Analysis
-
max time kernel
155s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
02/12/2022, 19:37
General
-
Target
b0fa18d9b4a7a23db9535ef4bd67fb7cb09baecec6a881a711612261848d89c9.exe
-
Size
72KB
-
MD5
cded00f32c51ac2a58b7ae17cc7156ab
-
SHA1
4749495caed50aa1d68f0bdcf7b0c6d9697a2a0d
-
SHA256
b0fa18d9b4a7a23db9535ef4bd67fb7cb09baecec6a881a711612261848d89c9
-
SHA512
ea4917f0b430e9ab8d32b1c435385232b65fc98cb69318dd1a591adee2b884de6121c2d59f74c65118378d807e81c4d566ff45c89e37fb8ba9b3c19d744ecdfe
-
SSDEEP
384:N6wayA+1mwnA353BXR+oGfPmfm4MlcTGXdhjwroyY2rebV5O6KgxWb/83BXR+oGu:NpQNwC3BESe4Vqth+0V5vKlE3BEJwRrj
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b0fa18d9b4a7a23db9535ef4bd67fb7cb09baecec6a881a711612261848d89c9.exe"C:\Users\Admin\AppData\Local\Temp\b0fa18d9b4a7a23db9535ef4bd67fb7cb09baecec6a881a711612261848d89c9.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\219397226\backup.exeC:\Users\Admin\AppData\Local\Temp\219397226\backup.exe C:\Users\Admin\AppData\Local\Temp\219397226\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\update.exe"C:\Program Files\Common Files\System\ado\ja-JP\update.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\System\de-DE\update.exe"C:\Program Files\Common Files\System\de-DE\update.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\System Restore.exe"C:\Program Files\Common Files\System\es-ES\System Restore.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\System Restore.exe"C:\Program Files (x86)\Internet Explorer\System Restore.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\WPDNSE\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD599207149cb575d9aa1a80c6c2a0942a9
SHA1595d3315894793475e35ab76aa0b90e977930f91
SHA2562a9f0599274a0345e8265de6164c6b87e096bcc08c9c0275c81601f7b17998de
SHA512c7f2ea4d5a600a07cb518097274b54112e831cb60232e243f198f625311a7c7ee82e2928fcf6c622eb35ad0414e8ab2d745e16db59f94dea447d1f229ae595eb
-
Filesize
72KB
MD5d7aa3fbec39a5b842b857d92261cf6a1
SHA1a215d4c5a900e5cfb01484685dd08443a83d3aac
SHA2564d8b271f538db92aeb2d790cd5f29389f243490a64e7a5a7d21691f33001d2b9
SHA512df7181a42590146b8a775755d42548f81f4f6269fc4aeb6af7ed12b369bd8f75349e160cc54a4dc0c70d040d059e38a0dbf27536133aae0ca84e750a73b04b25
-
Filesize
72KB
MD5d7aa3fbec39a5b842b857d92261cf6a1
SHA1a215d4c5a900e5cfb01484685dd08443a83d3aac
SHA2564d8b271f538db92aeb2d790cd5f29389f243490a64e7a5a7d21691f33001d2b9
SHA512df7181a42590146b8a775755d42548f81f4f6269fc4aeb6af7ed12b369bd8f75349e160cc54a4dc0c70d040d059e38a0dbf27536133aae0ca84e750a73b04b25
-
Filesize
72KB
MD5c6b8fe261d13b9779332825de8fb078a
SHA13bd867d2700c96cc7a194d74ec3e9eb90cb86de3
SHA256182d4494949d157216a5d171327560077dc1950827b7ff1c12dcf6563ac45cee
SHA5123034d6ef0b549be58d81ed7d99b19ae17d7c6d9e0ec025a4e7c8d8f13543b10e87c709dfb747764894ad53a5b9dfb70df52466d249a21d64b5953a3c6bde4400
-
Filesize
72KB
MD5b4bfd386a040e7c284b60b923b43a939
SHA14e3f451e1e958e0f94264ad73d2289fb798ec971
SHA256f7b3545c181c3ca54269cc339fabd62816b483734d2ce289cbcb08121661d6b1
SHA51204279457f37d87ff01d1c0c2955cdb2f2410f48e757da401f3d3322c729a95c944401189410f266df15d047d04cc3fd674eb052d34666457a2c72d1a1e220245
-
Filesize
72KB
MD5b4bfd386a040e7c284b60b923b43a939
SHA14e3f451e1e958e0f94264ad73d2289fb798ec971
SHA256f7b3545c181c3ca54269cc339fabd62816b483734d2ce289cbcb08121661d6b1
SHA51204279457f37d87ff01d1c0c2955cdb2f2410f48e757da401f3d3322c729a95c944401189410f266df15d047d04cc3fd674eb052d34666457a2c72d1a1e220245
-
Filesize
72KB
MD5a3ea6b99667b68ef0d25957e17612d34
SHA133391d1d5245482749f9432420d3e9843146cc13
SHA2566e41f3aa4a336898a770374518cc3021c28c809192ee96c21f8379f18c075805
SHA51229c87854458c92f7bde40198459b1ed07468553f32aac87db5696eb87992a187731ae49461dd2b5a9cc3f6416b5946cd0860686ab52482feb88fab1a2fbe60ad
-
Filesize
72KB
MD5b89e6c7bec61d7f674f5aac25699e24a
SHA1a489d436fd764495b4b3f9e771640d97e0f16c37
SHA2562fe6433992d927718f0bd78d905352facaa108b498d2b67cb4965d7038dee676
SHA51284285d9026ee0315b76d360f1306bfeea200b9659882309e951dbebb7ee61141f2912c62f7e200225b2a750a52d54881b57ece24fb1cc33f0467206ba60a4d18
-
Filesize
72KB
MD5b89e6c7bec61d7f674f5aac25699e24a
SHA1a489d436fd764495b4b3f9e771640d97e0f16c37
SHA2562fe6433992d927718f0bd78d905352facaa108b498d2b67cb4965d7038dee676
SHA51284285d9026ee0315b76d360f1306bfeea200b9659882309e951dbebb7ee61141f2912c62f7e200225b2a750a52d54881b57ece24fb1cc33f0467206ba60a4d18
-
Filesize
72KB
MD51d73573aa7f7e72adc79a7c93c7dc5a3
SHA1d38dbfc459b95c62283696dffcf743cba67d6f89
SHA25696c7760b72b9ab90d363dcd8211a73662a8b779856a76b5be4a34bf8ec5bd5b9
SHA512ce6a0e58f8e73238a030df17f827ae2270ab125e5b25672a559bc09439b04c44f8753d2c9c27cf10f2fd0bc83ebfb6ebfaf43c88c743dcfbfcc9341406a7ac81
-
Filesize
72KB
MD5a3ea6b99667b68ef0d25957e17612d34
SHA133391d1d5245482749f9432420d3e9843146cc13
SHA2566e41f3aa4a336898a770374518cc3021c28c809192ee96c21f8379f18c075805
SHA51229c87854458c92f7bde40198459b1ed07468553f32aac87db5696eb87992a187731ae49461dd2b5a9cc3f6416b5946cd0860686ab52482feb88fab1a2fbe60ad
-
Filesize
72KB
MD5a3ea6b99667b68ef0d25957e17612d34
SHA133391d1d5245482749f9432420d3e9843146cc13
SHA2566e41f3aa4a336898a770374518cc3021c28c809192ee96c21f8379f18c075805
SHA51229c87854458c92f7bde40198459b1ed07468553f32aac87db5696eb87992a187731ae49461dd2b5a9cc3f6416b5946cd0860686ab52482feb88fab1a2fbe60ad
-
Filesize
72KB
MD58fe77d668095a6342764d72bb1b58e91
SHA159e2ad3da754e187c0b2797e14ffeb2778f3d529
SHA25639e042463badc8686b29e401b5328f21fe489fab1b4dea630b56e57524a6d40d
SHA5124bfc9f57ab4898768b01c4fbdc6105624afa554739b4472545873f8d51848fa88e4c706f87d6a33cc184b7fe41a40e04cbb738659f07d77a10a73d0ecb953bbb
-
Filesize
72KB
MD5b4bfd386a040e7c284b60b923b43a939
SHA14e3f451e1e958e0f94264ad73d2289fb798ec971
SHA256f7b3545c181c3ca54269cc339fabd62816b483734d2ce289cbcb08121661d6b1
SHA51204279457f37d87ff01d1c0c2955cdb2f2410f48e757da401f3d3322c729a95c944401189410f266df15d047d04cc3fd674eb052d34666457a2c72d1a1e220245
-
Filesize
72KB
MD5b4bfd386a040e7c284b60b923b43a939
SHA14e3f451e1e958e0f94264ad73d2289fb798ec971
SHA256f7b3545c181c3ca54269cc339fabd62816b483734d2ce289cbcb08121661d6b1
SHA51204279457f37d87ff01d1c0c2955cdb2f2410f48e757da401f3d3322c729a95c944401189410f266df15d047d04cc3fd674eb052d34666457a2c72d1a1e220245
-
Filesize
72KB
MD5c484ce6236f6afc2a130c2ef15042693
SHA16e33eb8209cd9d909e85064f569633dd23acecaa
SHA2562110faeb2c8571e5931e573d1a0aefeb873b886c9b4cb37fca6bf11823e58a51
SHA512573c3a2ebc16757fc466d5c8ff307af78648d49d5c63b37b61a7dae7049bd8a7547f9c7cf5d2578727475cee3f03964c090bc439fd03fa2ddba364faaac66422
-
Filesize
72KB
MD5c484ce6236f6afc2a130c2ef15042693
SHA16e33eb8209cd9d909e85064f569633dd23acecaa
SHA2562110faeb2c8571e5931e573d1a0aefeb873b886c9b4cb37fca6bf11823e58a51
SHA512573c3a2ebc16757fc466d5c8ff307af78648d49d5c63b37b61a7dae7049bd8a7547f9c7cf5d2578727475cee3f03964c090bc439fd03fa2ddba364faaac66422
-
Filesize
72KB
MD5f84901fd0fd37ecd1c07183a05358fd4
SHA189e9044b07465c465e2f380165ace9ccb9e26a49
SHA256566b97a722107d7171c8dc91116a61af8edb34b41ddf612a3e15d39cd095b537
SHA512822d6d6ead13d81303ea0c83586f1c67ec8affbf72917fa90cdc27d80d7e3bc01dfee8b8d7f33a84bce9fbd6662a5c488c31bcda0ac2afeca9b482e08b603c3a
-
Filesize
72KB
MD5f84901fd0fd37ecd1c07183a05358fd4
SHA189e9044b07465c465e2f380165ace9ccb9e26a49
SHA256566b97a722107d7171c8dc91116a61af8edb34b41ddf612a3e15d39cd095b537
SHA512822d6d6ead13d81303ea0c83586f1c67ec8affbf72917fa90cdc27d80d7e3bc01dfee8b8d7f33a84bce9fbd6662a5c488c31bcda0ac2afeca9b482e08b603c3a
-
Filesize
72KB
MD5f84901fd0fd37ecd1c07183a05358fd4
SHA189e9044b07465c465e2f380165ace9ccb9e26a49
SHA256566b97a722107d7171c8dc91116a61af8edb34b41ddf612a3e15d39cd095b537
SHA512822d6d6ead13d81303ea0c83586f1c67ec8affbf72917fa90cdc27d80d7e3bc01dfee8b8d7f33a84bce9fbd6662a5c488c31bcda0ac2afeca9b482e08b603c3a
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
72KB
MD5f84901fd0fd37ecd1c07183a05358fd4
SHA189e9044b07465c465e2f380165ace9ccb9e26a49
SHA256566b97a722107d7171c8dc91116a61af8edb34b41ddf612a3e15d39cd095b537
SHA512822d6d6ead13d81303ea0c83586f1c67ec8affbf72917fa90cdc27d80d7e3bc01dfee8b8d7f33a84bce9fbd6662a5c488c31bcda0ac2afeca9b482e08b603c3a
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
72KB
MD51804072f77616aac930f724a40a847ff
SHA1c45407aee1b595eeb083f413cbc2a372e2362807
SHA2562cbf821ce9a9d07a68ccce988ba0f74a3c6860f40f89ece2da1242b07d0b59fb
SHA51243289bdd3a708250599e2f102f21a828101d334eb97642be9ea5de3e28c4839a878d396be15195813ab0cffd9001bfa91adbd5587fcedfa552d2264fc9438f90
-
Filesize
72KB
MD51804072f77616aac930f724a40a847ff
SHA1c45407aee1b595eeb083f413cbc2a372e2362807
SHA2562cbf821ce9a9d07a68ccce988ba0f74a3c6860f40f89ece2da1242b07d0b59fb
SHA51243289bdd3a708250599e2f102f21a828101d334eb97642be9ea5de3e28c4839a878d396be15195813ab0cffd9001bfa91adbd5587fcedfa552d2264fc9438f90
-
Filesize
72KB
MD599207149cb575d9aa1a80c6c2a0942a9
SHA1595d3315894793475e35ab76aa0b90e977930f91
SHA2562a9f0599274a0345e8265de6164c6b87e096bcc08c9c0275c81601f7b17998de
SHA512c7f2ea4d5a600a07cb518097274b54112e831cb60232e243f198f625311a7c7ee82e2928fcf6c622eb35ad0414e8ab2d745e16db59f94dea447d1f229ae595eb
-
Filesize
72KB
MD599207149cb575d9aa1a80c6c2a0942a9
SHA1595d3315894793475e35ab76aa0b90e977930f91
SHA2562a9f0599274a0345e8265de6164c6b87e096bcc08c9c0275c81601f7b17998de
SHA512c7f2ea4d5a600a07cb518097274b54112e831cb60232e243f198f625311a7c7ee82e2928fcf6c622eb35ad0414e8ab2d745e16db59f94dea447d1f229ae595eb
-
Filesize
72KB
MD5d7aa3fbec39a5b842b857d92261cf6a1
SHA1a215d4c5a900e5cfb01484685dd08443a83d3aac
SHA2564d8b271f538db92aeb2d790cd5f29389f243490a64e7a5a7d21691f33001d2b9
SHA512df7181a42590146b8a775755d42548f81f4f6269fc4aeb6af7ed12b369bd8f75349e160cc54a4dc0c70d040d059e38a0dbf27536133aae0ca84e750a73b04b25
-
Filesize
72KB
MD5d7aa3fbec39a5b842b857d92261cf6a1
SHA1a215d4c5a900e5cfb01484685dd08443a83d3aac
SHA2564d8b271f538db92aeb2d790cd5f29389f243490a64e7a5a7d21691f33001d2b9
SHA512df7181a42590146b8a775755d42548f81f4f6269fc4aeb6af7ed12b369bd8f75349e160cc54a4dc0c70d040d059e38a0dbf27536133aae0ca84e750a73b04b25
-
Filesize
72KB
MD5c6b8fe261d13b9779332825de8fb078a
SHA13bd867d2700c96cc7a194d74ec3e9eb90cb86de3
SHA256182d4494949d157216a5d171327560077dc1950827b7ff1c12dcf6563ac45cee
SHA5123034d6ef0b549be58d81ed7d99b19ae17d7c6d9e0ec025a4e7c8d8f13543b10e87c709dfb747764894ad53a5b9dfb70df52466d249a21d64b5953a3c6bde4400
-
Filesize
72KB
MD5c6b8fe261d13b9779332825de8fb078a
SHA13bd867d2700c96cc7a194d74ec3e9eb90cb86de3
SHA256182d4494949d157216a5d171327560077dc1950827b7ff1c12dcf6563ac45cee
SHA5123034d6ef0b549be58d81ed7d99b19ae17d7c6d9e0ec025a4e7c8d8f13543b10e87c709dfb747764894ad53a5b9dfb70df52466d249a21d64b5953a3c6bde4400
-
Filesize
72KB
MD5b4bfd386a040e7c284b60b923b43a939
SHA14e3f451e1e958e0f94264ad73d2289fb798ec971
SHA256f7b3545c181c3ca54269cc339fabd62816b483734d2ce289cbcb08121661d6b1
SHA51204279457f37d87ff01d1c0c2955cdb2f2410f48e757da401f3d3322c729a95c944401189410f266df15d047d04cc3fd674eb052d34666457a2c72d1a1e220245
-
Filesize
72KB
MD5b4bfd386a040e7c284b60b923b43a939
SHA14e3f451e1e958e0f94264ad73d2289fb798ec971
SHA256f7b3545c181c3ca54269cc339fabd62816b483734d2ce289cbcb08121661d6b1
SHA51204279457f37d87ff01d1c0c2955cdb2f2410f48e757da401f3d3322c729a95c944401189410f266df15d047d04cc3fd674eb052d34666457a2c72d1a1e220245
-
Filesize
72KB
MD5a3ea6b99667b68ef0d25957e17612d34
SHA133391d1d5245482749f9432420d3e9843146cc13
SHA2566e41f3aa4a336898a770374518cc3021c28c809192ee96c21f8379f18c075805
SHA51229c87854458c92f7bde40198459b1ed07468553f32aac87db5696eb87992a187731ae49461dd2b5a9cc3f6416b5946cd0860686ab52482feb88fab1a2fbe60ad
-
Filesize
72KB
MD5a3ea6b99667b68ef0d25957e17612d34
SHA133391d1d5245482749f9432420d3e9843146cc13
SHA2566e41f3aa4a336898a770374518cc3021c28c809192ee96c21f8379f18c075805
SHA51229c87854458c92f7bde40198459b1ed07468553f32aac87db5696eb87992a187731ae49461dd2b5a9cc3f6416b5946cd0860686ab52482feb88fab1a2fbe60ad
-
Filesize
72KB
MD5b89e6c7bec61d7f674f5aac25699e24a
SHA1a489d436fd764495b4b3f9e771640d97e0f16c37
SHA2562fe6433992d927718f0bd78d905352facaa108b498d2b67cb4965d7038dee676
SHA51284285d9026ee0315b76d360f1306bfeea200b9659882309e951dbebb7ee61141f2912c62f7e200225b2a750a52d54881b57ece24fb1cc33f0467206ba60a4d18
-
Filesize
72KB
MD5b89e6c7bec61d7f674f5aac25699e24a
SHA1a489d436fd764495b4b3f9e771640d97e0f16c37
SHA2562fe6433992d927718f0bd78d905352facaa108b498d2b67cb4965d7038dee676
SHA51284285d9026ee0315b76d360f1306bfeea200b9659882309e951dbebb7ee61141f2912c62f7e200225b2a750a52d54881b57ece24fb1cc33f0467206ba60a4d18
-
Filesize
72KB
MD51d73573aa7f7e72adc79a7c93c7dc5a3
SHA1d38dbfc459b95c62283696dffcf743cba67d6f89
SHA25696c7760b72b9ab90d363dcd8211a73662a8b779856a76b5be4a34bf8ec5bd5b9
SHA512ce6a0e58f8e73238a030df17f827ae2270ab125e5b25672a559bc09439b04c44f8753d2c9c27cf10f2fd0bc83ebfb6ebfaf43c88c743dcfbfcc9341406a7ac81
-
Filesize
72KB
MD51d73573aa7f7e72adc79a7c93c7dc5a3
SHA1d38dbfc459b95c62283696dffcf743cba67d6f89
SHA25696c7760b72b9ab90d363dcd8211a73662a8b779856a76b5be4a34bf8ec5bd5b9
SHA512ce6a0e58f8e73238a030df17f827ae2270ab125e5b25672a559bc09439b04c44f8753d2c9c27cf10f2fd0bc83ebfb6ebfaf43c88c743dcfbfcc9341406a7ac81
-
Filesize
72KB
MD5a3ea6b99667b68ef0d25957e17612d34
SHA133391d1d5245482749f9432420d3e9843146cc13
SHA2566e41f3aa4a336898a770374518cc3021c28c809192ee96c21f8379f18c075805
SHA51229c87854458c92f7bde40198459b1ed07468553f32aac87db5696eb87992a187731ae49461dd2b5a9cc3f6416b5946cd0860686ab52482feb88fab1a2fbe60ad
-
Filesize
72KB
MD5a3ea6b99667b68ef0d25957e17612d34
SHA133391d1d5245482749f9432420d3e9843146cc13
SHA2566e41f3aa4a336898a770374518cc3021c28c809192ee96c21f8379f18c075805
SHA51229c87854458c92f7bde40198459b1ed07468553f32aac87db5696eb87992a187731ae49461dd2b5a9cc3f6416b5946cd0860686ab52482feb88fab1a2fbe60ad
-
Filesize
72KB
MD58fe77d668095a6342764d72bb1b58e91
SHA159e2ad3da754e187c0b2797e14ffeb2778f3d529
SHA25639e042463badc8686b29e401b5328f21fe489fab1b4dea630b56e57524a6d40d
SHA5124bfc9f57ab4898768b01c4fbdc6105624afa554739b4472545873f8d51848fa88e4c706f87d6a33cc184b7fe41a40e04cbb738659f07d77a10a73d0ecb953bbb
-
Filesize
72KB
MD58fe77d668095a6342764d72bb1b58e91
SHA159e2ad3da754e187c0b2797e14ffeb2778f3d529
SHA25639e042463badc8686b29e401b5328f21fe489fab1b4dea630b56e57524a6d40d
SHA5124bfc9f57ab4898768b01c4fbdc6105624afa554739b4472545873f8d51848fa88e4c706f87d6a33cc184b7fe41a40e04cbb738659f07d77a10a73d0ecb953bbb
-
Filesize
72KB
MD58fe77d668095a6342764d72bb1b58e91
SHA159e2ad3da754e187c0b2797e14ffeb2778f3d529
SHA25639e042463badc8686b29e401b5328f21fe489fab1b4dea630b56e57524a6d40d
SHA5124bfc9f57ab4898768b01c4fbdc6105624afa554739b4472545873f8d51848fa88e4c706f87d6a33cc184b7fe41a40e04cbb738659f07d77a10a73d0ecb953bbb
-
Filesize
72KB
MD5b4bfd386a040e7c284b60b923b43a939
SHA14e3f451e1e958e0f94264ad73d2289fb798ec971
SHA256f7b3545c181c3ca54269cc339fabd62816b483734d2ce289cbcb08121661d6b1
SHA51204279457f37d87ff01d1c0c2955cdb2f2410f48e757da401f3d3322c729a95c944401189410f266df15d047d04cc3fd674eb052d34666457a2c72d1a1e220245
-
Filesize
72KB
MD5b4bfd386a040e7c284b60b923b43a939
SHA14e3f451e1e958e0f94264ad73d2289fb798ec971
SHA256f7b3545c181c3ca54269cc339fabd62816b483734d2ce289cbcb08121661d6b1
SHA51204279457f37d87ff01d1c0c2955cdb2f2410f48e757da401f3d3322c729a95c944401189410f266df15d047d04cc3fd674eb052d34666457a2c72d1a1e220245
-
Filesize
72KB
MD5c484ce6236f6afc2a130c2ef15042693
SHA16e33eb8209cd9d909e85064f569633dd23acecaa
SHA2562110faeb2c8571e5931e573d1a0aefeb873b886c9b4cb37fca6bf11823e58a51
SHA512573c3a2ebc16757fc466d5c8ff307af78648d49d5c63b37b61a7dae7049bd8a7547f9c7cf5d2578727475cee3f03964c090bc439fd03fa2ddba364faaac66422
-
Filesize
72KB
MD5c484ce6236f6afc2a130c2ef15042693
SHA16e33eb8209cd9d909e85064f569633dd23acecaa
SHA2562110faeb2c8571e5931e573d1a0aefeb873b886c9b4cb37fca6bf11823e58a51
SHA512573c3a2ebc16757fc466d5c8ff307af78648d49d5c63b37b61a7dae7049bd8a7547f9c7cf5d2578727475cee3f03964c090bc439fd03fa2ddba364faaac66422
-
Filesize
72KB
MD5f84901fd0fd37ecd1c07183a05358fd4
SHA189e9044b07465c465e2f380165ace9ccb9e26a49
SHA256566b97a722107d7171c8dc91116a61af8edb34b41ddf612a3e15d39cd095b537
SHA512822d6d6ead13d81303ea0c83586f1c67ec8affbf72917fa90cdc27d80d7e3bc01dfee8b8d7f33a84bce9fbd6662a5c488c31bcda0ac2afeca9b482e08b603c3a
-
Filesize
72KB
MD5f84901fd0fd37ecd1c07183a05358fd4
SHA189e9044b07465c465e2f380165ace9ccb9e26a49
SHA256566b97a722107d7171c8dc91116a61af8edb34b41ddf612a3e15d39cd095b537
SHA512822d6d6ead13d81303ea0c83586f1c67ec8affbf72917fa90cdc27d80d7e3bc01dfee8b8d7f33a84bce9fbd6662a5c488c31bcda0ac2afeca9b482e08b603c3a
-
Filesize
72KB
MD5f84901fd0fd37ecd1c07183a05358fd4
SHA189e9044b07465c465e2f380165ace9ccb9e26a49
SHA256566b97a722107d7171c8dc91116a61af8edb34b41ddf612a3e15d39cd095b537
SHA512822d6d6ead13d81303ea0c83586f1c67ec8affbf72917fa90cdc27d80d7e3bc01dfee8b8d7f33a84bce9fbd6662a5c488c31bcda0ac2afeca9b482e08b603c3a
-
Filesize
72KB
MD5f84901fd0fd37ecd1c07183a05358fd4
SHA189e9044b07465c465e2f380165ace9ccb9e26a49
SHA256566b97a722107d7171c8dc91116a61af8edb34b41ddf612a3e15d39cd095b537
SHA512822d6d6ead13d81303ea0c83586f1c67ec8affbf72917fa90cdc27d80d7e3bc01dfee8b8d7f33a84bce9fbd6662a5c488c31bcda0ac2afeca9b482e08b603c3a
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
72KB
MD5f84901fd0fd37ecd1c07183a05358fd4
SHA189e9044b07465c465e2f380165ace9ccb9e26a49
SHA256566b97a722107d7171c8dc91116a61af8edb34b41ddf612a3e15d39cd095b537
SHA512822d6d6ead13d81303ea0c83586f1c67ec8affbf72917fa90cdc27d80d7e3bc01dfee8b8d7f33a84bce9fbd6662a5c488c31bcda0ac2afeca9b482e08b603c3a
-
Filesize
72KB
MD5f84901fd0fd37ecd1c07183a05358fd4
SHA189e9044b07465c465e2f380165ace9ccb9e26a49
SHA256566b97a722107d7171c8dc91116a61af8edb34b41ddf612a3e15d39cd095b537
SHA512822d6d6ead13d81303ea0c83586f1c67ec8affbf72917fa90cdc27d80d7e3bc01dfee8b8d7f33a84bce9fbd6662a5c488c31bcda0ac2afeca9b482e08b603c3a
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
72KB
MD5ba1c8f245e334a1b64955f51e6b597f7
SHA16ee894b1e9ac084d5965521d5b9d3d6afd390203
SHA2562c464a816d6970c7884b59050cb471cddc7793bc7aedf263359165b8e435936d
SHA5129aa833b4c33c625320c7af4d64a5f41128acefaef9029219953144bb1ca05c6de7895182b4528882d90d465dbcff51962bed0e1930450146a1a16c74a6cd2a66
-
Filesize
8KB
-
Filesize
8KB