Analysis
-
max time kernel
152s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
02/12/2022, 19:46
General
-
Target
0b7470f7c3bae67daa4b6a4c3036c5c527b14f829b2d52787cde70be0e610d61.exe
-
Size
72KB
-
MD5
deec32791441a89739061c1460d874d2
-
SHA1
545c92cf6189462e719ac0abe4729a4ba4137b72
-
SHA256
0b7470f7c3bae67daa4b6a4c3036c5c527b14f829b2d52787cde70be0e610d61
-
SHA512
7a1a8697a6167178bc871943e177a62c9290a135bfd2f971c04536f04632fb2ddaf0466cc17725d25443afd18ecb46d272eee7707127cf0e83e24278b01a50f0
-
SSDEEP
384:N6wayA+1mwnA353BXR+oGfPmfm4MlcTGXdhjwroyY2rebV5O6KgxWb/83BXR+oG1:NpQNwC3BESe4Vqth+0V5vKlE3BEJwRrA
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b7470f7c3bae67daa4b6a4c3036c5c527b14f829b2d52787cde70be0e610d61.exe"C:\Users\Admin\AppData\Local\Temp\0b7470f7c3bae67daa4b6a4c3036c5c527b14f829b2d52787cde70be0e610d61.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1065914375\backup.exeC:\Users\Admin\AppData\Local\Temp\1065914375\backup.exe C:\Users\Admin\AppData\Local\Temp\1065914375\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\data.exe"C:\Program Files\7-Zip\Lang\data.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\data.exe"C:\Program Files\Common Files\System\Ole DB\data.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\Ole DB\en-US\update.exe"C:\Program Files\Common Files\System\Ole DB\en-US\update.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵
-
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
-
C:\Program Files\DVD Maker\fr-FR\update.exe"C:\Program Files\DVD Maker\fr-FR\update.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\update.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\update.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- System policy modification
-
-
C:\Program Files\Internet Explorer\es-ES\data.exe"C:\Program Files\Internet Explorer\es-ES\data.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
-
-
-
C:\Program Files\Microsoft Games\data.exe"C:\Program Files\Microsoft Games\data.exe" C:\Program Files\Microsoft Games\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
- System policy modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\System Restore.exe"C:\Program Files (x86)\Common Files\System Restore.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\data.exe"C:\Program Files (x86)\Common Files\Adobe\Help\data.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Contacts\update.exeC:\Users\Admin\Contacts\update.exe C:\Users\Admin\Contacts\6⤵
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- System policy modification
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\System Restore.exe"C:\Windows\AppPatch\System Restore.exe" C:\Windows\AppPatch\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\AppPatch\AppPatch64\System Restore.exe"C:\Windows\AppPatch\AppPatch64\System Restore.exe" C:\Windows\AppPatch\AppPatch64\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\AppPatch\Custom\backup.exeC:\Windows\AppPatch\Custom\backup.exe C:\Windows\AppPatch\Custom\6⤵
-
-
C:\Windows\AppPatch\de-DE\backup.exeC:\Windows\AppPatch\de-DE\backup.exe C:\Windows\AppPatch\de-DE\6⤵
-
-
-
C:\Windows\assembly\update.exeC:\Windows\assembly\update.exe C:\Windows\assembly\5⤵
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\update.exeC:\Users\Admin\AppData\Local\Temp\Low\update.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\update.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\update.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD58ad00df494e4c9a33947d27754cc2a64
SHA157bd22d46d33f11486a088e4452052bcf3ff4a77
SHA2566aba23a822645a4891b012212f47d5f992e31aaa46e2e01a6843d1654a04e54a
SHA512864adfd5cb3b96ebddbb633e6babddb9ff660099023fd3960f1e2811d9934b4091b040653bb5e04697c8049685c291d51f8708aed715ba824e9eb2d3ac97894f
-
Filesize
72KB
MD5889bb70b4825f852c374bc556ff6b83c
SHA1d2c42e643756a3f0c0acc6201fa2616b2b4e5444
SHA256f636e8fa57d1b1c14488a6f56b7474698932d55fc9db5ecdd8a0ee48be4addca
SHA5127f39212446d7d32134c7713d87f94b6bdad62315f1d671e61aa4de40388367cbcf1da0e1e859e8545718310a9d2d9a779d04e04259a14ebc62b1628b531a7b24
-
Filesize
72KB
MD5889bb70b4825f852c374bc556ff6b83c
SHA1d2c42e643756a3f0c0acc6201fa2616b2b4e5444
SHA256f636e8fa57d1b1c14488a6f56b7474698932d55fc9db5ecdd8a0ee48be4addca
SHA5127f39212446d7d32134c7713d87f94b6bdad62315f1d671e61aa4de40388367cbcf1da0e1e859e8545718310a9d2d9a779d04e04259a14ebc62b1628b531a7b24
-
Filesize
72KB
MD5fda471d710d36f3c3f7331e2a7557e5f
SHA136bde3f0009637ba7cd8d53c523796d59dcc4fd8
SHA256ecc892c988ba55eec7904febef671771736dc872ea988f8c1c4dfda31c76a397
SHA512248a221fb052d6098dfbf3bcb4d60755c154a8cb266970696d8a2ed54219f03ca93200eb390e1338a509689e36f122cf2002a9b0ffd33e996632c7cb4ef596ad
-
Filesize
72KB
MD5391cae7682779a4b11581848cbfb1c8a
SHA15f16677997c5bc32f8b523d65e5465dc1cf0722a
SHA256723e1a9aa18c69eab010021b105874a8ce139494db85ea34559852c593d18db7
SHA51211fbe1e49a2a9eb46767c6c40f4e6f7071589a52ae8f9e2cf6be9788825bda3985c3dddd6909589f7278cf99a805ab05313d13ef95848bd381d5205250075326
-
Filesize
72KB
MD55615a9d8f119d724ef01628f817f2320
SHA18ea326b8790707e8d80c5e363cb57f1655144775
SHA2565a30b3fd593f0e224465dbabaf13e12fd55b69c4a2156e5a86679fd39583886d
SHA5128aedd9827fe2cc3f0afa548f209a9f1917554e1e33e3214c6f9a83bc8cd55ffa87c168823b2574742e14de656df274f3d4137a5b629644dd8a3328525996a373
-
Filesize
72KB
MD55615a9d8f119d724ef01628f817f2320
SHA18ea326b8790707e8d80c5e363cb57f1655144775
SHA2565a30b3fd593f0e224465dbabaf13e12fd55b69c4a2156e5a86679fd39583886d
SHA5128aedd9827fe2cc3f0afa548f209a9f1917554e1e33e3214c6f9a83bc8cd55ffa87c168823b2574742e14de656df274f3d4137a5b629644dd8a3328525996a373
-
Filesize
72KB
MD56f9b27e3ffd60cb2d120db1b70c7855b
SHA113ad0f98b56747cb9b12d0f4e05433f70db3bb49
SHA256731b2bac31c70723e7da02b98b850ec7284aed99e3c7f19735d9de182844482d
SHA512d9604d4668d11bc35ed559bed5287009a26dbf25f8e082a00edc1a79d9c8fc569089427b064e4f0f78563fb71ac83ac9f771ea38ea5bc638b90ee787d641ae33
-
Filesize
72KB
MD56f9b27e3ffd60cb2d120db1b70c7855b
SHA113ad0f98b56747cb9b12d0f4e05433f70db3bb49
SHA256731b2bac31c70723e7da02b98b850ec7284aed99e3c7f19735d9de182844482d
SHA512d9604d4668d11bc35ed559bed5287009a26dbf25f8e082a00edc1a79d9c8fc569089427b064e4f0f78563fb71ac83ac9f771ea38ea5bc638b90ee787d641ae33
-
Filesize
72KB
MD5e40fd7d4474b542166f3f9f2fb162700
SHA1fc2a6e1b9870aa0013832cbefcb370ba117f1d0e
SHA2569b837ea376d2b88d3ba2a4bc635f4ffbf19c0e195668b5283d21a90bb0ed68c2
SHA5120438d146e6d8e20fc4ef5fc01973acac6bb341fcc8c1e75fe8809a523c1ac7791ded98bde7b7a58f56ccf8e8b1f5b5015c680d642b6ba586c3ee030abdf13c9d
-
Filesize
72KB
MD5ede073d9cdadd46171e96ada32e902e0
SHA11d9b90624bef8e309f2d847edb3557a595cf7d58
SHA2566187c776edc404cb63b1d8d00fd1b785dd6715a5ba6ad3b2d5c913bebe2fd7cf
SHA5124c8e1e36a67b9e4143329d416598ec126df2de3fa457c54010a868dcb19e12f4b02e28bf22a0f842847e92135f5d4cb6bb830e2f438dee9b9085a28085e34177
-
Filesize
72KB
MD5ede073d9cdadd46171e96ada32e902e0
SHA11d9b90624bef8e309f2d847edb3557a595cf7d58
SHA2566187c776edc404cb63b1d8d00fd1b785dd6715a5ba6ad3b2d5c913bebe2fd7cf
SHA5124c8e1e36a67b9e4143329d416598ec126df2de3fa457c54010a868dcb19e12f4b02e28bf22a0f842847e92135f5d4cb6bb830e2f438dee9b9085a28085e34177
-
Filesize
72KB
MD5f6d9e2a9e22b38b902ed90af2f1873eb
SHA16e72c0913115a5ef64237dc5148c85f9bacc8a77
SHA256ec0b27b91d636de777c1dad49cb3a87c1cab128c76138db001f6a18b6fef9f0a
SHA512fecd600dd9d81a4f3d717eda8e1b0e1882850bbe53aacf1032d757c7ff4402ea42a879ad1a49a42a19b91215e8ca970a440c9729cf5973819419d34b5d504ab8
-
Filesize
72KB
MD5f6d9e2a9e22b38b902ed90af2f1873eb
SHA16e72c0913115a5ef64237dc5148c85f9bacc8a77
SHA256ec0b27b91d636de777c1dad49cb3a87c1cab128c76138db001f6a18b6fef9f0a
SHA512fecd600dd9d81a4f3d717eda8e1b0e1882850bbe53aacf1032d757c7ff4402ea42a879ad1a49a42a19b91215e8ca970a440c9729cf5973819419d34b5d504ab8
-
Filesize
72KB
MD54daf769f25f53cf9a7d514a518eaa522
SHA11c570d9b3d3887abde4a52f8ea3bc2f40e3cc243
SHA2561b35b66cd44595a2d654f36a5b5397ee6f335ccf4d84201ab319853911c99f12
SHA512cf4820b7b7f9aee2390af46cfbcef8187a8ad66e92d2e9b36709c22f5eaaa72d624de91a31a464667548fbeacb02bff3776bc9bd91613faebc0b56b54e00ba94
-
Filesize
72KB
MD54daf769f25f53cf9a7d514a518eaa522
SHA11c570d9b3d3887abde4a52f8ea3bc2f40e3cc243
SHA2561b35b66cd44595a2d654f36a5b5397ee6f335ccf4d84201ab319853911c99f12
SHA512cf4820b7b7f9aee2390af46cfbcef8187a8ad66e92d2e9b36709c22f5eaaa72d624de91a31a464667548fbeacb02bff3776bc9bd91613faebc0b56b54e00ba94
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD58b09118a2d0870c2df080017aa3cdeeb
SHA1eda23c9d73b83c8d93b7decf856fa85777d55724
SHA2565f2ae5fa2a371ddfb6ae5f8d5cd0279b26820c54850f440c2efd443a05036a99
SHA5120ab141c8762fa4b54b3b7887c31c5990910d24e59edab69f70ac00b128a43ec7702ee4f2352ce977e9fdb326852632d72bc93baa577e6f315b1a4f159225b25b
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5b8f43372d0135b79a00be02355e3c1a3
SHA17371c7d9a5d47a463171653743502384beac17aa
SHA2565e431eca9ad28194f62bae86b3e661862fb15e92676f0e011070203617b34e8c
SHA5126d15dd8fcb0ce107b7ad838d54fce12d571492c1b7eff47b2122a0d8716c34e593b0cb0028d78d11df163acfc742e65ec384429219064b7a82a3e99a3bbb0a36
-
Filesize
72KB
MD5b8f43372d0135b79a00be02355e3c1a3
SHA17371c7d9a5d47a463171653743502384beac17aa
SHA2565e431eca9ad28194f62bae86b3e661862fb15e92676f0e011070203617b34e8c
SHA5126d15dd8fcb0ce107b7ad838d54fce12d571492c1b7eff47b2122a0d8716c34e593b0cb0028d78d11df163acfc742e65ec384429219064b7a82a3e99a3bbb0a36
-
Filesize
72KB
MD58ad00df494e4c9a33947d27754cc2a64
SHA157bd22d46d33f11486a088e4452052bcf3ff4a77
SHA2566aba23a822645a4891b012212f47d5f992e31aaa46e2e01a6843d1654a04e54a
SHA512864adfd5cb3b96ebddbb633e6babddb9ff660099023fd3960f1e2811d9934b4091b040653bb5e04697c8049685c291d51f8708aed715ba824e9eb2d3ac97894f
-
Filesize
72KB
MD58ad00df494e4c9a33947d27754cc2a64
SHA157bd22d46d33f11486a088e4452052bcf3ff4a77
SHA2566aba23a822645a4891b012212f47d5f992e31aaa46e2e01a6843d1654a04e54a
SHA512864adfd5cb3b96ebddbb633e6babddb9ff660099023fd3960f1e2811d9934b4091b040653bb5e04697c8049685c291d51f8708aed715ba824e9eb2d3ac97894f
-
Filesize
72KB
MD5889bb70b4825f852c374bc556ff6b83c
SHA1d2c42e643756a3f0c0acc6201fa2616b2b4e5444
SHA256f636e8fa57d1b1c14488a6f56b7474698932d55fc9db5ecdd8a0ee48be4addca
SHA5127f39212446d7d32134c7713d87f94b6bdad62315f1d671e61aa4de40388367cbcf1da0e1e859e8545718310a9d2d9a779d04e04259a14ebc62b1628b531a7b24
-
Filesize
72KB
MD5889bb70b4825f852c374bc556ff6b83c
SHA1d2c42e643756a3f0c0acc6201fa2616b2b4e5444
SHA256f636e8fa57d1b1c14488a6f56b7474698932d55fc9db5ecdd8a0ee48be4addca
SHA5127f39212446d7d32134c7713d87f94b6bdad62315f1d671e61aa4de40388367cbcf1da0e1e859e8545718310a9d2d9a779d04e04259a14ebc62b1628b531a7b24
-
Filesize
72KB
MD5fda471d710d36f3c3f7331e2a7557e5f
SHA136bde3f0009637ba7cd8d53c523796d59dcc4fd8
SHA256ecc892c988ba55eec7904febef671771736dc872ea988f8c1c4dfda31c76a397
SHA512248a221fb052d6098dfbf3bcb4d60755c154a8cb266970696d8a2ed54219f03ca93200eb390e1338a509689e36f122cf2002a9b0ffd33e996632c7cb4ef596ad
-
Filesize
72KB
MD5fda471d710d36f3c3f7331e2a7557e5f
SHA136bde3f0009637ba7cd8d53c523796d59dcc4fd8
SHA256ecc892c988ba55eec7904febef671771736dc872ea988f8c1c4dfda31c76a397
SHA512248a221fb052d6098dfbf3bcb4d60755c154a8cb266970696d8a2ed54219f03ca93200eb390e1338a509689e36f122cf2002a9b0ffd33e996632c7cb4ef596ad
-
Filesize
72KB
MD5391cae7682779a4b11581848cbfb1c8a
SHA15f16677997c5bc32f8b523d65e5465dc1cf0722a
SHA256723e1a9aa18c69eab010021b105874a8ce139494db85ea34559852c593d18db7
SHA51211fbe1e49a2a9eb46767c6c40f4e6f7071589a52ae8f9e2cf6be9788825bda3985c3dddd6909589f7278cf99a805ab05313d13ef95848bd381d5205250075326
-
Filesize
72KB
MD5391cae7682779a4b11581848cbfb1c8a
SHA15f16677997c5bc32f8b523d65e5465dc1cf0722a
SHA256723e1a9aa18c69eab010021b105874a8ce139494db85ea34559852c593d18db7
SHA51211fbe1e49a2a9eb46767c6c40f4e6f7071589a52ae8f9e2cf6be9788825bda3985c3dddd6909589f7278cf99a805ab05313d13ef95848bd381d5205250075326
-
Filesize
72KB
MD55615a9d8f119d724ef01628f817f2320
SHA18ea326b8790707e8d80c5e363cb57f1655144775
SHA2565a30b3fd593f0e224465dbabaf13e12fd55b69c4a2156e5a86679fd39583886d
SHA5128aedd9827fe2cc3f0afa548f209a9f1917554e1e33e3214c6f9a83bc8cd55ffa87c168823b2574742e14de656df274f3d4137a5b629644dd8a3328525996a373
-
Filesize
72KB
MD55615a9d8f119d724ef01628f817f2320
SHA18ea326b8790707e8d80c5e363cb57f1655144775
SHA2565a30b3fd593f0e224465dbabaf13e12fd55b69c4a2156e5a86679fd39583886d
SHA5128aedd9827fe2cc3f0afa548f209a9f1917554e1e33e3214c6f9a83bc8cd55ffa87c168823b2574742e14de656df274f3d4137a5b629644dd8a3328525996a373
-
Filesize
72KB
MD56f9b27e3ffd60cb2d120db1b70c7855b
SHA113ad0f98b56747cb9b12d0f4e05433f70db3bb49
SHA256731b2bac31c70723e7da02b98b850ec7284aed99e3c7f19735d9de182844482d
SHA512d9604d4668d11bc35ed559bed5287009a26dbf25f8e082a00edc1a79d9c8fc569089427b064e4f0f78563fb71ac83ac9f771ea38ea5bc638b90ee787d641ae33
-
Filesize
72KB
MD56f9b27e3ffd60cb2d120db1b70c7855b
SHA113ad0f98b56747cb9b12d0f4e05433f70db3bb49
SHA256731b2bac31c70723e7da02b98b850ec7284aed99e3c7f19735d9de182844482d
SHA512d9604d4668d11bc35ed559bed5287009a26dbf25f8e082a00edc1a79d9c8fc569089427b064e4f0f78563fb71ac83ac9f771ea38ea5bc638b90ee787d641ae33
-
Filesize
72KB
MD5e40fd7d4474b542166f3f9f2fb162700
SHA1fc2a6e1b9870aa0013832cbefcb370ba117f1d0e
SHA2569b837ea376d2b88d3ba2a4bc635f4ffbf19c0e195668b5283d21a90bb0ed68c2
SHA5120438d146e6d8e20fc4ef5fc01973acac6bb341fcc8c1e75fe8809a523c1ac7791ded98bde7b7a58f56ccf8e8b1f5b5015c680d642b6ba586c3ee030abdf13c9d
-
Filesize
72KB
MD5e40fd7d4474b542166f3f9f2fb162700
SHA1fc2a6e1b9870aa0013832cbefcb370ba117f1d0e
SHA2569b837ea376d2b88d3ba2a4bc635f4ffbf19c0e195668b5283d21a90bb0ed68c2
SHA5120438d146e6d8e20fc4ef5fc01973acac6bb341fcc8c1e75fe8809a523c1ac7791ded98bde7b7a58f56ccf8e8b1f5b5015c680d642b6ba586c3ee030abdf13c9d
-
Filesize
72KB
MD5ede073d9cdadd46171e96ada32e902e0
SHA11d9b90624bef8e309f2d847edb3557a595cf7d58
SHA2566187c776edc404cb63b1d8d00fd1b785dd6715a5ba6ad3b2d5c913bebe2fd7cf
SHA5124c8e1e36a67b9e4143329d416598ec126df2de3fa457c54010a868dcb19e12f4b02e28bf22a0f842847e92135f5d4cb6bb830e2f438dee9b9085a28085e34177
-
Filesize
72KB
MD5ede073d9cdadd46171e96ada32e902e0
SHA11d9b90624bef8e309f2d847edb3557a595cf7d58
SHA2566187c776edc404cb63b1d8d00fd1b785dd6715a5ba6ad3b2d5c913bebe2fd7cf
SHA5124c8e1e36a67b9e4143329d416598ec126df2de3fa457c54010a868dcb19e12f4b02e28bf22a0f842847e92135f5d4cb6bb830e2f438dee9b9085a28085e34177
-
Filesize
72KB
MD58e845117b6cbe1874797cd777b076c6c
SHA1321e5c5d58afb17e57d4a401e6c108ec67a4fb33
SHA256548151b10ca769ce77fa64b5beb1ad4b77089d6d96a074c3a8e48383ce2b8a19
SHA512501ab9bd9a62780131740376e5c134cbb8c1fda95dde8edd75a5453ad7dca5a79d3db37f338d7e694dccc4450293db7aeb24fc7d2a6946105d5d31e7e088cc94
-
Filesize
72KB
MD58e845117b6cbe1874797cd777b076c6c
SHA1321e5c5d58afb17e57d4a401e6c108ec67a4fb33
SHA256548151b10ca769ce77fa64b5beb1ad4b77089d6d96a074c3a8e48383ce2b8a19
SHA512501ab9bd9a62780131740376e5c134cbb8c1fda95dde8edd75a5453ad7dca5a79d3db37f338d7e694dccc4450293db7aeb24fc7d2a6946105d5d31e7e088cc94
-
Filesize
72KB
MD5f6d9e2a9e22b38b902ed90af2f1873eb
SHA16e72c0913115a5ef64237dc5148c85f9bacc8a77
SHA256ec0b27b91d636de777c1dad49cb3a87c1cab128c76138db001f6a18b6fef9f0a
SHA512fecd600dd9d81a4f3d717eda8e1b0e1882850bbe53aacf1032d757c7ff4402ea42a879ad1a49a42a19b91215e8ca970a440c9729cf5973819419d34b5d504ab8
-
Filesize
72KB
MD5f6d9e2a9e22b38b902ed90af2f1873eb
SHA16e72c0913115a5ef64237dc5148c85f9bacc8a77
SHA256ec0b27b91d636de777c1dad49cb3a87c1cab128c76138db001f6a18b6fef9f0a
SHA512fecd600dd9d81a4f3d717eda8e1b0e1882850bbe53aacf1032d757c7ff4402ea42a879ad1a49a42a19b91215e8ca970a440c9729cf5973819419d34b5d504ab8
-
Filesize
72KB
MD54daf769f25f53cf9a7d514a518eaa522
SHA11c570d9b3d3887abde4a52f8ea3bc2f40e3cc243
SHA2561b35b66cd44595a2d654f36a5b5397ee6f335ccf4d84201ab319853911c99f12
SHA512cf4820b7b7f9aee2390af46cfbcef8187a8ad66e92d2e9b36709c22f5eaaa72d624de91a31a464667548fbeacb02bff3776bc9bd91613faebc0b56b54e00ba94
-
Filesize
72KB
MD54daf769f25f53cf9a7d514a518eaa522
SHA11c570d9b3d3887abde4a52f8ea3bc2f40e3cc243
SHA2561b35b66cd44595a2d654f36a5b5397ee6f335ccf4d84201ab319853911c99f12
SHA512cf4820b7b7f9aee2390af46cfbcef8187a8ad66e92d2e9b36709c22f5eaaa72d624de91a31a464667548fbeacb02bff3776bc9bd91613faebc0b56b54e00ba94
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD58b09118a2d0870c2df080017aa3cdeeb
SHA1eda23c9d73b83c8d93b7decf856fa85777d55724
SHA2565f2ae5fa2a371ddfb6ae5f8d5cd0279b26820c54850f440c2efd443a05036a99
SHA5120ab141c8762fa4b54b3b7887c31c5990910d24e59edab69f70ac00b128a43ec7702ee4f2352ce977e9fdb326852632d72bc93baa577e6f315b1a4f159225b25b
-
Filesize
72KB
MD58b09118a2d0870c2df080017aa3cdeeb
SHA1eda23c9d73b83c8d93b7decf856fa85777d55724
SHA2565f2ae5fa2a371ddfb6ae5f8d5cd0279b26820c54850f440c2efd443a05036a99
SHA5120ab141c8762fa4b54b3b7887c31c5990910d24e59edab69f70ac00b128a43ec7702ee4f2352ce977e9fdb326852632d72bc93baa577e6f315b1a4f159225b25b
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
72KB
MD5e7e16ee7ccf3a14394ea9a6df7b77947
SHA18528e52a2e1a22ff9574a092fc2f97aadbe0fad7
SHA25612e4c8914bb4382b53c72d06a1d12e91f859ba715674b3e1ec2cf74164b4beda
SHA5121701cbe407f6d71b8a09b98f8ba69aef15ed0c6ca801c059da720ae00fb2a229b12635f89ca1c950a1ca5ec1944006a557d52f411ae8376bdc1fe3e346bf4738
-
Filesize
8KB
-
Filesize
8KB