Analysis
-
max time kernel
154s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
02-12-2022 20:07
General
-
Target
8a1858b51bdc4d36c060d832a3e0db092029d792fc32ebc5fe2c7946d0e0b65d.exe
-
Size
72KB
-
MD5
092ca45d247da08b3fc8c9471e5d7207
-
SHA1
31429febb195bee6c17dc368ff709654f84acca3
-
SHA256
8a1858b51bdc4d36c060d832a3e0db092029d792fc32ebc5fe2c7946d0e0b65d
-
SHA512
f8563a894ed1b481424a374a368fb5c471c6ad76021a7c4402b2de5dc9072f8a6c115288c5d259f1e02a49d390000d3e95f29160d92c4fdefc4d4992eaf7d774
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2s:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPY
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 29 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a1858b51bdc4d36c060d832a3e0db092029d792fc32ebc5fe2c7946d0e0b65d.exe"C:\Users\Admin\AppData\Local\Temp\8a1858b51bdc4d36c060d832a3e0db092029d792fc32ebc5fe2c7946d0e0b65d.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3629485231\backup.exeC:\Users\Admin\AppData\Local\Temp\3629485231\backup.exe C:\Users\Admin\AppData\Local\Temp\3629485231\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\update.exe"C:\Program Files\Common Files\microsoft shared\ink\update.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\data.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\data.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\data.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\data.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\update.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\update.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-BR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-PT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\sk-SK\data.exe"C:\Program Files\Common Files\microsoft shared\ink\sk-SK\data.exe" C:\Program Files\Common Files\microsoft shared\ink\sk-SK\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sv-SE\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sl-SI\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ru-RU\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ro-RO\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\th-TH\update.exe"C:\Program Files\Common Files\microsoft shared\ink\th-TH\update.exe" C:\Program Files\Common Files\microsoft shared\ink\th-TH\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\tr-TR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\uk-UA\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\data.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\data.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\System Restore.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\System Restore.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\data.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\data.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\data.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\data.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- System policy modification
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\8⤵
-
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
- System policy modification
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\7⤵
-
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\data.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\data.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\9⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\9⤵
-
-
-
-
-
C:\Program Files\Java\jre1.8.0_66\backup.exe"C:\Program Files\Java\jre1.8.0_66\backup.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_66\bin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\plugin2\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jre1.8.0_66\bin\server\System Restore.exe"C:\Program Files\Java\jre1.8.0_66\bin\server\System Restore.exe" C:\Program Files\Java\jre1.8.0_66\bin\server\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\data.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\data.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Java\jre1.8.0_66\lib\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jre1.8.0_66\lib\ext\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\ext\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\ext\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Java\jre1.8.0_66\lib\fonts\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\fonts\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\fonts\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\lib\images\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\images\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\images\8⤵
- System policy modification
-
-
-
-
-
C:\Program Files\Microsoft Office\update.exe"C:\Program Files\Microsoft Office\update.exe" C:\Program Files\Microsoft Office\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Microsoft Office\PackageManifests\data.exe"C:\Program Files\Microsoft Office\PackageManifests\data.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\8⤵
- System policy modification
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\8⤵
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
-
-
C:\Program Files\Microsoft Office\root\Integration\backup.exe"C:\Program Files\Microsoft Office\root\Integration\backup.exe" C:\Program Files\Microsoft Office\root\Integration\7⤵
-
C:\Program Files\Microsoft Office\root\Integration\Addons\backup.exe"C:\Program Files\Microsoft Office\root\Integration\Addons\backup.exe" C:\Program Files\Microsoft Office\root\Integration\Addons\8⤵
-
-
-
C:\Program Files\Microsoft Office\root\fre\backup.exe"C:\Program Files\Microsoft Office\root\fre\backup.exe" C:\Program Files\Microsoft Office\root\fre\7⤵
-
-
-
-
-
C:\Program Files (x86)\update.exe"C:\Program Files (x86)\update.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Drops file in Program Files directory
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\10⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\10⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
-
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{4CA8DFAB-80A0-43FC-AC78-FBACDED770CF}\8⤵
-
-
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- System policy modification
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
-
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
-
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Saved Games\update.exe"C:\Users\Admin\Saved Games\update.exe" C:\Users\Admin\Saved Games\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
-
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Drops file in Windows directory
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
- Drops file in Windows directory
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
-
-
-
C:\Windows\apppatch\de-DE\backup.exeC:\Windows\apppatch\de-DE\backup.exe C:\Windows\apppatch\de-DE\6⤵
-
-
C:\Windows\apppatch\en-US\update.exeC:\Windows\apppatch\en-US\update.exe C:\Windows\apppatch\en-US\6⤵
- System policy modification
-
-
C:\Windows\apppatch\es-ES\backup.exeC:\Windows\apppatch\es-ES\backup.exe C:\Windows\apppatch\es-ES\6⤵
-
-
C:\Windows\apppatch\it-IT\backup.exeC:\Windows\apppatch\it-IT\backup.exe C:\Windows\apppatch\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\data.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\data.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\7⤵
-
-
-
C:\Windows\apppatch\fr-FR\backup.exeC:\Windows\apppatch\fr-FR\backup.exe C:\Windows\apppatch\fr-FR\6⤵
- System policy modification
-
-
C:\Windows\apppatch\CustomSDB\backup.exeC:\Windows\apppatch\CustomSDB\backup.exe C:\Windows\apppatch\CustomSDB\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\apppatch\ja-JP\backup.exeC:\Windows\apppatch\ja-JP\backup.exe C:\Windows\apppatch\ja-JP\6⤵
-
-
-
C:\Windows\AppReadiness\backup.exeC:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\5⤵
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Microsoft.mshtml\update.exeC:\Windows\assembly\GAC\Microsoft.mshtml\update.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\8⤵
- System policy modification
-
-
-
C:\Windows\assembly\GAC\Extensibility\data.exeC:\Windows\assembly\GAC\Extensibility\data.exe C:\Windows\assembly\GAC\Extensibility\7⤵
- Drops file in Windows directory
-
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
- Drops file in Windows directory
-
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\System Restore.exe"C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\System Restore.exe" C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\data.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\data.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\1⤵
-
C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\amd64\1⤵
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\1⤵
- System policy modification
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\1⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\1⤵
-
C:\Program Files\Java\jre1.8.0_66\lib\applet\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\applet\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\applet\1⤵
-
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\1⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\1⤵
-
C:\Program Files\Java\jre1.8.0_66\lib\deploy\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\deploy\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\deploy\1⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\1⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\2⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\2⤵
-
-
C:\Program Files\Java\jre1.8.0_66\lib\cmm\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\cmm\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\cmm\1⤵
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\1⤵
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\1⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\1⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD54af21cf44bd262b0ea350e90e482f44d
SHA1923a7108e039053ebaae28e5d80e433cc7d576ef
SHA256f952097c7ceefc1bb417d1ae1cf1880dd6dfa440d159b0c50c7ec31e4b09bdc3
SHA512a95c1b1f9d63a87d04aa2d39a095a9163d77123f3d3551e4e318033d54fe025f759a8deab055cc1d0c8d08d4b24503382a521c6f2392cb2397a76e1aeba111ac
-
Filesize
72KB
MD54af21cf44bd262b0ea350e90e482f44d
SHA1923a7108e039053ebaae28e5d80e433cc7d576ef
SHA256f952097c7ceefc1bb417d1ae1cf1880dd6dfa440d159b0c50c7ec31e4b09bdc3
SHA512a95c1b1f9d63a87d04aa2d39a095a9163d77123f3d3551e4e318033d54fe025f759a8deab055cc1d0c8d08d4b24503382a521c6f2392cb2397a76e1aeba111ac
-
Filesize
72KB
MD570f16ff8e28288fcb21f5be7b2d4e248
SHA17c3afdade0baf1b8bbe0814af83183c011443235
SHA256f7fcf9e40f321a0cecc96e74928c75d8bbfbe748a9a7d99661f6197ed08dc9bc
SHA5121ad879ee3f066b7080a4107cdf4a00d54b2c305fe9b9a5d38b3559f9c4e52ea3ca72dbaa263b88861da70bfa64423c37b2bbb9886f309abbdf5ba2f27f491f33
-
Filesize
72KB
MD570f16ff8e28288fcb21f5be7b2d4e248
SHA17c3afdade0baf1b8bbe0814af83183c011443235
SHA256f7fcf9e40f321a0cecc96e74928c75d8bbfbe748a9a7d99661f6197ed08dc9bc
SHA5121ad879ee3f066b7080a4107cdf4a00d54b2c305fe9b9a5d38b3559f9c4e52ea3ca72dbaa263b88861da70bfa64423c37b2bbb9886f309abbdf5ba2f27f491f33
-
Filesize
72KB
MD53205a3a3b114d50f853cd098e9d7aec6
SHA14b1a00527b46754592fa41807957b23b29420ded
SHA25694a1f2e59ba95f9b8638771b6fb3bda429febae49daa51db8fb1c090dc58998a
SHA512d714088720f3ac1ceb89444e0314e1b5037b580c8cc7cb91944a963d79979dd752b26ac9578eaadc21b42abf0f24864203d583952cafdf70abb7b703fe5d1a74
-
Filesize
72KB
MD53205a3a3b114d50f853cd098e9d7aec6
SHA14b1a00527b46754592fa41807957b23b29420ded
SHA25694a1f2e59ba95f9b8638771b6fb3bda429febae49daa51db8fb1c090dc58998a
SHA512d714088720f3ac1ceb89444e0314e1b5037b580c8cc7cb91944a963d79979dd752b26ac9578eaadc21b42abf0f24864203d583952cafdf70abb7b703fe5d1a74
-
Filesize
72KB
MD5744d04fc698488a216e54c9fa1d50948
SHA14e450f6248522ce5853ad037831b3c48246b76dd
SHA25659862d6b791d60c5de6b54ad6f30d1f66860b2a82f7bef81f538f1fd9bf94072
SHA5122c477ecaa789f1ba28e3888ad82ef1f41d76fe564f5d90858dea98da981c5f63063916854731f781325a4cacd203b5fd51168912546ea57893b816e15594053e
-
Filesize
72KB
MD5744d04fc698488a216e54c9fa1d50948
SHA14e450f6248522ce5853ad037831b3c48246b76dd
SHA25659862d6b791d60c5de6b54ad6f30d1f66860b2a82f7bef81f538f1fd9bf94072
SHA5122c477ecaa789f1ba28e3888ad82ef1f41d76fe564f5d90858dea98da981c5f63063916854731f781325a4cacd203b5fd51168912546ea57893b816e15594053e
-
Filesize
72KB
MD53205a3a3b114d50f853cd098e9d7aec6
SHA14b1a00527b46754592fa41807957b23b29420ded
SHA25694a1f2e59ba95f9b8638771b6fb3bda429febae49daa51db8fb1c090dc58998a
SHA512d714088720f3ac1ceb89444e0314e1b5037b580c8cc7cb91944a963d79979dd752b26ac9578eaadc21b42abf0f24864203d583952cafdf70abb7b703fe5d1a74
-
Filesize
72KB
MD53205a3a3b114d50f853cd098e9d7aec6
SHA14b1a00527b46754592fa41807957b23b29420ded
SHA25694a1f2e59ba95f9b8638771b6fb3bda429febae49daa51db8fb1c090dc58998a
SHA512d714088720f3ac1ceb89444e0314e1b5037b580c8cc7cb91944a963d79979dd752b26ac9578eaadc21b42abf0f24864203d583952cafdf70abb7b703fe5d1a74
-
Filesize
72KB
MD5e8fa8f01bff9f7b23ef1b8d655078ca5
SHA1351d0f0642202cfcbab6fd2bf52625918b8f2818
SHA256aa3feec3f1ca7be8725c356be5e60aa912d1a464f096ce4058adbfdd8ffd3753
SHA512887910e695bc5ec9b027080d6e71d122762ed15108fa0d89015436956976d88aa024c5675353c2e9027d10cf80dfccfae5e6703644ef2981fbc4726998d5d9c5
-
Filesize
72KB
MD5e8fa8f01bff9f7b23ef1b8d655078ca5
SHA1351d0f0642202cfcbab6fd2bf52625918b8f2818
SHA256aa3feec3f1ca7be8725c356be5e60aa912d1a464f096ce4058adbfdd8ffd3753
SHA512887910e695bc5ec9b027080d6e71d122762ed15108fa0d89015436956976d88aa024c5675353c2e9027d10cf80dfccfae5e6703644ef2981fbc4726998d5d9c5
-
Filesize
72KB
MD5744d04fc698488a216e54c9fa1d50948
SHA14e450f6248522ce5853ad037831b3c48246b76dd
SHA25659862d6b791d60c5de6b54ad6f30d1f66860b2a82f7bef81f538f1fd9bf94072
SHA5122c477ecaa789f1ba28e3888ad82ef1f41d76fe564f5d90858dea98da981c5f63063916854731f781325a4cacd203b5fd51168912546ea57893b816e15594053e
-
Filesize
72KB
MD5744d04fc698488a216e54c9fa1d50948
SHA14e450f6248522ce5853ad037831b3c48246b76dd
SHA25659862d6b791d60c5de6b54ad6f30d1f66860b2a82f7bef81f538f1fd9bf94072
SHA5122c477ecaa789f1ba28e3888ad82ef1f41d76fe564f5d90858dea98da981c5f63063916854731f781325a4cacd203b5fd51168912546ea57893b816e15594053e
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD55392a9145bc376d68926018bda43221e
SHA1105365328104bf00326b5c133f345b2732b50c5f
SHA256978f4f537f0a4be6263b957d013f1706a497e1d7067970a91b965756aababddb
SHA512f7891b81dec795d3f30f8a506bc5cd184a371e79e49ab569795b3ccfae569d9181faae895a46e5265fa1ca7cef19e16262651c30e4d8e246638c13dc99d38abf
-
Filesize
72KB
MD5b6d2a3d8a0e5f42e6776aba1ddba1175
SHA155a25d9b0ef68f0dc137043ea04c53ca72098415
SHA2564ae5091cc6a0ffc881d728bfd5f3704bd7d9c0b22fecb0674f1ca45553feee60
SHA5120d87e0c83eee4feca00b9be9fb94e70ce8453405ad616346483c079800a9c4d9da31c8ffb5ff7a52b0a9d6b8d07fe40fb3880c5501f0bc1ba443b0cfe64b3879
-
Filesize
72KB
MD5b6d2a3d8a0e5f42e6776aba1ddba1175
SHA155a25d9b0ef68f0dc137043ea04c53ca72098415
SHA2564ae5091cc6a0ffc881d728bfd5f3704bd7d9c0b22fecb0674f1ca45553feee60
SHA5120d87e0c83eee4feca00b9be9fb94e70ce8453405ad616346483c079800a9c4d9da31c8ffb5ff7a52b0a9d6b8d07fe40fb3880c5501f0bc1ba443b0cfe64b3879
-
Filesize
72KB
MD5b6d2a3d8a0e5f42e6776aba1ddba1175
SHA155a25d9b0ef68f0dc137043ea04c53ca72098415
SHA2564ae5091cc6a0ffc881d728bfd5f3704bd7d9c0b22fecb0674f1ca45553feee60
SHA5120d87e0c83eee4feca00b9be9fb94e70ce8453405ad616346483c079800a9c4d9da31c8ffb5ff7a52b0a9d6b8d07fe40fb3880c5501f0bc1ba443b0cfe64b3879
-
Filesize
72KB
MD5b6d2a3d8a0e5f42e6776aba1ddba1175
SHA155a25d9b0ef68f0dc137043ea04c53ca72098415
SHA2564ae5091cc6a0ffc881d728bfd5f3704bd7d9c0b22fecb0674f1ca45553feee60
SHA5120d87e0c83eee4feca00b9be9fb94e70ce8453405ad616346483c079800a9c4d9da31c8ffb5ff7a52b0a9d6b8d07fe40fb3880c5501f0bc1ba443b0cfe64b3879
-
Filesize
72KB
MD5b6d2a3d8a0e5f42e6776aba1ddba1175
SHA155a25d9b0ef68f0dc137043ea04c53ca72098415
SHA2564ae5091cc6a0ffc881d728bfd5f3704bd7d9c0b22fecb0674f1ca45553feee60
SHA5120d87e0c83eee4feca00b9be9fb94e70ce8453405ad616346483c079800a9c4d9da31c8ffb5ff7a52b0a9d6b8d07fe40fb3880c5501f0bc1ba443b0cfe64b3879
-
Filesize
72KB
MD5b6d2a3d8a0e5f42e6776aba1ddba1175
SHA155a25d9b0ef68f0dc137043ea04c53ca72098415
SHA2564ae5091cc6a0ffc881d728bfd5f3704bd7d9c0b22fecb0674f1ca45553feee60
SHA5120d87e0c83eee4feca00b9be9fb94e70ce8453405ad616346483c079800a9c4d9da31c8ffb5ff7a52b0a9d6b8d07fe40fb3880c5501f0bc1ba443b0cfe64b3879
-
Filesize
72KB
MD5b6d2a3d8a0e5f42e6776aba1ddba1175
SHA155a25d9b0ef68f0dc137043ea04c53ca72098415
SHA2564ae5091cc6a0ffc881d728bfd5f3704bd7d9c0b22fecb0674f1ca45553feee60
SHA5120d87e0c83eee4feca00b9be9fb94e70ce8453405ad616346483c079800a9c4d9da31c8ffb5ff7a52b0a9d6b8d07fe40fb3880c5501f0bc1ba443b0cfe64b3879
-
Filesize
72KB
MD5b6d2a3d8a0e5f42e6776aba1ddba1175
SHA155a25d9b0ef68f0dc137043ea04c53ca72098415
SHA2564ae5091cc6a0ffc881d728bfd5f3704bd7d9c0b22fecb0674f1ca45553feee60
SHA5120d87e0c83eee4feca00b9be9fb94e70ce8453405ad616346483c079800a9c4d9da31c8ffb5ff7a52b0a9d6b8d07fe40fb3880c5501f0bc1ba443b0cfe64b3879
-
Filesize
72KB
MD58e94ad6868010cf40117891ab1008cd3
SHA1f9cff77440f6db99e68b131ca49e4fad5c8c2dbf
SHA2564c85494465aba92c7771fe615adafba8b63cc768cf75a18b34216899cad433e1
SHA512da15eb184b0f5632352098153c9b2839abadf4202cfa5b5e0dcfccce73d621316b5dde4174f65e7477dbe14a24003168f3473401d7762d758ba95788293949bb
-
Filesize
72KB
MD58e94ad6868010cf40117891ab1008cd3
SHA1f9cff77440f6db99e68b131ca49e4fad5c8c2dbf
SHA2564c85494465aba92c7771fe615adafba8b63cc768cf75a18b34216899cad433e1
SHA512da15eb184b0f5632352098153c9b2839abadf4202cfa5b5e0dcfccce73d621316b5dde4174f65e7477dbe14a24003168f3473401d7762d758ba95788293949bb
-
Filesize
72KB
MD58e94ad6868010cf40117891ab1008cd3
SHA1f9cff77440f6db99e68b131ca49e4fad5c8c2dbf
SHA2564c85494465aba92c7771fe615adafba8b63cc768cf75a18b34216899cad433e1
SHA512da15eb184b0f5632352098153c9b2839abadf4202cfa5b5e0dcfccce73d621316b5dde4174f65e7477dbe14a24003168f3473401d7762d758ba95788293949bb
-
Filesize
72KB
MD58e94ad6868010cf40117891ab1008cd3
SHA1f9cff77440f6db99e68b131ca49e4fad5c8c2dbf
SHA2564c85494465aba92c7771fe615adafba8b63cc768cf75a18b34216899cad433e1
SHA512da15eb184b0f5632352098153c9b2839abadf4202cfa5b5e0dcfccce73d621316b5dde4174f65e7477dbe14a24003168f3473401d7762d758ba95788293949bb
-
Filesize
72KB
MD58e94ad6868010cf40117891ab1008cd3
SHA1f9cff77440f6db99e68b131ca49e4fad5c8c2dbf
SHA2564c85494465aba92c7771fe615adafba8b63cc768cf75a18b34216899cad433e1
SHA512da15eb184b0f5632352098153c9b2839abadf4202cfa5b5e0dcfccce73d621316b5dde4174f65e7477dbe14a24003168f3473401d7762d758ba95788293949bb
-
Filesize
72KB
MD58e94ad6868010cf40117891ab1008cd3
SHA1f9cff77440f6db99e68b131ca49e4fad5c8c2dbf
SHA2564c85494465aba92c7771fe615adafba8b63cc768cf75a18b34216899cad433e1
SHA512da15eb184b0f5632352098153c9b2839abadf4202cfa5b5e0dcfccce73d621316b5dde4174f65e7477dbe14a24003168f3473401d7762d758ba95788293949bb
-
Filesize
72KB
MD5e8fa8f01bff9f7b23ef1b8d655078ca5
SHA1351d0f0642202cfcbab6fd2bf52625918b8f2818
SHA256aa3feec3f1ca7be8725c356be5e60aa912d1a464f096ce4058adbfdd8ffd3753
SHA512887910e695bc5ec9b027080d6e71d122762ed15108fa0d89015436956976d88aa024c5675353c2e9027d10cf80dfccfae5e6703644ef2981fbc4726998d5d9c5
-
Filesize
72KB
MD5e8fa8f01bff9f7b23ef1b8d655078ca5
SHA1351d0f0642202cfcbab6fd2bf52625918b8f2818
SHA256aa3feec3f1ca7be8725c356be5e60aa912d1a464f096ce4058adbfdd8ffd3753
SHA512887910e695bc5ec9b027080d6e71d122762ed15108fa0d89015436956976d88aa024c5675353c2e9027d10cf80dfccfae5e6703644ef2981fbc4726998d5d9c5
-
Filesize
72KB
MD56e0707bff65d59ddea2fd77617d6d052
SHA1bc6420992ca5ad184a060a834ac69369bd7610b1
SHA2561b023db377ef4397ee1e89fda799993ddf155adc7c2626e90b368726b30ffb05
SHA512812b78d5eaa19ef0213452d724a0ab29525e7ad10d198575d5a64bcfd6387b6779c8889ecefbb1f46829cfd6db125a2dcfce67ea34cecac2d7a015a0ac481c44
-
Filesize
72KB
MD56e0707bff65d59ddea2fd77617d6d052
SHA1bc6420992ca5ad184a060a834ac69369bd7610b1
SHA2561b023db377ef4397ee1e89fda799993ddf155adc7c2626e90b368726b30ffb05
SHA512812b78d5eaa19ef0213452d724a0ab29525e7ad10d198575d5a64bcfd6387b6779c8889ecefbb1f46829cfd6db125a2dcfce67ea34cecac2d7a015a0ac481c44
-
Filesize
72KB
MD527882c2ad2e927e5652638e01cd1f32c
SHA16f3cb2edcee5408693bc385eea3293f5895882a6
SHA2562f3685a620c242ba0ba958aa54fce624eae07f98b315cddfb9b25a0404838634
SHA5128601392467c7f6a6072e1a559ab756866e500db179c830d4567b09c3ceaeff1fcb94eb21a44046d5bd10d5071c20ae9dc6bbda8bd2b9a63148cdaa334383e95a
-
Filesize
72KB
MD527882c2ad2e927e5652638e01cd1f32c
SHA16f3cb2edcee5408693bc385eea3293f5895882a6
SHA2562f3685a620c242ba0ba958aa54fce624eae07f98b315cddfb9b25a0404838634
SHA5128601392467c7f6a6072e1a559ab756866e500db179c830d4567b09c3ceaeff1fcb94eb21a44046d5bd10d5071c20ae9dc6bbda8bd2b9a63148cdaa334383e95a
-
Filesize
72KB
MD5b812afe89951c8ef80b88d0be5dc28ab
SHA145bb378e4c626337117b356a386223c6dd55724a
SHA2568728ec26e668787022ebf1be4dd45c666c5a66a94a80ff52576d95bcbceb7ac2
SHA5127a24f84101fe6be914ed51fcdceca155ed4c5e442959ea35e4cdce54cd85b96bbc8e1b26ccf087451675e041f748c76cda7f360f09fb38b85b7e37889ba9d856
-
Filesize
72KB
MD5b812afe89951c8ef80b88d0be5dc28ab
SHA145bb378e4c626337117b356a386223c6dd55724a
SHA2568728ec26e668787022ebf1be4dd45c666c5a66a94a80ff52576d95bcbceb7ac2
SHA5127a24f84101fe6be914ed51fcdceca155ed4c5e442959ea35e4cdce54cd85b96bbc8e1b26ccf087451675e041f748c76cda7f360f09fb38b85b7e37889ba9d856
-
Filesize
72KB
MD5b812afe89951c8ef80b88d0be5dc28ab
SHA145bb378e4c626337117b356a386223c6dd55724a
SHA2568728ec26e668787022ebf1be4dd45c666c5a66a94a80ff52576d95bcbceb7ac2
SHA5127a24f84101fe6be914ed51fcdceca155ed4c5e442959ea35e4cdce54cd85b96bbc8e1b26ccf087451675e041f748c76cda7f360f09fb38b85b7e37889ba9d856
-
Filesize
72KB
MD5b812afe89951c8ef80b88d0be5dc28ab
SHA145bb378e4c626337117b356a386223c6dd55724a
SHA2568728ec26e668787022ebf1be4dd45c666c5a66a94a80ff52576d95bcbceb7ac2
SHA5127a24f84101fe6be914ed51fcdceca155ed4c5e442959ea35e4cdce54cd85b96bbc8e1b26ccf087451675e041f748c76cda7f360f09fb38b85b7e37889ba9d856
-
Filesize
72KB
MD56f755f567992ca577f184af110e1e1db
SHA1faf161ac4a5cea31b39f734d6f454bead5e9cca2
SHA2568ffc29cd1aebddc1a438e758a1444578cc8ab15a4c7b41a49e574b4694da5a6f
SHA512f979b8a4afd436c906b801c4f52b49fee242d5167624a5ec6844edab4d379fd691ed49516967e140b040605e397aca4141ab9e61ab496ac4832777d6e727a2b7
-
Filesize
72KB
MD56f755f567992ca577f184af110e1e1db
SHA1faf161ac4a5cea31b39f734d6f454bead5e9cca2
SHA2568ffc29cd1aebddc1a438e758a1444578cc8ab15a4c7b41a49e574b4694da5a6f
SHA512f979b8a4afd436c906b801c4f52b49fee242d5167624a5ec6844edab4d379fd691ed49516967e140b040605e397aca4141ab9e61ab496ac4832777d6e727a2b7
-
Filesize
72KB
MD5894c43df5a711270475f6996f239806e
SHA164f0de921747a967d186bf4bc4ecf47549361004
SHA256161181268a3ba6d7419e0786c1d0f0b3777b66cc5c32da3f3a5f57441d81c55e
SHA512c14314ee3611f48fc59d4ac41f41bfe745a9c1de1f26e04b3c3866bd4599502c7c25951d88d8c6debad2842eef2fb5532ceceead782f30ea6f2631148e76848b
-
Filesize
72KB
MD5894c43df5a711270475f6996f239806e
SHA164f0de921747a967d186bf4bc4ecf47549361004
SHA256161181268a3ba6d7419e0786c1d0f0b3777b66cc5c32da3f3a5f57441d81c55e
SHA512c14314ee3611f48fc59d4ac41f41bfe745a9c1de1f26e04b3c3866bd4599502c7c25951d88d8c6debad2842eef2fb5532ceceead782f30ea6f2631148e76848b
-
Filesize
72KB
MD5b812afe89951c8ef80b88d0be5dc28ab
SHA145bb378e4c626337117b356a386223c6dd55724a
SHA2568728ec26e668787022ebf1be4dd45c666c5a66a94a80ff52576d95bcbceb7ac2
SHA5127a24f84101fe6be914ed51fcdceca155ed4c5e442959ea35e4cdce54cd85b96bbc8e1b26ccf087451675e041f748c76cda7f360f09fb38b85b7e37889ba9d856
-
Filesize
72KB
MD5b812afe89951c8ef80b88d0be5dc28ab
SHA145bb378e4c626337117b356a386223c6dd55724a
SHA2568728ec26e668787022ebf1be4dd45c666c5a66a94a80ff52576d95bcbceb7ac2
SHA5127a24f84101fe6be914ed51fcdceca155ed4c5e442959ea35e4cdce54cd85b96bbc8e1b26ccf087451675e041f748c76cda7f360f09fb38b85b7e37889ba9d856
-
Filesize
72KB
MD56f755f567992ca577f184af110e1e1db
SHA1faf161ac4a5cea31b39f734d6f454bead5e9cca2
SHA2568ffc29cd1aebddc1a438e758a1444578cc8ab15a4c7b41a49e574b4694da5a6f
SHA512f979b8a4afd436c906b801c4f52b49fee242d5167624a5ec6844edab4d379fd691ed49516967e140b040605e397aca4141ab9e61ab496ac4832777d6e727a2b7
-
Filesize
72KB
MD56f755f567992ca577f184af110e1e1db
SHA1faf161ac4a5cea31b39f734d6f454bead5e9cca2
SHA2568ffc29cd1aebddc1a438e758a1444578cc8ab15a4c7b41a49e574b4694da5a6f
SHA512f979b8a4afd436c906b801c4f52b49fee242d5167624a5ec6844edab4d379fd691ed49516967e140b040605e397aca4141ab9e61ab496ac4832777d6e727a2b7
-
Filesize
72KB
MD5c493d167a9e47a675c396c1a1c8aa900
SHA16587fc31e82b7a7a0052fb8a775d127993184b8a
SHA2564899da20a6cf1b1d7b25c3000cefd61d413b0a58f73532fa7b9e7c6fda32bc04
SHA512758fe04fc17590ce00d044eef1c4b76970cb8945c2a196a5fe69c907a16201d61f447fffda35c5881f43ae23c3b9f0acc51135b42a4886b02f5cb6bf786cf4f8
-
Filesize
72KB
MD5c493d167a9e47a675c396c1a1c8aa900
SHA16587fc31e82b7a7a0052fb8a775d127993184b8a
SHA2564899da20a6cf1b1d7b25c3000cefd61d413b0a58f73532fa7b9e7c6fda32bc04
SHA512758fe04fc17590ce00d044eef1c4b76970cb8945c2a196a5fe69c907a16201d61f447fffda35c5881f43ae23c3b9f0acc51135b42a4886b02f5cb6bf786cf4f8
-
Filesize
72KB
MD54af21cf44bd262b0ea350e90e482f44d
SHA1923a7108e039053ebaae28e5d80e433cc7d576ef
SHA256f952097c7ceefc1bb417d1ae1cf1880dd6dfa440d159b0c50c7ec31e4b09bdc3
SHA512a95c1b1f9d63a87d04aa2d39a095a9163d77123f3d3551e4e318033d54fe025f759a8deab055cc1d0c8d08d4b24503382a521c6f2392cb2397a76e1aeba111ac
-
Filesize
72KB
MD54af21cf44bd262b0ea350e90e482f44d
SHA1923a7108e039053ebaae28e5d80e433cc7d576ef
SHA256f952097c7ceefc1bb417d1ae1cf1880dd6dfa440d159b0c50c7ec31e4b09bdc3
SHA512a95c1b1f9d63a87d04aa2d39a095a9163d77123f3d3551e4e318033d54fe025f759a8deab055cc1d0c8d08d4b24503382a521c6f2392cb2397a76e1aeba111ac