be9b3d67237b1632c2f554026cf4ef3f
SHA12148abbb3e5896115e78c8e0e6ad975d2f9771ca
SHA256bf977e509b485e786654a6408d25ee3f3f4851fceedb5a6da374447c4509aa49
SHA51203cf182d315f5652425fc7f45979995dd2ed41b9b1edb72bc87c515137f24219dd90cbdff3010b4d8a4026870bae1a6d3003d5d61b04bafee4063ce573b2b03b
-
Filesize
72KB
MD5be9b3d67237b1632c2f554026cf4ef3f
SHA12148abbb3e5896115e78c8e0e6ad975d2f9771ca
SHA256bf977e509b485e786654a6408d25ee3f3f4851fceedb5a6da374447c4509aa49
SHA51203cf182d315f5652425fc7f45979995dd2ed41b9b1edb72bc87c515137f24219dd90cbdff3010b4d8a4026870bae1a6d3003d5d61b04bafee4063ce573b2b03b
-
Filesize
72KB
MD5d7b00e3adcc56ea2951aebb1eb183e69
SHA1969276fa12868b510ae0cdc58120158c48d9fb37
SHA25629c52b7f322c83fea98eb8845ef2e25806b538dcc3a49a2ffa31cfb52443de83
SHA512528a4b358d4bd6a3a90669086dc8132bae79afe257e9c299b934af7a60c7fbc04ced20772c3e57355a419b51ff3ba0a7cc484d9963f3a369de1d46050808a936
-
Filesize
72KB
MD5d7b00e3adcc56ea2951aebb1eb183e69
SHA1969276fa12868b510ae0cdc58120158c48d9fb37
SHA25629c52b7f322c83fea98eb8845ef2e25806b538dcc3a49a2ffa31cfb52443de83
SHA512528a4b358d4bd6a3a90669086dc8132bae79afe257e9c299b934af7a60c7fbc04ced20772c3e57355a419b51ff3ba0a7cc484d9963f3a369de1d46050808a936
-
Filesize
72KB
MD5be9b3d67237b1632c2f554026cf4ef3f
SHA12148abbb3e5896115e78c8e0e6ad975d2f9771ca
SHA256bf977e509b485e786654a6408d25ee3f3f4851fceedb5a6da374447c4509aa49
SHA51203cf182d315f5652425fc7f45979995dd2ed41b9b1edb72bc87c515137f24219dd90cbdff3010b4d8a4026870bae1a6d3003d5d61b04bafee4063ce573b2b03b
-
Filesize
72KB
MD5be9b3d67237b1632c2f554026cf4ef3f
SHA12148abbb3e5896115e78c8e0e6ad975d2f9771ca
SHA256bf977e509b485e786654a6408d25ee3f3f4851fceedb5a6da374447c4509aa49
SHA51203cf182d315f5652425fc7f45979995dd2ed41b9b1edb72bc87c515137f24219dd90cbdff3010b4d8a4026870bae1a6d3003d5d61b04bafee4063ce573b2b03b
-
Filesize
72KB
MD5be9b3d67237b1632c2f554026cf4ef3f
SHA12148abbb3e5896115e78c8e0e6ad975d2f9771ca
SHA256bf977e509b485e786654a6408d25ee3f3f4851fceedb5a6da374447c4509aa49
SHA51203cf182d315f5652425fc7f45979995dd2ed41b9b1edb72bc87c515137f24219dd90cbdff3010b4d8a4026870bae1a6d3003d5d61b04bafee4063ce573b2b03b
-
Filesize
72KB
MD5be9b3d67237b1632c2f554026cf4ef3f
SHA12148abbb3e5896115e78c8e0e6ad975d2f9771ca
SHA256bf977e509b485e786654a6408d25ee3f3f4851fceedb5a6da374447c4509aa49
SHA51203cf182d315f5652425fc7f45979995dd2ed41b9b1edb72bc87c515137f24219dd90cbdff3010b4d8a4026870bae1a6d3003d5d61b04bafee4063ce573b2b03b
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD5a1dc6957283dfc5bf0fe30ffb653ce6c
SHA1cc049cfcfc485c313cb948dce7507f6d0bb8d00c
SHA256b6325292c0d97a2d1e2ca93bf8ea0a8b4d48306263fa44eb7dc5b1c639b9f9d7
SHA512af17dbb437355e55299548886a42303976a9e13f8348343e43895dcf3424934d3569bab96e11438880593c993ba974f5b447476bf030c840172de74f62c49da5
-
Filesize
72KB
MD59acbf2ee488761951c2ccab9cbd00c33
SHA1116109740d9e070bcbbbdd689a7888e11bff3879
SHA2568b17976508fea44e1ad0a5ee7cc5a5a9f5093e1ef628f951342c30ef64bb3dc0
SHA512a8af4cf8cdfa823175706665ba2c00a72c7dd333ffbde22ec4819b273ee5d4a748dc055d28041a6ce1d30151a167c0e186dab35b34da27fa663b206259828399
-
Filesize
72KB
MD59acbf2ee488761951c2ccab9cbd00c33
SHA1116109740d9e070bcbbbdd689a7888e11bff3879
SHA2568b17976508fea44e1ad0a5ee7cc5a5a9f5093e1ef628f951342c30ef64bb3dc0
SHA512a8af4cf8cdfa823175706665ba2c00a72c7dd333ffbde22ec4819b273ee5d4a748dc055d28041a6ce1d30151a167c0e186dab35b34da27fa663b206259828399
-
Filesize
72KB
MD59acbf2ee488761951c2ccab9cbd00c33
SHA1116109740d9e070bcbbbdd689a7888e11bff3879
SHA2568b17976508fea44e1ad0a5ee7cc5a5a9f5093e1ef628f951342c30ef64bb3dc0
SHA512a8af4cf8cdfa823175706665ba2c00a72c7dd333ffbde22ec4819b273ee5d4a748dc055d28041a6ce1d30151a167c0e186dab35b34da27fa663b206259828399
-
Filesize
72KB
MD59acbf2ee488761951c2ccab9cbd00c33
SHA1116109740d9e070bcbbbdd689a7888e11bff3879
SHA2568b17976508fea44e1ad0a5ee7cc5a5a9f5093e1ef628f951342c30ef64bb3dc0
SHA512a8af4cf8cdfa823175706665ba2c00a72c7dd333ffbde22ec4819b273ee5d4a748dc055d28041a6ce1d30151a167c0e186dab35b34da27fa663b206259828399
-
Filesize
72KB
MD57e7822e05b69d73b1e0eea9a44ed00b7
SHA1190cd7533abc8339cc012faa27cb50c02a12bca8
SHA256c29d5d77953827e1a72ce019367e2238e9639a8b67aa92170306f0e6e58dc0fc
SHA512cad479e1e7139114144b51302338766ea4894dd2c793b199c158ac5a87d0770b1f5ece46d73a929c1a64cd0c095e787549d6babc4ad235a3372d20405d2ef765
-
Filesize
72KB
MD57e7822e05b69d73b1e0eea9a44ed00b7
SHA1190cd7533abc8339cc012faa27cb50c02a12bca8
SHA256c29d5d77953827e1a72ce019367e2238e9639a8b67aa92170306f0e6e58dc0fc
SHA512cad479e1e7139114144b51302338766ea4894dd2c793b199c158ac5a87d0770b1f5ece46d73a929c1a64cd0c095e787549d6babc4ad235a3372d20405d2ef765
-
Filesize
72KB
MD52f58e9d11c409580ec94f47b1b1024c5
SHA192397d3450d2217f8a01587eab62546536749553
SHA2569af66e00f51e15d6b727a34e59795ea9da4f88292d0caa02a0c8962c9e281788
SHA5129302458a972ef1836f22c8e7203d7c8c37cce1a84a542674b3947ada6aea8de5faa7c4e3f7fa08e05394a8ee18b6aa2edc829fa1e9c05c5c6318256b682cd44c
-
Filesize
72KB
MD52f58e9d11c409580ec94f47b1b1024c5
SHA192397d3450d2217f8a01587eab62546536749553
SHA2569af66e00f51e15d6b727a34e59795ea9da4f88292d0caa02a0c8962c9e281788
SHA5129302458a972ef1836f22c8e7203d7c8c37cce1a84a542674b3947ada6aea8de5faa7c4e3f7fa08e05394a8ee18b6aa2edc829fa1e9c05c5c6318256b682cd44c
-
Filesize
72KB
MD5d13c74050558b1d1c90609dfbbe18dbf
SHA1898b2574ac8b182ac46efd4c23ecc708102f0495
SHA256f00e4d75596a839fcc74f642bcc0069d192da2d4adcb330ebc64c5cebae70a46
SHA5129fb2895d40d3eea553ef70ea4c86d6d221fa2d7a05959da0f7557ec0aaf1643dc9d669c0797efb9df3190efe8febd2659950e29f1e65d80594a2767d89f99a4d
-
Filesize
72KB
MD5d13c74050558b1d1c90609dfbbe18dbf
SHA1898b2574ac8b182ac46efd4c23ecc708102f0495
SHA256f00e4d75596a839fcc74f642bcc0069d192da2d4adcb330ebc64c5cebae70a46
SHA5129fb2895d40d3eea553ef70ea4c86d6d221fa2d7a05959da0f7557ec0aaf1643dc9d669c0797efb9df3190efe8febd2659950e29f1e65d80594a2767d89f99a4d
-
Filesize
72KB
MD5e55572795a4fccea4cd9b16f202eab1e
SHA103c18a79a9337a8b696bb1afe54158eedccecdc4
SHA25661bd25890eba9c0d26d19b2d635e53559f4faeb252a0d3ad351a172d1982db73
SHA512a8a03633b7ddb3248e33dfe4a452db7b42ba8eae9ec92e8c26f1acbf150c7a046ba802b93a7fe781a9a5ee21f1d9496e16e9b9b76d1ade9be0b72ff8a9362d3f
-
Filesize
72KB
MD5e55572795a4fccea4cd9b16f202eab1e
SHA103c18a79a9337a8b696bb1afe54158eedccecdc4
SHA25661bd25890eba9c0d26d19b2d635e53559f4faeb252a0d3ad351a172d1982db73
SHA512a8a03633b7ddb3248e33dfe4a452db7b42ba8eae9ec92e8c26f1acbf150c7a046ba802b93a7fe781a9a5ee21f1d9496e16e9b9b76d1ade9be0b72ff8a9362d3f
-
Filesize
72KB
MD5e55572795a4fccea4cd9b16f202eab1e
SHA103c18a79a9337a8b696bb1afe54158eedccecdc4
SHA25661bd25890eba9c0d26d19b2d635e53559f4faeb252a0d3ad351a172d1982db73
SHA512a8a03633b7ddb3248e33dfe4a452db7b42ba8eae9ec92e8c26f1acbf150c7a046ba802b93a7fe781a9a5ee21f1d9496e16e9b9b76d1ade9be0b72ff8a9362d3f
-
Filesize
72KB
MD5e55572795a4fccea4cd9b16f202eab1e
SHA103c18a79a9337a8b696bb1afe54158eedccecdc4
SHA25661bd25890eba9c0d26d19b2d635e53559f4faeb252a0d3ad351a172d1982db73
SHA512a8a03633b7ddb3248e33dfe4a452db7b42ba8eae9ec92e8c26f1acbf150c7a046ba802b93a7fe781a9a5ee21f1d9496e16e9b9b76d1ade9be0b72ff8a9362d3f
-
Filesize
72KB
MD5e55572795a4fccea4cd9b16f202eab1e
SHA103c18a79a9337a8b696bb1afe54158eedccecdc4
SHA25661bd25890eba9c0d26d19b2d635e53559f4faeb252a0d3ad351a172d1982db73
SHA512a8a03633b7ddb3248e33dfe4a452db7b42ba8eae9ec92e8c26f1acbf150c7a046ba802b93a7fe781a9a5ee21f1d9496e16e9b9b76d1ade9be0b72ff8a9362d3f
-
Filesize
72KB
MD5e55572795a4fccea4cd9b16f202eab1e
SHA103c18a79a9337a8b696bb1afe54158eedccecdc4
SHA25661bd25890eba9c0d26d19b2d635e53559f4faeb252a0d3ad351a172d1982db73
SHA512a8a03633b7ddb3248e33dfe4a452db7b42ba8eae9ec92e8c26f1acbf150c7a046ba802b93a7fe781a9a5ee21f1d9496e16e9b9b76d1ade9be0b72ff8a9362d3f
-
Filesize
72KB
MD5e55572795a4fccea4cd9b16f202eab1e
SHA103c18a79a9337a8b696bb1afe54158eedccecdc4
SHA25661bd25890eba9c0d26d19b2d635e53559f4faeb252a0d3ad351a172d1982db73
SHA512a8a03633b7ddb3248e33dfe4a452db7b42ba8eae9ec92e8c26f1acbf150c7a046ba802b93a7fe781a9a5ee21f1d9496e16e9b9b76d1ade9be0b72ff8a9362d3f
-
Filesize
72KB
MD5e55572795a4fccea4cd9b16f202eab1e
SHA103c18a79a9337a8b696bb1afe54158eedccecdc4
SHA25661bd25890eba9c0d26d19b2d635e53559f4faeb252a0d3ad351a172d1982db73
SHA512a8a03633b7ddb3248e33dfe4a452db7b42ba8eae9ec92e8c26f1acbf150c7a046ba802b93a7fe781a9a5ee21f1d9496e16e9b9b76d1ade9be0b72ff8a9362d3f
-
Filesize
72KB
MD5e55572795a4fccea4cd9b16f202eab1e
SHA103c18a79a9337a8b696bb1afe54158eedccecdc4
SHA25661bd25890eba9c0d26d19b2d635e53559f4faeb252a0d3ad351a172d1982db73
SHA512a8a03633b7ddb3248e33dfe4a452db7b42ba8eae9ec92e8c26f1acbf150c7a046ba802b93a7fe781a9a5ee21f1d9496e16e9b9b76d1ade9be0b72ff8a9362d3f
-
Filesize
72KB
MD5e55572795a4fccea4cd9b16f202eab1e
SHA103c18a79a9337a8b696bb1afe54158eedccecdc4
SHA25661bd25890eba9c0d26d19b2d635e53559f4faeb252a0d3ad351a172d1982db73
SHA512a8a03633b7ddb3248e33dfe4a452db7b42ba8eae9ec92e8c26f1acbf150c7a046ba802b93a7fe781a9a5ee21f1d9496e16e9b9b76d1ade9be0b72ff8a9362d3f
-
Filesize
72KB
MD557a244ff4d0ac6c24b2d5cb462f88407
SHA1b6a08b3311de1288459f4f7267e2e022137b3800
SHA256ed4e80fa37844576c591d202874367f3ecc395f12a1fcb7df8feb6097b70c64a
SHA512496911129bdbd984fc48aea781edbe60b308d879d07b020ebac94141f6e5ba6ab3d58ec6ea7da1a8a7155147936ca762cfca45e7ed7162901ff6a79e4aa9ffa0
-
Filesize
72KB
MD557a244ff4d0ac6c24b2d5cb462f88407
SHA1b6a08b3311de1288459f4f7267e2e022137b3800
SHA256ed4e80fa37844576c591d202874367f3ecc395f12a1fcb7df8feb6097b70c64a
SHA512496911129bdbd984fc48aea781edbe60b308d879d07b020ebac94141f6e5ba6ab3d58ec6ea7da1a8a7155147936ca762cfca45e7ed7162901ff6a79e4aa9ffa0
-
Filesize
72KB
MD50a5d6febddbc8635e59468fa176ae12f
SHA1411b1bf21721c71a2ecf9f616dc9daf229e546bc
SHA25668acc3336f28ad888b2a91e6f3f34b51470ffd0fc13ee9f10e007ef9682cb981
SHA5127b83b2e3dd40d5a66136fbbdede9a3ee52aeeca969c070fd95b864ea4a5f6f9884c6226fb3dfcd88571f9b2d14ee4a7dbf6011326aaadc66743d1f2f7b475158
-
Filesize
72KB
MD50a5d6febddbc8635e59468fa176ae12f
SHA1411b1bf21721c71a2ecf9f616dc9daf229e546bc
SHA25668acc3336f28ad888b2a91e6f3f34b51470ffd0fc13ee9f10e007ef9682cb981
SHA5127b83b2e3dd40d5a66136fbbdede9a3ee52aeeca969c070fd95b864ea4a5f6f9884c6226fb3dfcd88571f9b2d14ee4a7dbf6011326aaadc66743d1f2f7b475158
-
Filesize
72KB
MD52f58e9d11c409580ec94f47b1b1024c5
SHA192397d3450d2217f8a01587eab62546536749553
SHA2569af66e00f51e15d6b727a34e59795ea9da4f88292d0caa02a0c8962c9e281788
SHA5129302458a972ef1836f22c8e7203d7c8c37cce1a84a542674b3947ada6aea8de5faa7c4e3f7fa08e05394a8ee18b6aa2edc829fa1e9c05c5c6318256b682cd44c
-
Filesize
72KB
MD52f58e9d11c409580ec94f47b1b1024c5
SHA192397d3450d2217f8a01587eab62546536749553
SHA2569af66e00f51e15d6b727a34e59795ea9da4f88292d0caa02a0c8962c9e281788
SHA5129302458a972ef1836f22c8e7203d7c8c37cce1a84a542674b3947ada6aea8de5faa7c4e3f7fa08e05394a8ee18b6aa2edc829fa1e9c05c5c6318256b682cd44c