Analysis
-
max time kernel
156s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
02/12/2022, 20:21
General
-
Target
446c4a5f50d02bf757dc8c255a19bbf20fd198cc988d1fcfe37bc63af9901085.exe
-
Size
72KB
-
MD5
e866e98bda21d12d2d2cc61d7f961c5f
-
SHA1
1981dcae0f3874a6311df6233e55c3e4b77a29dd
-
SHA256
446c4a5f50d02bf757dc8c255a19bbf20fd198cc988d1fcfe37bc63af9901085
-
SHA512
026cf5a3995991b278b6f55f78303c20119da15d2106aab2073c2587722c19e9f9e0b65f0e63ad9e595f1132481bc5929486a61f781727a447dc071c8298944b
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2z:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrP
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\446c4a5f50d02bf757dc8c255a19bbf20fd198cc988d1fcfe37bc63af9901085.exe"C:\Users\Admin\AppData\Local\Temp\446c4a5f50d02bf757dc8c255a19bbf20fd198cc988d1fcfe37bc63af9901085.exe"1⤵
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2356282209\backup.exeC:\Users\Admin\AppData\Local\Temp\2356282209\backup.exe C:\Users\Admin\AppData\Local\Temp\2356282209\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\data.exe"C:\Program Files\7-Zip\data.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\data.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\data.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\update.exe"C:\Program Files\Common Files\System\ado\de-DE\update.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\en-US\data.exe"C:\Program Files\Common Files\System\ado\en-US\data.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\update.exe"C:\Program Files\Common Files\System\ado\fr-FR\update.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\System Restore.exe"C:\Program Files\Common Files\System\ado\it-IT\System Restore.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\data.exe"C:\Program Files\Common Files\System\ado\ja-JP\data.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\de-DE\update.exe"C:\Program Files\DVD Maker\de-DE\update.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\data.exe"C:\Program Files\Internet Explorer\data.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- System policy modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\data.exe"C:\Program Files (x86)\Common Files\Adobe\data.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\System Restore.exe"C:\Program Files (x86)\Internet Explorer\System Restore.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\data.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\data.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\System Restore.exe"C:\Users\Admin\System Restore.exe" C:\Users\Admin\5⤵
- System policy modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
C:\Users\Admin\Searches\data.exeC:\Users\Admin\Searches\data.exe C:\Users\Admin\Searches\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\addins\update.exeC:\Windows\addins\update.exe C:\Windows\addins\5⤵
-
-
C:\Windows\AppCompat\update.exeC:\Windows\AppCompat\update.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
-
C:\Windows\CSC\backup.exeC:\Windows\CSC\backup.exe C:\Windows\CSC\5⤵
-
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5847ba074fb5a2b9d5084dbf8e31ca34d
SHA167117c533b781ec8e2bd51678533e5b0f6913745
SHA2569b16814fe4ff1f0ffaace1677711417a06d592c87def8d22b1186b2eb6fc099c
SHA512f03ba2f76d26fd532d936c895c62832f254e2de6283c4dab122ea32a80f136923068f49bf9b621dfd1cd915147a4cb4940c820d46e2f5dc87077ad0329d651ba
-
Filesize
72KB
MD50803f96c80ecfc23f56690829bc47fd0
SHA1d0db1ddcf37a65769ab91e408f9c6801aabb9a68
SHA256decadff4ab93f52f34de714d5141320ce4cda3e0a4cf5b5d20e14b29f26c1285
SHA512039dfd5abfdfc4707f4aec60833edf7fced68699eeff3bbe65b5862e03beeb716accad4e922d25ad59c888fb59df27fd623df7c69a75d7ed3e9877c81b189284
-
Filesize
72KB
MD50803f96c80ecfc23f56690829bc47fd0
SHA1d0db1ddcf37a65769ab91e408f9c6801aabb9a68
SHA256decadff4ab93f52f34de714d5141320ce4cda3e0a4cf5b5d20e14b29f26c1285
SHA512039dfd5abfdfc4707f4aec60833edf7fced68699eeff3bbe65b5862e03beeb716accad4e922d25ad59c888fb59df27fd623df7c69a75d7ed3e9877c81b189284
-
Filesize
72KB
MD5ce66e5a2f67b64dfe96e5b6728ce7208
SHA14ea82e5d1988c8b8f72699807d79b717ad76f940
SHA25625d4564b40144c9b6d28e1cec6c7b2831384694699a969ec124a5acee1372c4c
SHA5127aafc9732fc47e98d0fe1c5a96b69d122dede9601446b651438b3d103aef5977ee1030cc3b0107aaf6429c00448bc4254c80f0cc0afeebbc39f9f2bfdb758db3
-
Filesize
72KB
MD5b53707717c92b5b79efb062afe269686
SHA18fe71f3191a0f1db5f2047980715b533201b70b1
SHA256d783cccf7b24138ff5bad14fdf0d2eb5efb2ca7461dd8c6cc259fa040325ec9c
SHA512eb0e0f5e64ec0f22a5c04c065a583d9843fc1667a0a52260b74db779b05c1523b3566d385928f8150da75f135f3b5838e29e41a0faef7248db18740baf672eba
-
Filesize
72KB
MD5b53707717c92b5b79efb062afe269686
SHA18fe71f3191a0f1db5f2047980715b533201b70b1
SHA256d783cccf7b24138ff5bad14fdf0d2eb5efb2ca7461dd8c6cc259fa040325ec9c
SHA512eb0e0f5e64ec0f22a5c04c065a583d9843fc1667a0a52260b74db779b05c1523b3566d385928f8150da75f135f3b5838e29e41a0faef7248db18740baf672eba
-
Filesize
72KB
MD571126c6446f542936825d22367d33598
SHA1e0c2f806c1418f1bdb0b470bd436ddd1034441ba
SHA25648c4322f81f181a28361a7b59a2deae4e6dee3d437c220c7724dfb1a04cc2de1
SHA512a69e61c35550b8c6f3b94085fc8300df3d1b67f0b783eb516ee9ccdfa8cc82908c9a2114ae66607fb28691321a4ae049bdf665f4e6ace049b29d199a4553cb21
-
Filesize
72KB
MD510397bbe999ac467ad16a0e819a5641c
SHA1f4912877caf9852d4be7d26dd0062ef4dd36994f
SHA25629272bf17640fd133a203d956c25908532de47a739249d0002c6908e8e50be64
SHA512a4e2e0fdaa561686ef2d30d873336b26bc05507356be8897dd83851e9b4157cbe8ce5b4440507a13b361d4c1cebf1b56064ed8854815bfb2f94bc63d339c4e19
-
Filesize
72KB
MD510397bbe999ac467ad16a0e819a5641c
SHA1f4912877caf9852d4be7d26dd0062ef4dd36994f
SHA25629272bf17640fd133a203d956c25908532de47a739249d0002c6908e8e50be64
SHA512a4e2e0fdaa561686ef2d30d873336b26bc05507356be8897dd83851e9b4157cbe8ce5b4440507a13b361d4c1cebf1b56064ed8854815bfb2f94bc63d339c4e19
-
Filesize
72KB
MD50a9e94e2bb114c7f655665350a253852
SHA1ddbbe88d7f5ed065f2ec214ab59fa82304898220
SHA2562db07c50f1501f18d29166d68341340e82dd2d6305b10f8fc8bd748c7fea1726
SHA512a01aaaff614219934dfa66000d525f498ece62fbc66a4db6433ca39e5e0160c49b4b783a3a86ccd145d5a0c406b247b087bcade6236f5ef488ed59b3f31b790b
-
Filesize
72KB
MD50abc11a832634efdd6da034a7f950662
SHA15874c2626280b8eacfc1e265e01babe442811fa7
SHA256e7cc2e4c19c2458c2ee7b113e0f911e99f02ec89c128b8055f72d544f93c177b
SHA5129a78d6f2ff0dcbeb8e875d0b4c388da940d0c30863bf7c1227db6b30d0e6292015224b2c55a1a982dd4d39f857e28bf933a7aa6178c5276930759b718413571e
-
Filesize
72KB
MD50abc11a832634efdd6da034a7f950662
SHA15874c2626280b8eacfc1e265e01babe442811fa7
SHA256e7cc2e4c19c2458c2ee7b113e0f911e99f02ec89c128b8055f72d544f93c177b
SHA5129a78d6f2ff0dcbeb8e875d0b4c388da940d0c30863bf7c1227db6b30d0e6292015224b2c55a1a982dd4d39f857e28bf933a7aa6178c5276930759b718413571e
-
Filesize
72KB
MD58d7bfe8faa5c1108d3d86880e683b0dc
SHA19903870aa659a279965417bce371e156ee0b770c
SHA256a7b7a720da0b21463f573e71d1a70253dff713bfb0c86030a31d588553a342cf
SHA5125c1cfbff7d36a51eedb7f7a49db6ebaacbb8a832039e1c8340f3ae143788c8c03eb22bd447fc4f59daf53dce61733f118c6f66dc3a15eddbdaf7f86d207cb368
-
Filesize
72KB
MD5aa53ab48061d928d88f875c2e7fa36aa
SHA14dd9c9108acc2bbb3d95f07ac1648990f57996a0
SHA256bdfab4722647ec4f4569ab673d55c52b2c840bb8efc2e9fded5c1ff339f58c3d
SHA51222b9c719fe76ceb0558d92ca5628b0d035511437928cfb79ce71f111ae8fb0bc7e7d43bb48c284e59a8c195899ea0c02c7cb0f20dcb4c99345fae382dc6312cd
-
Filesize
72KB
MD5aa53ab48061d928d88f875c2e7fa36aa
SHA14dd9c9108acc2bbb3d95f07ac1648990f57996a0
SHA256bdfab4722647ec4f4569ab673d55c52b2c840bb8efc2e9fded5c1ff339f58c3d
SHA51222b9c719fe76ceb0558d92ca5628b0d035511437928cfb79ce71f111ae8fb0bc7e7d43bb48c284e59a8c195899ea0c02c7cb0f20dcb4c99345fae382dc6312cd
-
Filesize
72KB
MD50803f96c80ecfc23f56690829bc47fd0
SHA1d0db1ddcf37a65769ab91e408f9c6801aabb9a68
SHA256decadff4ab93f52f34de714d5141320ce4cda3e0a4cf5b5d20e14b29f26c1285
SHA512039dfd5abfdfc4707f4aec60833edf7fced68699eeff3bbe65b5862e03beeb716accad4e922d25ad59c888fb59df27fd623df7c69a75d7ed3e9877c81b189284
-
Filesize
72KB
MD50803f96c80ecfc23f56690829bc47fd0
SHA1d0db1ddcf37a65769ab91e408f9c6801aabb9a68
SHA256decadff4ab93f52f34de714d5141320ce4cda3e0a4cf5b5d20e14b29f26c1285
SHA512039dfd5abfdfc4707f4aec60833edf7fced68699eeff3bbe65b5862e03beeb716accad4e922d25ad59c888fb59df27fd623df7c69a75d7ed3e9877c81b189284
-
Filesize
72KB
MD591a7875ab8013dbacd15a3e629c4c277
SHA1be876c7adfe17ee0c7ca6cf1d8984105b7500469
SHA2566e88d33c9342e71bce172622ead4a3a7b5ffd08f6527ae95612373578af89be4
SHA5123b14113dee15921c1d894f2b261f78f8fe3ea162e29168d18c1c865d5c38c77bd56078f8c3afd717c9210f6f8e772560b7be3b1323183ad4d49f80ec2d81a26d
-
Filesize
72KB
MD591a7875ab8013dbacd15a3e629c4c277
SHA1be876c7adfe17ee0c7ca6cf1d8984105b7500469
SHA2566e88d33c9342e71bce172622ead4a3a7b5ffd08f6527ae95612373578af89be4
SHA5123b14113dee15921c1d894f2b261f78f8fe3ea162e29168d18c1c865d5c38c77bd56078f8c3afd717c9210f6f8e772560b7be3b1323183ad4d49f80ec2d81a26d
-
Filesize
72KB
MD5f1b952f8feb11ce47f67c455c1a82cba
SHA196cf1e87ce9fcb9c6b1d1db7dd0b2ecdcc8390dd
SHA256f329b47726b87b2bff81de7866bf25f3023267780bbcc78e0082eb94da392fea
SHA5128646988d9e60e195c2b97b140fe246533b306085469452d561c4d41a8fb19e6cf2a11f51a82043ca5398a68bf61abde632dcceaa912ee57fa799ac318caccef4
-
Filesize
72KB
MD5676c69a5451d45d2457309314345be09
SHA12bceef3b5a2b08fa7d6f0a28a868d2b345e4889a
SHA256e8fe344950c696abb4de52be7dd87d50bfd5c36928ed2d2c5fbee66181115450
SHA512ed859e94135af06802980dee045f934fca9a42659c69be3927421131804626053c46f52d2bcfae0dd09015d2bbbcb85543544cfdec283bc65a4ce23588468b79
-
Filesize
72KB
MD52b34d79328d1b84d92233518287abf4e
SHA17515899f9187253ab71bac8068bb63c6f39be92c
SHA256df0aa53e7db103e0d08051e6134f56d60bde153752da39d47bcde9421e70776e
SHA512a657b91eae980022d879600ac31792131d5309340860b5ce1d4a73e74d9986787124e8b6650f25057b57590e57455afafb995009e1d9e1cae02d089a614534fe
-
Filesize
72KB
MD52b34d79328d1b84d92233518287abf4e
SHA17515899f9187253ab71bac8068bb63c6f39be92c
SHA256df0aa53e7db103e0d08051e6134f56d60bde153752da39d47bcde9421e70776e
SHA512a657b91eae980022d879600ac31792131d5309340860b5ce1d4a73e74d9986787124e8b6650f25057b57590e57455afafb995009e1d9e1cae02d089a614534fe
-
Filesize
72KB
MD591a7875ab8013dbacd15a3e629c4c277
SHA1be876c7adfe17ee0c7ca6cf1d8984105b7500469
SHA2566e88d33c9342e71bce172622ead4a3a7b5ffd08f6527ae95612373578af89be4
SHA5123b14113dee15921c1d894f2b261f78f8fe3ea162e29168d18c1c865d5c38c77bd56078f8c3afd717c9210f6f8e772560b7be3b1323183ad4d49f80ec2d81a26d
-
Filesize
72KB
MD52b34d79328d1b84d92233518287abf4e
SHA17515899f9187253ab71bac8068bb63c6f39be92c
SHA256df0aa53e7db103e0d08051e6134f56d60bde153752da39d47bcde9421e70776e
SHA512a657b91eae980022d879600ac31792131d5309340860b5ce1d4a73e74d9986787124e8b6650f25057b57590e57455afafb995009e1d9e1cae02d089a614534fe
-
Filesize
72KB
MD53a320d2542771cd8b64c217afca52821
SHA10812c6b8d416533fed5b8bb6186a8ab822cbc500
SHA2563e96d8195b18f567591d662eb4a6b381d8f45d67bd91bc5e674dc1475ffb2e55
SHA512c2e03951b325c81dbe365d72cb30f312e0635818ddb2bd49f3bb26fe89e29cbc4ffdc4ca84a112aa093adb13ea0aebf4cb9acc73b6869eeeddfea9d28bf9efe4
-
Filesize
72KB
MD53a320d2542771cd8b64c217afca52821
SHA10812c6b8d416533fed5b8bb6186a8ab822cbc500
SHA2563e96d8195b18f567591d662eb4a6b381d8f45d67bd91bc5e674dc1475ffb2e55
SHA512c2e03951b325c81dbe365d72cb30f312e0635818ddb2bd49f3bb26fe89e29cbc4ffdc4ca84a112aa093adb13ea0aebf4cb9acc73b6869eeeddfea9d28bf9efe4
-
Filesize
72KB
MD5847ba074fb5a2b9d5084dbf8e31ca34d
SHA167117c533b781ec8e2bd51678533e5b0f6913745
SHA2569b16814fe4ff1f0ffaace1677711417a06d592c87def8d22b1186b2eb6fc099c
SHA512f03ba2f76d26fd532d936c895c62832f254e2de6283c4dab122ea32a80f136923068f49bf9b621dfd1cd915147a4cb4940c820d46e2f5dc87077ad0329d651ba
-
Filesize
72KB
MD5847ba074fb5a2b9d5084dbf8e31ca34d
SHA167117c533b781ec8e2bd51678533e5b0f6913745
SHA2569b16814fe4ff1f0ffaace1677711417a06d592c87def8d22b1186b2eb6fc099c
SHA512f03ba2f76d26fd532d936c895c62832f254e2de6283c4dab122ea32a80f136923068f49bf9b621dfd1cd915147a4cb4940c820d46e2f5dc87077ad0329d651ba
-
Filesize
72KB
MD50803f96c80ecfc23f56690829bc47fd0
SHA1d0db1ddcf37a65769ab91e408f9c6801aabb9a68
SHA256decadff4ab93f52f34de714d5141320ce4cda3e0a4cf5b5d20e14b29f26c1285
SHA512039dfd5abfdfc4707f4aec60833edf7fced68699eeff3bbe65b5862e03beeb716accad4e922d25ad59c888fb59df27fd623df7c69a75d7ed3e9877c81b189284
-
Filesize
72KB
MD50803f96c80ecfc23f56690829bc47fd0
SHA1d0db1ddcf37a65769ab91e408f9c6801aabb9a68
SHA256decadff4ab93f52f34de714d5141320ce4cda3e0a4cf5b5d20e14b29f26c1285
SHA512039dfd5abfdfc4707f4aec60833edf7fced68699eeff3bbe65b5862e03beeb716accad4e922d25ad59c888fb59df27fd623df7c69a75d7ed3e9877c81b189284
-
Filesize
72KB
MD5ce66e5a2f67b64dfe96e5b6728ce7208
SHA14ea82e5d1988c8b8f72699807d79b717ad76f940
SHA25625d4564b40144c9b6d28e1cec6c7b2831384694699a969ec124a5acee1372c4c
SHA5127aafc9732fc47e98d0fe1c5a96b69d122dede9601446b651438b3d103aef5977ee1030cc3b0107aaf6429c00448bc4254c80f0cc0afeebbc39f9f2bfdb758db3
-
Filesize
72KB
MD5ce66e5a2f67b64dfe96e5b6728ce7208
SHA14ea82e5d1988c8b8f72699807d79b717ad76f940
SHA25625d4564b40144c9b6d28e1cec6c7b2831384694699a969ec124a5acee1372c4c
SHA5127aafc9732fc47e98d0fe1c5a96b69d122dede9601446b651438b3d103aef5977ee1030cc3b0107aaf6429c00448bc4254c80f0cc0afeebbc39f9f2bfdb758db3
-
Filesize
72KB
MD5b53707717c92b5b79efb062afe269686
SHA18fe71f3191a0f1db5f2047980715b533201b70b1
SHA256d783cccf7b24138ff5bad14fdf0d2eb5efb2ca7461dd8c6cc259fa040325ec9c
SHA512eb0e0f5e64ec0f22a5c04c065a583d9843fc1667a0a52260b74db779b05c1523b3566d385928f8150da75f135f3b5838e29e41a0faef7248db18740baf672eba
-
Filesize
72KB
MD5b53707717c92b5b79efb062afe269686
SHA18fe71f3191a0f1db5f2047980715b533201b70b1
SHA256d783cccf7b24138ff5bad14fdf0d2eb5efb2ca7461dd8c6cc259fa040325ec9c
SHA512eb0e0f5e64ec0f22a5c04c065a583d9843fc1667a0a52260b74db779b05c1523b3566d385928f8150da75f135f3b5838e29e41a0faef7248db18740baf672eba
-
Filesize
72KB
MD571126c6446f542936825d22367d33598
SHA1e0c2f806c1418f1bdb0b470bd436ddd1034441ba
SHA25648c4322f81f181a28361a7b59a2deae4e6dee3d437c220c7724dfb1a04cc2de1
SHA512a69e61c35550b8c6f3b94085fc8300df3d1b67f0b783eb516ee9ccdfa8cc82908c9a2114ae66607fb28691321a4ae049bdf665f4e6ace049b29d199a4553cb21
-
Filesize
72KB
MD571126c6446f542936825d22367d33598
SHA1e0c2f806c1418f1bdb0b470bd436ddd1034441ba
SHA25648c4322f81f181a28361a7b59a2deae4e6dee3d437c220c7724dfb1a04cc2de1
SHA512a69e61c35550b8c6f3b94085fc8300df3d1b67f0b783eb516ee9ccdfa8cc82908c9a2114ae66607fb28691321a4ae049bdf665f4e6ace049b29d199a4553cb21
-
Filesize
72KB
MD510397bbe999ac467ad16a0e819a5641c
SHA1f4912877caf9852d4be7d26dd0062ef4dd36994f
SHA25629272bf17640fd133a203d956c25908532de47a739249d0002c6908e8e50be64
SHA512a4e2e0fdaa561686ef2d30d873336b26bc05507356be8897dd83851e9b4157cbe8ce5b4440507a13b361d4c1cebf1b56064ed8854815bfb2f94bc63d339c4e19
-
Filesize
72KB
MD510397bbe999ac467ad16a0e819a5641c
SHA1f4912877caf9852d4be7d26dd0062ef4dd36994f
SHA25629272bf17640fd133a203d956c25908532de47a739249d0002c6908e8e50be64
SHA512a4e2e0fdaa561686ef2d30d873336b26bc05507356be8897dd83851e9b4157cbe8ce5b4440507a13b361d4c1cebf1b56064ed8854815bfb2f94bc63d339c4e19
-
Filesize
72KB
MD50a9e94e2bb114c7f655665350a253852
SHA1ddbbe88d7f5ed065f2ec214ab59fa82304898220
SHA2562db07c50f1501f18d29166d68341340e82dd2d6305b10f8fc8bd748c7fea1726
SHA512a01aaaff614219934dfa66000d525f498ece62fbc66a4db6433ca39e5e0160c49b4b783a3a86ccd145d5a0c406b247b087bcade6236f5ef488ed59b3f31b790b
-
Filesize
72KB
MD50a9e94e2bb114c7f655665350a253852
SHA1ddbbe88d7f5ed065f2ec214ab59fa82304898220
SHA2562db07c50f1501f18d29166d68341340e82dd2d6305b10f8fc8bd748c7fea1726
SHA512a01aaaff614219934dfa66000d525f498ece62fbc66a4db6433ca39e5e0160c49b4b783a3a86ccd145d5a0c406b247b087bcade6236f5ef488ed59b3f31b790b
-
Filesize
72KB
MD50abc11a832634efdd6da034a7f950662
SHA15874c2626280b8eacfc1e265e01babe442811fa7
SHA256e7cc2e4c19c2458c2ee7b113e0f911e99f02ec89c128b8055f72d544f93c177b
SHA5129a78d6f2ff0dcbeb8e875d0b4c388da940d0c30863bf7c1227db6b30d0e6292015224b2c55a1a982dd4d39f857e28bf933a7aa6178c5276930759b718413571e
-
Filesize
72KB
MD50abc11a832634efdd6da034a7f950662
SHA15874c2626280b8eacfc1e265e01babe442811fa7
SHA256e7cc2e4c19c2458c2ee7b113e0f911e99f02ec89c128b8055f72d544f93c177b
SHA5129a78d6f2ff0dcbeb8e875d0b4c388da940d0c30863bf7c1227db6b30d0e6292015224b2c55a1a982dd4d39f857e28bf933a7aa6178c5276930759b718413571e
-
Filesize
72KB
MD58d7bfe8faa5c1108d3d86880e683b0dc
SHA19903870aa659a279965417bce371e156ee0b770c
SHA256a7b7a720da0b21463f573e71d1a70253dff713bfb0c86030a31d588553a342cf
SHA5125c1cfbff7d36a51eedb7f7a49db6ebaacbb8a832039e1c8340f3ae143788c8c03eb22bd447fc4f59daf53dce61733f118c6f66dc3a15eddbdaf7f86d207cb368
-
Filesize
72KB
MD58d7bfe8faa5c1108d3d86880e683b0dc
SHA19903870aa659a279965417bce371e156ee0b770c
SHA256a7b7a720da0b21463f573e71d1a70253dff713bfb0c86030a31d588553a342cf
SHA5125c1cfbff7d36a51eedb7f7a49db6ebaacbb8a832039e1c8340f3ae143788c8c03eb22bd447fc4f59daf53dce61733f118c6f66dc3a15eddbdaf7f86d207cb368
-
Filesize
72KB
MD58d7bfe8faa5c1108d3d86880e683b0dc
SHA19903870aa659a279965417bce371e156ee0b770c
SHA256a7b7a720da0b21463f573e71d1a70253dff713bfb0c86030a31d588553a342cf
SHA5125c1cfbff7d36a51eedb7f7a49db6ebaacbb8a832039e1c8340f3ae143788c8c03eb22bd447fc4f59daf53dce61733f118c6f66dc3a15eddbdaf7f86d207cb368
-
Filesize
72KB
MD5aa53ab48061d928d88f875c2e7fa36aa
SHA14dd9c9108acc2bbb3d95f07ac1648990f57996a0
SHA256bdfab4722647ec4f4569ab673d55c52b2c840bb8efc2e9fded5c1ff339f58c3d
SHA51222b9c719fe76ceb0558d92ca5628b0d035511437928cfb79ce71f111ae8fb0bc7e7d43bb48c284e59a8c195899ea0c02c7cb0f20dcb4c99345fae382dc6312cd
-
Filesize
72KB
MD5aa53ab48061d928d88f875c2e7fa36aa
SHA14dd9c9108acc2bbb3d95f07ac1648990f57996a0
SHA256bdfab4722647ec4f4569ab673d55c52b2c840bb8efc2e9fded5c1ff339f58c3d
SHA51222b9c719fe76ceb0558d92ca5628b0d035511437928cfb79ce71f111ae8fb0bc7e7d43bb48c284e59a8c195899ea0c02c7cb0f20dcb4c99345fae382dc6312cd
-
Filesize
72KB
MD50803f96c80ecfc23f56690829bc47fd0
SHA1d0db1ddcf37a65769ab91e408f9c6801aabb9a68
SHA256decadff4ab93f52f34de714d5141320ce4cda3e0a4cf5b5d20e14b29f26c1285
SHA512039dfd5abfdfc4707f4aec60833edf7fced68699eeff3bbe65b5862e03beeb716accad4e922d25ad59c888fb59df27fd623df7c69a75d7ed3e9877c81b189284
-
Filesize
72KB
MD50803f96c80ecfc23f56690829bc47fd0
SHA1d0db1ddcf37a65769ab91e408f9c6801aabb9a68
SHA256decadff4ab93f52f34de714d5141320ce4cda3e0a4cf5b5d20e14b29f26c1285
SHA512039dfd5abfdfc4707f4aec60833edf7fced68699eeff3bbe65b5862e03beeb716accad4e922d25ad59c888fb59df27fd623df7c69a75d7ed3e9877c81b189284
-
Filesize
72KB
MD591a7875ab8013dbacd15a3e629c4c277
SHA1be876c7adfe17ee0c7ca6cf1d8984105b7500469
SHA2566e88d33c9342e71bce172622ead4a3a7b5ffd08f6527ae95612373578af89be4
SHA5123b14113dee15921c1d894f2b261f78f8fe3ea162e29168d18c1c865d5c38c77bd56078f8c3afd717c9210f6f8e772560b7be3b1323183ad4d49f80ec2d81a26d
-
Filesize
72KB
MD591a7875ab8013dbacd15a3e629c4c277
SHA1be876c7adfe17ee0c7ca6cf1d8984105b7500469
SHA2566e88d33c9342e71bce172622ead4a3a7b5ffd08f6527ae95612373578af89be4
SHA5123b14113dee15921c1d894f2b261f78f8fe3ea162e29168d18c1c865d5c38c77bd56078f8c3afd717c9210f6f8e772560b7be3b1323183ad4d49f80ec2d81a26d
-
Filesize
72KB
MD5f1b952f8feb11ce47f67c455c1a82cba
SHA196cf1e87ce9fcb9c6b1d1db7dd0b2ecdcc8390dd
SHA256f329b47726b87b2bff81de7866bf25f3023267780bbcc78e0082eb94da392fea
SHA5128646988d9e60e195c2b97b140fe246533b306085469452d561c4d41a8fb19e6cf2a11f51a82043ca5398a68bf61abde632dcceaa912ee57fa799ac318caccef4
-
Filesize
72KB
MD5f1b952f8feb11ce47f67c455c1a82cba
SHA196cf1e87ce9fcb9c6b1d1db7dd0b2ecdcc8390dd
SHA256f329b47726b87b2bff81de7866bf25f3023267780bbcc78e0082eb94da392fea
SHA5128646988d9e60e195c2b97b140fe246533b306085469452d561c4d41a8fb19e6cf2a11f51a82043ca5398a68bf61abde632dcceaa912ee57fa799ac318caccef4
-
Filesize
72KB
MD5676c69a5451d45d2457309314345be09
SHA12bceef3b5a2b08fa7d6f0a28a868d2b345e4889a
SHA256e8fe344950c696abb4de52be7dd87d50bfd5c36928ed2d2c5fbee66181115450
SHA512ed859e94135af06802980dee045f934fca9a42659c69be3927421131804626053c46f52d2bcfae0dd09015d2bbbcb85543544cfdec283bc65a4ce23588468b79
-
Filesize
72KB
MD5676c69a5451d45d2457309314345be09
SHA12bceef3b5a2b08fa7d6f0a28a868d2b345e4889a
SHA256e8fe344950c696abb4de52be7dd87d50bfd5c36928ed2d2c5fbee66181115450
SHA512ed859e94135af06802980dee045f934fca9a42659c69be3927421131804626053c46f52d2bcfae0dd09015d2bbbcb85543544cfdec283bc65a4ce23588468b79
-
Filesize
72KB
MD52b34d79328d1b84d92233518287abf4e
SHA17515899f9187253ab71bac8068bb63c6f39be92c
SHA256df0aa53e7db103e0d08051e6134f56d60bde153752da39d47bcde9421e70776e
SHA512a657b91eae980022d879600ac31792131d5309340860b5ce1d4a73e74d9986787124e8b6650f25057b57590e57455afafb995009e1d9e1cae02d089a614534fe
-
Filesize
72KB
MD52b34d79328d1b84d92233518287abf4e
SHA17515899f9187253ab71bac8068bb63c6f39be92c
SHA256df0aa53e7db103e0d08051e6134f56d60bde153752da39d47bcde9421e70776e
SHA512a657b91eae980022d879600ac31792131d5309340860b5ce1d4a73e74d9986787124e8b6650f25057b57590e57455afafb995009e1d9e1cae02d089a614534fe
-
Filesize
72KB
MD52b34d79328d1b84d92233518287abf4e
SHA17515899f9187253ab71bac8068bb63c6f39be92c
SHA256df0aa53e7db103e0d08051e6134f56d60bde153752da39d47bcde9421e70776e
SHA512a657b91eae980022d879600ac31792131d5309340860b5ce1d4a73e74d9986787124e8b6650f25057b57590e57455afafb995009e1d9e1cae02d089a614534fe
-
Filesize
72KB
MD52b34d79328d1b84d92233518287abf4e
SHA17515899f9187253ab71bac8068bb63c6f39be92c
SHA256df0aa53e7db103e0d08051e6134f56d60bde153752da39d47bcde9421e70776e
SHA512a657b91eae980022d879600ac31792131d5309340860b5ce1d4a73e74d9986787124e8b6650f25057b57590e57455afafb995009e1d9e1cae02d089a614534fe
-
Filesize
72KB
MD591a7875ab8013dbacd15a3e629c4c277
SHA1be876c7adfe17ee0c7ca6cf1d8984105b7500469
SHA2566e88d33c9342e71bce172622ead4a3a7b5ffd08f6527ae95612373578af89be4
SHA5123b14113dee15921c1d894f2b261f78f8fe3ea162e29168d18c1c865d5c38c77bd56078f8c3afd717c9210f6f8e772560b7be3b1323183ad4d49f80ec2d81a26d
-
Filesize
72KB
MD591a7875ab8013dbacd15a3e629c4c277
SHA1be876c7adfe17ee0c7ca6cf1d8984105b7500469
SHA2566e88d33c9342e71bce172622ead4a3a7b5ffd08f6527ae95612373578af89be4
SHA5123b14113dee15921c1d894f2b261f78f8fe3ea162e29168d18c1c865d5c38c77bd56078f8c3afd717c9210f6f8e772560b7be3b1323183ad4d49f80ec2d81a26d
-
Filesize
72KB
MD52b34d79328d1b84d92233518287abf4e
SHA17515899f9187253ab71bac8068bb63c6f39be92c
SHA256df0aa53e7db103e0d08051e6134f56d60bde153752da39d47bcde9421e70776e
SHA512a657b91eae980022d879600ac31792131d5309340860b5ce1d4a73e74d9986787124e8b6650f25057b57590e57455afafb995009e1d9e1cae02d089a614534fe
-
Filesize
72KB
MD52b34d79328d1b84d92233518287abf4e
SHA17515899f9187253ab71bac8068bb63c6f39be92c
SHA256df0aa53e7db103e0d08051e6134f56d60bde153752da39d47bcde9421e70776e
SHA512a657b91eae980022d879600ac31792131d5309340860b5ce1d4a73e74d9986787124e8b6650f25057b57590e57455afafb995009e1d9e1cae02d089a614534fe
-
Filesize
8KB
-
Filesize
8KB