Analysis
-
max time kernel
151s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
29/11/2022, 14:15
General
-
Target
4db788f7582b14da027788e1b95944d71bcad16c6c800479c818f49adff66b1d.exe
-
Size
72KB
-
MD5
1ecdebb4af1bf63e6ddfa6be6cb98010
-
SHA1
39a9273ed923ddab4d9516ccff7595c1db84dd3c
-
SHA256
4db788f7582b14da027788e1b95944d71bcad16c6c800479c818f49adff66b1d
-
SHA512
4dc6a169ad1c124820115c610cf4641d3e3413e2476cbff6a25e44ec0914b10d85388d054a99b8804b0118642cb6006d172508e55be94e98e29093873d0d8856
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2A:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrM
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4db788f7582b14da027788e1b95944d71bcad16c6c800479c818f49adff66b1d.exe"C:\Users\Admin\AppData\Local\Temp\4db788f7582b14da027788e1b95944d71bcad16c6c800479c818f49adff66b1d.exe"1⤵
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\3304769920\backup.exeC:\Users\Admin\AppData\Local\Temp\3304769920\backup.exe C:\Users\Admin\AppData\Local\Temp\3304769920\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\update.exe"C:\Program Files\7-Zip\Lang\update.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\update.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\update.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\9⤵
- System policy modification
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\System Restore.exe"C:\Program Files\Common Files\System\en-US\System Restore.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\update.exe"C:\Program Files\DVD Maker\update.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\System Restore.exe"C:\Program Files\Internet Explorer\es-ES\System Restore.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\data.exe"C:\Program Files\Internet Explorer\images\data.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\update.exe"C:\Program Files\Java\jdk1.7.0_80\update.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
-
-
C:\Program Files\Java\jre7\backup.exe"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\6⤵
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- System policy modification
-
C:\Program Files\Microsoft Office\Office14\backup.exe"C:\Program Files\Microsoft Office\Office14\backup.exe" C:\Program Files\Microsoft Office\Office14\6⤵
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
-
-
C:\Program Files\Mozilla Firefox\defaults\backup.exe"C:\Program Files\Mozilla Firefox\defaults\backup.exe" C:\Program Files\Mozilla Firefox\defaults\6⤵
-
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\MSBuild\Microsoft\backup.exe"C:\Program Files\MSBuild\Microsoft\backup.exe" C:\Program Files\MSBuild\Microsoft\6⤵
-
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
- System policy modification
-
-
-
-
-
C:\Program Files (x86)\Common Files\System Restore.exe"C:\Program Files (x86)\Common Files\System Restore.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EURO\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Sync Framework\data.exe"C:\Program Files (x86)\Microsoft Sync Framework\data.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\WPDNSE\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD521ebdd333805bcfe3a0027e6a8d06f7c
SHA11a32081de3a3de33bba9cdb741d38fda02270e20
SHA256dcfa5c509146c08dcac723c21016ca2c891f4f47ef25325752775b094bfd173f
SHA5122103e6cae499a89415d3d06245a30574fb1de50f696f918d97f063efad464aef612ff07e6acd481f42dd74cbc64f9b394a0a7fb11f27d46f04676a4608b4d163
-
Filesize
72KB
MD517d5126e977ccfe4b839858afbdfdf4a
SHA1e53f3b36e92a01249b8a5e59d713cd15ac232cb2
SHA256ff575a113435844e283ace4a8103a913fc463372ebaa89744969ed2be6f20e73
SHA512a72b128b7f7507b879cab266e597cc6e8c1f4cf08652a56a2d920e4958d20d574441e1de9496bcb6bac3ce97ff7cdbcb8cdc871c3c602a4578ab0726b374b392
-
Filesize
72KB
MD517d5126e977ccfe4b839858afbdfdf4a
SHA1e53f3b36e92a01249b8a5e59d713cd15ac232cb2
SHA256ff575a113435844e283ace4a8103a913fc463372ebaa89744969ed2be6f20e73
SHA512a72b128b7f7507b879cab266e597cc6e8c1f4cf08652a56a2d920e4958d20d574441e1de9496bcb6bac3ce97ff7cdbcb8cdc871c3c602a4578ab0726b374b392
-
Filesize
72KB
MD57b4986e59a358bace2acb40663c60a41
SHA1a5c19d62b87750579f8bd4861b6e034e8031eca4
SHA2562c5fe5e4f27c98e70dd95963f3012074c4b851b56be29e1c52b4d7b4315682c3
SHA512e34d65b869d5c96525de2936b446198e0012f5724ed35fecca62119643992c0933e50609c858494d08523e640f018ea2827c4a750a6bb8aeb6c4b9c1b9d65f35
-
Filesize
72KB
MD57b4986e59a358bace2acb40663c60a41
SHA1a5c19d62b87750579f8bd4861b6e034e8031eca4
SHA2562c5fe5e4f27c98e70dd95963f3012074c4b851b56be29e1c52b4d7b4315682c3
SHA512e34d65b869d5c96525de2936b446198e0012f5724ed35fecca62119643992c0933e50609c858494d08523e640f018ea2827c4a750a6bb8aeb6c4b9c1b9d65f35
-
Filesize
72KB
MD521ebdd333805bcfe3a0027e6a8d06f7c
SHA11a32081de3a3de33bba9cdb741d38fda02270e20
SHA256dcfa5c509146c08dcac723c21016ca2c891f4f47ef25325752775b094bfd173f
SHA5122103e6cae499a89415d3d06245a30574fb1de50f696f918d97f063efad464aef612ff07e6acd481f42dd74cbc64f9b394a0a7fb11f27d46f04676a4608b4d163
-
Filesize
72KB
MD521ebdd333805bcfe3a0027e6a8d06f7c
SHA11a32081de3a3de33bba9cdb741d38fda02270e20
SHA256dcfa5c509146c08dcac723c21016ca2c891f4f47ef25325752775b094bfd173f
SHA5122103e6cae499a89415d3d06245a30574fb1de50f696f918d97f063efad464aef612ff07e6acd481f42dd74cbc64f9b394a0a7fb11f27d46f04676a4608b4d163
-
Filesize
72KB
MD59d40c7ddc44ac25c7b782567d3992121
SHA12c694d2d4fdd9b57461207f649a1305e32bebfef
SHA256d5dabb32506290c6e2e1555b031ca8e4ddcc9930188c79d9ef450a264bb18264
SHA5120fa43f4fd9f8c807b572103e7c9f9b14b05d8cc789f769a1869f2ca25294f0a530c12c960ebaa88c0517e3f09a76755cbc5c7d9bb14ce9eddb7251766bcfe399
-
Filesize
72KB
MD5a027890741cecee7a11e3a5029f847e8
SHA11c30fc739945cd84d7b7724fe5c0f65d15d31374
SHA25614a82646e7b847b7d3311c6d0349146a4834ec91f9bdb0135e4766736878f92d
SHA512194427c9092cb3505b5de325f76f44b52e59f0038162cd1949debb71eaf9611523a31cd1e5e4f55972fce0e42561d5461b8587735da03dec8ab17d15c133f81a
-
Filesize
72KB
MD5a027890741cecee7a11e3a5029f847e8
SHA11c30fc739945cd84d7b7724fe5c0f65d15d31374
SHA25614a82646e7b847b7d3311c6d0349146a4834ec91f9bdb0135e4766736878f92d
SHA512194427c9092cb3505b5de325f76f44b52e59f0038162cd1949debb71eaf9611523a31cd1e5e4f55972fce0e42561d5461b8587735da03dec8ab17d15c133f81a
-
Filesize
72KB
MD59d40c7ddc44ac25c7b782567d3992121
SHA12c694d2d4fdd9b57461207f649a1305e32bebfef
SHA256d5dabb32506290c6e2e1555b031ca8e4ddcc9930188c79d9ef450a264bb18264
SHA5120fa43f4fd9f8c807b572103e7c9f9b14b05d8cc789f769a1869f2ca25294f0a530c12c960ebaa88c0517e3f09a76755cbc5c7d9bb14ce9eddb7251766bcfe399
-
Filesize
72KB
MD59d40c7ddc44ac25c7b782567d3992121
SHA12c694d2d4fdd9b57461207f649a1305e32bebfef
SHA256d5dabb32506290c6e2e1555b031ca8e4ddcc9930188c79d9ef450a264bb18264
SHA5120fa43f4fd9f8c807b572103e7c9f9b14b05d8cc789f769a1869f2ca25294f0a530c12c960ebaa88c0517e3f09a76755cbc5c7d9bb14ce9eddb7251766bcfe399
-
Filesize
72KB
MD5a6b8feafe68a922524e3e9bf9256188f
SHA125508ff455b84875274d7a83bd13af0948e3c338
SHA2562770673ea03a5a1a8940b79239779f51074600ed3f5c5678dd18668be2490472
SHA512109a34ccde6a133c9077c143a8d177dc26ad033c545f8f52cb2681836370a9d177f6c92b10ccd188d1454c09b5cdb327d91d5a6735bad0ef7ee67c37b23ebb3f
-
Filesize
72KB
MD5867e24486c3f88d5ddc7fc3882d6107b
SHA1cac5f6eaaba2dc2663e7e4220379547edec85549
SHA256626d54bb0d3b9cd1995aa39ffad2d245d7045b0a149c2f6884bd27daf6c3b29c
SHA512af191729539eaa1b1b9c41e546837982e11f226272ef3e173e4555a4af38565ae76e7f8294f08a32d0c473e4f6d3473ced24dac381667a9cc4b91cb582d11dfd
-
Filesize
72KB
MD5867e24486c3f88d5ddc7fc3882d6107b
SHA1cac5f6eaaba2dc2663e7e4220379547edec85549
SHA256626d54bb0d3b9cd1995aa39ffad2d245d7045b0a149c2f6884bd27daf6c3b29c
SHA512af191729539eaa1b1b9c41e546837982e11f226272ef3e173e4555a4af38565ae76e7f8294f08a32d0c473e4f6d3473ced24dac381667a9cc4b91cb582d11dfd
-
Filesize
72KB
MD517d5126e977ccfe4b839858afbdfdf4a
SHA1e53f3b36e92a01249b8a5e59d713cd15ac232cb2
SHA256ff575a113435844e283ace4a8103a913fc463372ebaa89744969ed2be6f20e73
SHA512a72b128b7f7507b879cab266e597cc6e8c1f4cf08652a56a2d920e4958d20d574441e1de9496bcb6bac3ce97ff7cdbcb8cdc871c3c602a4578ab0726b374b392
-
Filesize
72KB
MD517d5126e977ccfe4b839858afbdfdf4a
SHA1e53f3b36e92a01249b8a5e59d713cd15ac232cb2
SHA256ff575a113435844e283ace4a8103a913fc463372ebaa89744969ed2be6f20e73
SHA512a72b128b7f7507b879cab266e597cc6e8c1f4cf08652a56a2d920e4958d20d574441e1de9496bcb6bac3ce97ff7cdbcb8cdc871c3c602a4578ab0726b374b392
-
Filesize
72KB
MD538769549a04d257dec2b182bbd40a585
SHA14a7a3fc5773a2e232d15273ecff74dfe674381d7
SHA256823e648d0e7c5d966751a0220d3b965feac6765ec5c0dd71660d34a5192ad66d
SHA512bae19cd055be7800d5e83a3417553e2ff35f60c650d42d751054d4ed1e94f0f81ae0212b88e1df56251322ca9e1bfad256ed59ae095bd6e38b57ad4f7e2de201
-
Filesize
72KB
MD538769549a04d257dec2b182bbd40a585
SHA14a7a3fc5773a2e232d15273ecff74dfe674381d7
SHA256823e648d0e7c5d966751a0220d3b965feac6765ec5c0dd71660d34a5192ad66d
SHA512bae19cd055be7800d5e83a3417553e2ff35f60c650d42d751054d4ed1e94f0f81ae0212b88e1df56251322ca9e1bfad256ed59ae095bd6e38b57ad4f7e2de201
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD538769549a04d257dec2b182bbd40a585
SHA14a7a3fc5773a2e232d15273ecff74dfe674381d7
SHA256823e648d0e7c5d966751a0220d3b965feac6765ec5c0dd71660d34a5192ad66d
SHA512bae19cd055be7800d5e83a3417553e2ff35f60c650d42d751054d4ed1e94f0f81ae0212b88e1df56251322ca9e1bfad256ed59ae095bd6e38b57ad4f7e2de201
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5f08336a994a256b8218b9a0236af8c32
SHA1f32633580bf2b613a89c720c859022288a3a2f41
SHA25694facecc56aa7e81e572931a734602ec4747fe2b30d5fb7561849bfcf4117b64
SHA5124baa4caa25c2f03579a78323b8a11ae671c251741a5c4ee1493775b820e5c85e7fe7be8b8145f1b9c5cba94f9840dc3a8305c5a504b127888ceff64317f24030
-
Filesize
72KB
MD5f08336a994a256b8218b9a0236af8c32
SHA1f32633580bf2b613a89c720c859022288a3a2f41
SHA25694facecc56aa7e81e572931a734602ec4747fe2b30d5fb7561849bfcf4117b64
SHA5124baa4caa25c2f03579a78323b8a11ae671c251741a5c4ee1493775b820e5c85e7fe7be8b8145f1b9c5cba94f9840dc3a8305c5a504b127888ceff64317f24030
-
Filesize
72KB
MD521ebdd333805bcfe3a0027e6a8d06f7c
SHA11a32081de3a3de33bba9cdb741d38fda02270e20
SHA256dcfa5c509146c08dcac723c21016ca2c891f4f47ef25325752775b094bfd173f
SHA5122103e6cae499a89415d3d06245a30574fb1de50f696f918d97f063efad464aef612ff07e6acd481f42dd74cbc64f9b394a0a7fb11f27d46f04676a4608b4d163
-
Filesize
72KB
MD521ebdd333805bcfe3a0027e6a8d06f7c
SHA11a32081de3a3de33bba9cdb741d38fda02270e20
SHA256dcfa5c509146c08dcac723c21016ca2c891f4f47ef25325752775b094bfd173f
SHA5122103e6cae499a89415d3d06245a30574fb1de50f696f918d97f063efad464aef612ff07e6acd481f42dd74cbc64f9b394a0a7fb11f27d46f04676a4608b4d163
-
Filesize
72KB
MD517d5126e977ccfe4b839858afbdfdf4a
SHA1e53f3b36e92a01249b8a5e59d713cd15ac232cb2
SHA256ff575a113435844e283ace4a8103a913fc463372ebaa89744969ed2be6f20e73
SHA512a72b128b7f7507b879cab266e597cc6e8c1f4cf08652a56a2d920e4958d20d574441e1de9496bcb6bac3ce97ff7cdbcb8cdc871c3c602a4578ab0726b374b392
-
Filesize
72KB
MD517d5126e977ccfe4b839858afbdfdf4a
SHA1e53f3b36e92a01249b8a5e59d713cd15ac232cb2
SHA256ff575a113435844e283ace4a8103a913fc463372ebaa89744969ed2be6f20e73
SHA512a72b128b7f7507b879cab266e597cc6e8c1f4cf08652a56a2d920e4958d20d574441e1de9496bcb6bac3ce97ff7cdbcb8cdc871c3c602a4578ab0726b374b392
-
Filesize
72KB
MD57b4986e59a358bace2acb40663c60a41
SHA1a5c19d62b87750579f8bd4861b6e034e8031eca4
SHA2562c5fe5e4f27c98e70dd95963f3012074c4b851b56be29e1c52b4d7b4315682c3
SHA512e34d65b869d5c96525de2936b446198e0012f5724ed35fecca62119643992c0933e50609c858494d08523e640f018ea2827c4a750a6bb8aeb6c4b9c1b9d65f35
-
Filesize
72KB
MD57b4986e59a358bace2acb40663c60a41
SHA1a5c19d62b87750579f8bd4861b6e034e8031eca4
SHA2562c5fe5e4f27c98e70dd95963f3012074c4b851b56be29e1c52b4d7b4315682c3
SHA512e34d65b869d5c96525de2936b446198e0012f5724ed35fecca62119643992c0933e50609c858494d08523e640f018ea2827c4a750a6bb8aeb6c4b9c1b9d65f35
-
Filesize
72KB
MD57b4986e59a358bace2acb40663c60a41
SHA1a5c19d62b87750579f8bd4861b6e034e8031eca4
SHA2562c5fe5e4f27c98e70dd95963f3012074c4b851b56be29e1c52b4d7b4315682c3
SHA512e34d65b869d5c96525de2936b446198e0012f5724ed35fecca62119643992c0933e50609c858494d08523e640f018ea2827c4a750a6bb8aeb6c4b9c1b9d65f35
-
Filesize
72KB
MD57b4986e59a358bace2acb40663c60a41
SHA1a5c19d62b87750579f8bd4861b6e034e8031eca4
SHA2562c5fe5e4f27c98e70dd95963f3012074c4b851b56be29e1c52b4d7b4315682c3
SHA512e34d65b869d5c96525de2936b446198e0012f5724ed35fecca62119643992c0933e50609c858494d08523e640f018ea2827c4a750a6bb8aeb6c4b9c1b9d65f35
-
Filesize
72KB
MD521ebdd333805bcfe3a0027e6a8d06f7c
SHA11a32081de3a3de33bba9cdb741d38fda02270e20
SHA256dcfa5c509146c08dcac723c21016ca2c891f4f47ef25325752775b094bfd173f
SHA5122103e6cae499a89415d3d06245a30574fb1de50f696f918d97f063efad464aef612ff07e6acd481f42dd74cbc64f9b394a0a7fb11f27d46f04676a4608b4d163
-
Filesize
72KB
MD521ebdd333805bcfe3a0027e6a8d06f7c
SHA11a32081de3a3de33bba9cdb741d38fda02270e20
SHA256dcfa5c509146c08dcac723c21016ca2c891f4f47ef25325752775b094bfd173f
SHA5122103e6cae499a89415d3d06245a30574fb1de50f696f918d97f063efad464aef612ff07e6acd481f42dd74cbc64f9b394a0a7fb11f27d46f04676a4608b4d163
-
Filesize
72KB
MD59d40c7ddc44ac25c7b782567d3992121
SHA12c694d2d4fdd9b57461207f649a1305e32bebfef
SHA256d5dabb32506290c6e2e1555b031ca8e4ddcc9930188c79d9ef450a264bb18264
SHA5120fa43f4fd9f8c807b572103e7c9f9b14b05d8cc789f769a1869f2ca25294f0a530c12c960ebaa88c0517e3f09a76755cbc5c7d9bb14ce9eddb7251766bcfe399
-
Filesize
72KB
MD59d40c7ddc44ac25c7b782567d3992121
SHA12c694d2d4fdd9b57461207f649a1305e32bebfef
SHA256d5dabb32506290c6e2e1555b031ca8e4ddcc9930188c79d9ef450a264bb18264
SHA5120fa43f4fd9f8c807b572103e7c9f9b14b05d8cc789f769a1869f2ca25294f0a530c12c960ebaa88c0517e3f09a76755cbc5c7d9bb14ce9eddb7251766bcfe399
-
Filesize
72KB
MD5a027890741cecee7a11e3a5029f847e8
SHA11c30fc739945cd84d7b7724fe5c0f65d15d31374
SHA25614a82646e7b847b7d3311c6d0349146a4834ec91f9bdb0135e4766736878f92d
SHA512194427c9092cb3505b5de325f76f44b52e59f0038162cd1949debb71eaf9611523a31cd1e5e4f55972fce0e42561d5461b8587735da03dec8ab17d15c133f81a
-
Filesize
72KB
MD5a027890741cecee7a11e3a5029f847e8
SHA11c30fc739945cd84d7b7724fe5c0f65d15d31374
SHA25614a82646e7b847b7d3311c6d0349146a4834ec91f9bdb0135e4766736878f92d
SHA512194427c9092cb3505b5de325f76f44b52e59f0038162cd1949debb71eaf9611523a31cd1e5e4f55972fce0e42561d5461b8587735da03dec8ab17d15c133f81a
-
Filesize
72KB
MD59d40c7ddc44ac25c7b782567d3992121
SHA12c694d2d4fdd9b57461207f649a1305e32bebfef
SHA256d5dabb32506290c6e2e1555b031ca8e4ddcc9930188c79d9ef450a264bb18264
SHA5120fa43f4fd9f8c807b572103e7c9f9b14b05d8cc789f769a1869f2ca25294f0a530c12c960ebaa88c0517e3f09a76755cbc5c7d9bb14ce9eddb7251766bcfe399
-
Filesize
72KB
MD59d40c7ddc44ac25c7b782567d3992121
SHA12c694d2d4fdd9b57461207f649a1305e32bebfef
SHA256d5dabb32506290c6e2e1555b031ca8e4ddcc9930188c79d9ef450a264bb18264
SHA5120fa43f4fd9f8c807b572103e7c9f9b14b05d8cc789f769a1869f2ca25294f0a530c12c960ebaa88c0517e3f09a76755cbc5c7d9bb14ce9eddb7251766bcfe399
-
Filesize
72KB
MD5a6b8feafe68a922524e3e9bf9256188f
SHA125508ff455b84875274d7a83bd13af0948e3c338
SHA2562770673ea03a5a1a8940b79239779f51074600ed3f5c5678dd18668be2490472
SHA512109a34ccde6a133c9077c143a8d177dc26ad033c545f8f52cb2681836370a9d177f6c92b10ccd188d1454c09b5cdb327d91d5a6735bad0ef7ee67c37b23ebb3f
-
Filesize
72KB
MD5a6b8feafe68a922524e3e9bf9256188f
SHA125508ff455b84875274d7a83bd13af0948e3c338
SHA2562770673ea03a5a1a8940b79239779f51074600ed3f5c5678dd18668be2490472
SHA512109a34ccde6a133c9077c143a8d177dc26ad033c545f8f52cb2681836370a9d177f6c92b10ccd188d1454c09b5cdb327d91d5a6735bad0ef7ee67c37b23ebb3f
-
Filesize
72KB
MD51b01c529b37c749d7e51e967b122c925
SHA1f907e138c516b37e1f1c49bc1dba6d3623e2b9ad
SHA2563c3b4dfb287263821047e4be9b18993a595922c290b05ee02aa145dbc1c72cf0
SHA5129e8c1fa7f97fb5a6ef774e5c32c469b57ba7530e667348b8371dfa542a99ade9a0e7caaf5186554fae4ebd4afccfbf89b4e24b20f5f59f277a1b9461fef010f2
-
Filesize
72KB
MD5867e24486c3f88d5ddc7fc3882d6107b
SHA1cac5f6eaaba2dc2663e7e4220379547edec85549
SHA256626d54bb0d3b9cd1995aa39ffad2d245d7045b0a149c2f6884bd27daf6c3b29c
SHA512af191729539eaa1b1b9c41e546837982e11f226272ef3e173e4555a4af38565ae76e7f8294f08a32d0c473e4f6d3473ced24dac381667a9cc4b91cb582d11dfd
-
Filesize
72KB
MD5867e24486c3f88d5ddc7fc3882d6107b
SHA1cac5f6eaaba2dc2663e7e4220379547edec85549
SHA256626d54bb0d3b9cd1995aa39ffad2d245d7045b0a149c2f6884bd27daf6c3b29c
SHA512af191729539eaa1b1b9c41e546837982e11f226272ef3e173e4555a4af38565ae76e7f8294f08a32d0c473e4f6d3473ced24dac381667a9cc4b91cb582d11dfd
-
Filesize
72KB
MD517d5126e977ccfe4b839858afbdfdf4a
SHA1e53f3b36e92a01249b8a5e59d713cd15ac232cb2
SHA256ff575a113435844e283ace4a8103a913fc463372ebaa89744969ed2be6f20e73
SHA512a72b128b7f7507b879cab266e597cc6e8c1f4cf08652a56a2d920e4958d20d574441e1de9496bcb6bac3ce97ff7cdbcb8cdc871c3c602a4578ab0726b374b392
-
Filesize
72KB
MD517d5126e977ccfe4b839858afbdfdf4a
SHA1e53f3b36e92a01249b8a5e59d713cd15ac232cb2
SHA256ff575a113435844e283ace4a8103a913fc463372ebaa89744969ed2be6f20e73
SHA512a72b128b7f7507b879cab266e597cc6e8c1f4cf08652a56a2d920e4958d20d574441e1de9496bcb6bac3ce97ff7cdbcb8cdc871c3c602a4578ab0726b374b392
-
Filesize
72KB
MD538769549a04d257dec2b182bbd40a585
SHA14a7a3fc5773a2e232d15273ecff74dfe674381d7
SHA256823e648d0e7c5d966751a0220d3b965feac6765ec5c0dd71660d34a5192ad66d
SHA512bae19cd055be7800d5e83a3417553e2ff35f60c650d42d751054d4ed1e94f0f81ae0212b88e1df56251322ca9e1bfad256ed59ae095bd6e38b57ad4f7e2de201
-
Filesize
72KB
MD538769549a04d257dec2b182bbd40a585
SHA14a7a3fc5773a2e232d15273ecff74dfe674381d7
SHA256823e648d0e7c5d966751a0220d3b965feac6765ec5c0dd71660d34a5192ad66d
SHA512bae19cd055be7800d5e83a3417553e2ff35f60c650d42d751054d4ed1e94f0f81ae0212b88e1df56251322ca9e1bfad256ed59ae095bd6e38b57ad4f7e2de201
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD538769549a04d257dec2b182bbd40a585
SHA14a7a3fc5773a2e232d15273ecff74dfe674381d7
SHA256823e648d0e7c5d966751a0220d3b965feac6765ec5c0dd71660d34a5192ad66d
SHA512bae19cd055be7800d5e83a3417553e2ff35f60c650d42d751054d4ed1e94f0f81ae0212b88e1df56251322ca9e1bfad256ed59ae095bd6e38b57ad4f7e2de201
-
Filesize
72KB
MD538769549a04d257dec2b182bbd40a585
SHA14a7a3fc5773a2e232d15273ecff74dfe674381d7
SHA256823e648d0e7c5d966751a0220d3b965feac6765ec5c0dd71660d34a5192ad66d
SHA512bae19cd055be7800d5e83a3417553e2ff35f60c650d42d751054d4ed1e94f0f81ae0212b88e1df56251322ca9e1bfad256ed59ae095bd6e38b57ad4f7e2de201
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
72KB
MD5d492c2df1e0adafadf07d5ff199700c2
SHA1487cac017145cbe1268dbb0a143725010b1464fe
SHA256bb5fc2fb0288d2ba7c693e179e6c28ac4beafd4b543c7667f28e1d9428faa622
SHA512e547ffd2894886362d20d7c83c6b6d3894fc48e357f28878c682d6501eb3b2a3471f5518b338febcd1be745e5a8c7578228288b4387ed4be38508e4738f88629
-
Filesize
8KB
-
Filesize
8KB