Analysis
-
max time kernel
203s -
max time network
216s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
03/12/2022, 16:58
General
-
Target
895192d52a17bf395a52a96d11ad1e923502a251fc15c9f08ddd29655bf9eb07.exe
-
Size
72KB
-
MD5
06fc09de11e784014953ff83825b2be1
-
SHA1
7855520ce124e782f5ea313ea1d2be971b4a5763
-
SHA256
895192d52a17bf395a52a96d11ad1e923502a251fc15c9f08ddd29655bf9eb07
-
SHA512
861dd533ff535c04e7d3cd3a06d80ee21054c2fb03db71b2c2337515152dd518c6c6b6a095046277f4073f031d937a8898b7b13d79108693b4785ff0f67b2c50
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf25:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPN
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 25 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\895192d52a17bf395a52a96d11ad1e923502a251fc15c9f08ddd29655bf9eb07.exe"C:\Users\Admin\AppData\Local\Temp\895192d52a17bf395a52a96d11ad1e923502a251fc15c9f08ddd29655bf9eb07.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\1563821756\backup.exeC:\Users\Admin\AppData\Local\Temp\1563821756\backup.exe C:\Users\Admin\AppData\Local\Temp\1563821756\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\DESIGNER\System Restore.exe"C:\Program Files\Common Files\DESIGNER\System Restore.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-BR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-PT\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\data.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\data.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\System Restore.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\System Restore.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\VC\data.exe"C:\Program Files\Common Files\microsoft shared\VC\data.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\9⤵
- Disables RegEdit via registry modification
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\it-IT\data.exe"C:\Program Files\Common Files\System\it-IT\data.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\update.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\update.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\data.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\data.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- System policy modification
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\de-DE\System Restore.exe"C:\Program Files\Internet Explorer\de-DE\System Restore.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Java\update.exe"C:\Program Files\Java\update.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.8.0_66\db\update.exe"C:\Program Files\Java\jdk1.8.0_66\db\update.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\9⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\9⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\8⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\8⤵
-
-
-
-
C:\Program Files\Java\jre1.8.0_66\backup.exe"C:\Program Files\Java\jre1.8.0_66\backup.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
- System policy modification
-
C:\Program Files\Java\jre1.8.0_66\bin\update.exe"C:\Program Files\Java\jre1.8.0_66\bin\update.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\bin\plugin2\System Restore.exe"C:\Program Files\Java\jre1.8.0_66\bin\plugin2\System Restore.exe" C:\Program Files\Java\jre1.8.0_66\bin\plugin2\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\server\8⤵
-
-
-
C:\Program Files\Java\jre1.8.0_66\lib\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\7⤵
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
- System policy modification
-
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
-
-
-
C:\Program Files\Microsoft Office\Updates\backup.exe"C:\Program Files\Microsoft Office\Updates\backup.exe" C:\Program Files\Microsoft Office\Updates\6⤵
-
-
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
-
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\6⤵
-
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\9⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
- System policy modification
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\update.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\update.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\10⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\10⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\11⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\11⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\data.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\data.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\12⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\13⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\14⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\13⤵
-
-
-
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- Drops file in Program Files directory
-
-
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\update.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\update.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\update.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\update.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Policies\data.exe"C:\Program Files (x86)\Google\Policies\data.exe" C:\Program Files (x86)\Google\Policies\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Contacts\System Restore.exe"C:\Users\Admin\Contacts\System Restore.exe" C:\Users\Admin\Contacts\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Documents\update.exeC:\Users\Admin\Documents\update.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- System policy modification
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
- Disables RegEdit via registry modification
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- System policy modification
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
- Disables RegEdit via registry modification
-
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
-
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Drops file in Windows directory
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\apppatch\Custom\data.exeC:\Windows\apppatch\Custom\data.exe C:\Windows\apppatch\Custom\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
-
-
-
C:\Windows\apppatch\de-DE\backup.exeC:\Windows\apppatch\de-DE\backup.exe C:\Windows\apppatch\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Windows\apppatch\en-US\backup.exeC:\Windows\apppatch\en-US\backup.exe C:\Windows\apppatch\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\apppatch\CustomSDB\backup.exeC:\Windows\apppatch\CustomSDB\backup.exe C:\Windows\apppatch\CustomSDB\6⤵
- System policy modification
-
-
C:\Windows\apppatch\es-ES\backup.exeC:\Windows\apppatch\es-ES\backup.exe C:\Windows\apppatch\es-ES\6⤵
-
-
C:\Windows\apppatch\fr-FR\backup.exeC:\Windows\apppatch\fr-FR\backup.exe C:\Windows\apppatch\fr-FR\6⤵
-
-
C:\Windows\apppatch\it-IT\backup.exeC:\Windows\apppatch\it-IT\backup.exe C:\Windows\apppatch\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\apppatch\ja-JP\System Restore.exe"C:\Windows\apppatch\ja-JP\System Restore.exe" C:\Windows\apppatch\ja-JP\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Windows\AppReadiness\backup.exeC:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\5⤵
- System policy modification
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\update.exeC:\Windows\assembly\GAC\update.exe C:\Windows\assembly\GAC\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
- Disables RegEdit via registry modification
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Extensibility\backup.exeC:\Windows\assembly\GAC\Extensibility\backup.exe C:\Windows\assembly\GAC\Extensibility\7⤵
-
-
-
C:\Windows\assembly\GAC_32\backup.exeC:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\6⤵
-
-
-
C:\Windows\bcastdvr\backup.exeC:\Windows\bcastdvr\backup.exe C:\Windows\bcastdvr\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\update.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\update.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\2⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\1⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\2⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\2⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\3⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\3⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\3⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\1⤵
- Disables RegEdit via registry modification
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD526f7c186ebdf2147eace5b4a24f68831
SHA188470a0fbbc61db5ff0564c279712505050c0a5a
SHA256db6d66f45896125ea7e58a47234059970b527cfbeafc1a1e0814208c159c352c
SHA5120fe3e6d2f629b47d620216a93a1f3c8776810d96e356b2374c2a70c30f62027f4173c07f8c5bf42de766600c34d9347ef48263835f2ab489acfcabd64ce8a12c
-
Filesize
72KB
MD526f7c186ebdf2147eace5b4a24f68831
SHA188470a0fbbc61db5ff0564c279712505050c0a5a
SHA256db6d66f45896125ea7e58a47234059970b527cfbeafc1a1e0814208c159c352c
SHA5120fe3e6d2f629b47d620216a93a1f3c8776810d96e356b2374c2a70c30f62027f4173c07f8c5bf42de766600c34d9347ef48263835f2ab489acfcabd64ce8a12c
-
Filesize
72KB
MD51d1fee1d01d3e3b8d17ea6caf60a847a
SHA19a7a93c2de1b818431ae6f719872a8554a019534
SHA256a589750b711e444b9708afda1d293d955e2563e0663275afe4c5dabb1dc497e5
SHA512a34967185a6697407ecf4c3f6797948d537a2f54663bf58bb0283bf93025ed8bd9bd531d43cd72180fb8a321eeaa413ba2eb204df76072ec68a363b5cf5602be
-
Filesize
72KB
MD51d1fee1d01d3e3b8d17ea6caf60a847a
SHA19a7a93c2de1b818431ae6f719872a8554a019534
SHA256a589750b711e444b9708afda1d293d955e2563e0663275afe4c5dabb1dc497e5
SHA512a34967185a6697407ecf4c3f6797948d537a2f54663bf58bb0283bf93025ed8bd9bd531d43cd72180fb8a321eeaa413ba2eb204df76072ec68a363b5cf5602be
-
Filesize
72KB
MD5c0f5bf13ba92aee3a004d957698f3277
SHA15f76d13bbe487206a1b2c7b54c370c84a767e00a
SHA2564da48ffd745b5882fca6f53c14865a9646d8c1de72766f15c7fafadbebea6cf0
SHA51253a82d6a21b3e7463d0adbbf06755263aa2eef7cc0fa152f865aadb8a2bed5fe1c09329097138f6e8b2e4abd5aa34339e103716b5261f5a36fb09ceac238e66a
-
Filesize
72KB
MD5c0f5bf13ba92aee3a004d957698f3277
SHA15f76d13bbe487206a1b2c7b54c370c84a767e00a
SHA2564da48ffd745b5882fca6f53c14865a9646d8c1de72766f15c7fafadbebea6cf0
SHA51253a82d6a21b3e7463d0adbbf06755263aa2eef7cc0fa152f865aadb8a2bed5fe1c09329097138f6e8b2e4abd5aa34339e103716b5261f5a36fb09ceac238e66a
-
Filesize
72KB
MD5572121bec477858e7f8300018517791d
SHA1e0147a25c3312f91a01e09af1f636190717335fa
SHA256a15341e8b11379e7427fb7291c7bcb0d0c099d2fbcb1dddd1323bccd1eeda357
SHA51246e1b727f7e22991c0d23dd41ee3397b981562c9ed73593f8a5d45583a66e8596219ebd69d8faef525cd43456aa826b63b0a76b6092bf1e75cc264a597156c82
-
Filesize
72KB
MD5572121bec477858e7f8300018517791d
SHA1e0147a25c3312f91a01e09af1f636190717335fa
SHA256a15341e8b11379e7427fb7291c7bcb0d0c099d2fbcb1dddd1323bccd1eeda357
SHA51246e1b727f7e22991c0d23dd41ee3397b981562c9ed73593f8a5d45583a66e8596219ebd69d8faef525cd43456aa826b63b0a76b6092bf1e75cc264a597156c82
-
Filesize
72KB
MD5c0f5bf13ba92aee3a004d957698f3277
SHA15f76d13bbe487206a1b2c7b54c370c84a767e00a
SHA2564da48ffd745b5882fca6f53c14865a9646d8c1de72766f15c7fafadbebea6cf0
SHA51253a82d6a21b3e7463d0adbbf06755263aa2eef7cc0fa152f865aadb8a2bed5fe1c09329097138f6e8b2e4abd5aa34339e103716b5261f5a36fb09ceac238e66a
-
Filesize
72KB
MD5c0f5bf13ba92aee3a004d957698f3277
SHA15f76d13bbe487206a1b2c7b54c370c84a767e00a
SHA2564da48ffd745b5882fca6f53c14865a9646d8c1de72766f15c7fafadbebea6cf0
SHA51253a82d6a21b3e7463d0adbbf06755263aa2eef7cc0fa152f865aadb8a2bed5fe1c09329097138f6e8b2e4abd5aa34339e103716b5261f5a36fb09ceac238e66a
-
Filesize
72KB
MD5f2380be37a0479f31eb7f7a896c0fbbc
SHA1f47c759b8c4116ea2ebe785a31c62f559ee45f5e
SHA2565487e068c1ff67d99bdcf4407ebf84636a1413a81943223cadb4f80bcf38c1d9
SHA512e6483a1cc30791f894f51d3ec80ed656d4a723eb1eaa1d2194ee659ccf3191f322081a95bfe037cf72e784bf01a952feb1741c5a36dcc480ab5f4697f0acfa6b
-
Filesize
72KB
MD5f2380be37a0479f31eb7f7a896c0fbbc
SHA1f47c759b8c4116ea2ebe785a31c62f559ee45f5e
SHA2565487e068c1ff67d99bdcf4407ebf84636a1413a81943223cadb4f80bcf38c1d9
SHA512e6483a1cc30791f894f51d3ec80ed656d4a723eb1eaa1d2194ee659ccf3191f322081a95bfe037cf72e784bf01a952feb1741c5a36dcc480ab5f4697f0acfa6b
-
Filesize
72KB
MD5572121bec477858e7f8300018517791d
SHA1e0147a25c3312f91a01e09af1f636190717335fa
SHA256a15341e8b11379e7427fb7291c7bcb0d0c099d2fbcb1dddd1323bccd1eeda357
SHA51246e1b727f7e22991c0d23dd41ee3397b981562c9ed73593f8a5d45583a66e8596219ebd69d8faef525cd43456aa826b63b0a76b6092bf1e75cc264a597156c82
-
Filesize
72KB
MD5572121bec477858e7f8300018517791d
SHA1e0147a25c3312f91a01e09af1f636190717335fa
SHA256a15341e8b11379e7427fb7291c7bcb0d0c099d2fbcb1dddd1323bccd1eeda357
SHA51246e1b727f7e22991c0d23dd41ee3397b981562c9ed73593f8a5d45583a66e8596219ebd69d8faef525cd43456aa826b63b0a76b6092bf1e75cc264a597156c82
-
Filesize
72KB
MD5838c6bf7a7c3f8ebbe53d406a7706546
SHA19d4aff7d5b38644d085b41d55cdafae302edb180
SHA256668f187de0d8833772dfe1952882d24f2af2c828c89cb413ba65328d1b6476eb
SHA512cdc36fbc19dcdf6f03af38c418110386814c77e91e2ec202234e83ead984ef3dc1db490a27108715a5692f917585aaaf3055326d6fbcaa9333a42687be10884a
-
Filesize
72KB
MD5838c6bf7a7c3f8ebbe53d406a7706546
SHA19d4aff7d5b38644d085b41d55cdafae302edb180
SHA256668f187de0d8833772dfe1952882d24f2af2c828c89cb413ba65328d1b6476eb
SHA512cdc36fbc19dcdf6f03af38c418110386814c77e91e2ec202234e83ead984ef3dc1db490a27108715a5692f917585aaaf3055326d6fbcaa9333a42687be10884a
-
Filesize
72KB
MD58663d9b20b22f466daa005862ebfb86b
SHA1efb9149b00a74adaa37c106d3902aec328fe0176
SHA2564e8827e4393559aafc5f20bd14572ab0d3b477a25cd24fd566865f6f58a86b7a
SHA512350c6da291377bff4a1d4cbde0266208c19a25d897b31c2c8920aea9f967664aeccbec087c2e3cee8a81be444bfa7e1471f64250e8ec122e951892aafe8271d4
-
Filesize
72KB
MD58663d9b20b22f466daa005862ebfb86b
SHA1efb9149b00a74adaa37c106d3902aec328fe0176
SHA2564e8827e4393559aafc5f20bd14572ab0d3b477a25cd24fd566865f6f58a86b7a
SHA512350c6da291377bff4a1d4cbde0266208c19a25d897b31c2c8920aea9f967664aeccbec087c2e3cee8a81be444bfa7e1471f64250e8ec122e951892aafe8271d4
-
Filesize
72KB
MD50900d4891809e0c89159fa39610d107b
SHA18c29e8e446de9353c6a7af2d883682ae79b5f002
SHA256d08de4eaa1b573f98c16d5cfe3d056837a02a4f9d4c1ec5cfbfdd21d5b88eb6c
SHA512a0bede5c46ff20d9adbd0eaf18ebc094669f1528aa8976441ceb090ba88edc8197f80cf40e647db581b7b4b17e6c670e43c6ea256e2df7b3f75aee2a237a8e49
-
Filesize
72KB
MD50900d4891809e0c89159fa39610d107b
SHA18c29e8e446de9353c6a7af2d883682ae79b5f002
SHA256d08de4eaa1b573f98c16d5cfe3d056837a02a4f9d4c1ec5cfbfdd21d5b88eb6c
SHA512a0bede5c46ff20d9adbd0eaf18ebc094669f1528aa8976441ceb090ba88edc8197f80cf40e647db581b7b4b17e6c670e43c6ea256e2df7b3f75aee2a237a8e49
-
Filesize
72KB
MD5838c6bf7a7c3f8ebbe53d406a7706546
SHA19d4aff7d5b38644d085b41d55cdafae302edb180
SHA256668f187de0d8833772dfe1952882d24f2af2c828c89cb413ba65328d1b6476eb
SHA512cdc36fbc19dcdf6f03af38c418110386814c77e91e2ec202234e83ead984ef3dc1db490a27108715a5692f917585aaaf3055326d6fbcaa9333a42687be10884a
-
Filesize
72KB
MD5838c6bf7a7c3f8ebbe53d406a7706546
SHA19d4aff7d5b38644d085b41d55cdafae302edb180
SHA256668f187de0d8833772dfe1952882d24f2af2c828c89cb413ba65328d1b6476eb
SHA512cdc36fbc19dcdf6f03af38c418110386814c77e91e2ec202234e83ead984ef3dc1db490a27108715a5692f917585aaaf3055326d6fbcaa9333a42687be10884a
-
Filesize
72KB
MD577c44a5c9709bb19043d3f05f21a21e8
SHA1585d98f7d2b8cd06d66586c5caf11a65e2479a8c
SHA256675b904b0e579aa5d83bd522373fb963d2d6eb0e4102234ccd2f42eb3874f5c7
SHA51223c05217bfcda8c01be3e0018694e591b077c0bbcf68484c7ca026fc608113b0a3bef69554cc86c8afb1f8b52af058d9b8d948a665ddf250d5d027e5984ca2d0
-
Filesize
72KB
MD577c44a5c9709bb19043d3f05f21a21e8
SHA1585d98f7d2b8cd06d66586c5caf11a65e2479a8c
SHA256675b904b0e579aa5d83bd522373fb963d2d6eb0e4102234ccd2f42eb3874f5c7
SHA51223c05217bfcda8c01be3e0018694e591b077c0bbcf68484c7ca026fc608113b0a3bef69554cc86c8afb1f8b52af058d9b8d948a665ddf250d5d027e5984ca2d0
-
Filesize
72KB
MD577c44a5c9709bb19043d3f05f21a21e8
SHA1585d98f7d2b8cd06d66586c5caf11a65e2479a8c
SHA256675b904b0e579aa5d83bd522373fb963d2d6eb0e4102234ccd2f42eb3874f5c7
SHA51223c05217bfcda8c01be3e0018694e591b077c0bbcf68484c7ca026fc608113b0a3bef69554cc86c8afb1f8b52af058d9b8d948a665ddf250d5d027e5984ca2d0
-
Filesize
72KB
MD577c44a5c9709bb19043d3f05f21a21e8
SHA1585d98f7d2b8cd06d66586c5caf11a65e2479a8c
SHA256675b904b0e579aa5d83bd522373fb963d2d6eb0e4102234ccd2f42eb3874f5c7
SHA51223c05217bfcda8c01be3e0018694e591b077c0bbcf68484c7ca026fc608113b0a3bef69554cc86c8afb1f8b52af058d9b8d948a665ddf250d5d027e5984ca2d0
-
Filesize
72KB
MD577c44a5c9709bb19043d3f05f21a21e8
SHA1585d98f7d2b8cd06d66586c5caf11a65e2479a8c
SHA256675b904b0e579aa5d83bd522373fb963d2d6eb0e4102234ccd2f42eb3874f5c7
SHA51223c05217bfcda8c01be3e0018694e591b077c0bbcf68484c7ca026fc608113b0a3bef69554cc86c8afb1f8b52af058d9b8d948a665ddf250d5d027e5984ca2d0
-
Filesize
72KB
MD577c44a5c9709bb19043d3f05f21a21e8
SHA1585d98f7d2b8cd06d66586c5caf11a65e2479a8c
SHA256675b904b0e579aa5d83bd522373fb963d2d6eb0e4102234ccd2f42eb3874f5c7
SHA51223c05217bfcda8c01be3e0018694e591b077c0bbcf68484c7ca026fc608113b0a3bef69554cc86c8afb1f8b52af058d9b8d948a665ddf250d5d027e5984ca2d0
-
Filesize
72KB
MD577c44a5c9709bb19043d3f05f21a21e8
SHA1585d98f7d2b8cd06d66586c5caf11a65e2479a8c
SHA256675b904b0e579aa5d83bd522373fb963d2d6eb0e4102234ccd2f42eb3874f5c7
SHA51223c05217bfcda8c01be3e0018694e591b077c0bbcf68484c7ca026fc608113b0a3bef69554cc86c8afb1f8b52af058d9b8d948a665ddf250d5d027e5984ca2d0
-
Filesize
72KB
MD577c44a5c9709bb19043d3f05f21a21e8
SHA1585d98f7d2b8cd06d66586c5caf11a65e2479a8c
SHA256675b904b0e579aa5d83bd522373fb963d2d6eb0e4102234ccd2f42eb3874f5c7
SHA51223c05217bfcda8c01be3e0018694e591b077c0bbcf68484c7ca026fc608113b0a3bef69554cc86c8afb1f8b52af058d9b8d948a665ddf250d5d027e5984ca2d0
-
Filesize
72KB
MD577c44a5c9709bb19043d3f05f21a21e8
SHA1585d98f7d2b8cd06d66586c5caf11a65e2479a8c
SHA256675b904b0e579aa5d83bd522373fb963d2d6eb0e4102234ccd2f42eb3874f5c7
SHA51223c05217bfcda8c01be3e0018694e591b077c0bbcf68484c7ca026fc608113b0a3bef69554cc86c8afb1f8b52af058d9b8d948a665ddf250d5d027e5984ca2d0
-
Filesize
72KB
MD577c44a5c9709bb19043d3f05f21a21e8
SHA1585d98f7d2b8cd06d66586c5caf11a65e2479a8c
SHA256675b904b0e579aa5d83bd522373fb963d2d6eb0e4102234ccd2f42eb3874f5c7
SHA51223c05217bfcda8c01be3e0018694e591b077c0bbcf68484c7ca026fc608113b0a3bef69554cc86c8afb1f8b52af058d9b8d948a665ddf250d5d027e5984ca2d0
-
Filesize
72KB
MD54523db69715d0a5db91f231c800f2959
SHA1f2e724e179ceccf05762e362db1a54a98687f5c2
SHA2561e70afdf74eb0f5ab6125f9b9aaf8df2378bf073b13d8026db7e485f4cfab0a6
SHA512a614c57651be126e27847caa9e8b601a9453c5a57836a5d7bd723150a008f423095fc77a0e519c38be0df93de0c8edf3c7730616381189d5216945a481f0a4f2
-
Filesize
72KB
MD54523db69715d0a5db91f231c800f2959
SHA1f2e724e179ceccf05762e362db1a54a98687f5c2
SHA2561e70afdf74eb0f5ab6125f9b9aaf8df2378bf073b13d8026db7e485f4cfab0a6
SHA512a614c57651be126e27847caa9e8b601a9453c5a57836a5d7bd723150a008f423095fc77a0e519c38be0df93de0c8edf3c7730616381189d5216945a481f0a4f2
-
Filesize
72KB
MD58705a179f53d798e44d7516ca5b8ed14
SHA12d4d994a195e05f41728aa86b97c13849a67de76
SHA25620c6383c60e3da5c28de4ec20b5d15a3b57ede07eb0b30e68de114e1ccf3f79b
SHA51283468a22beff0b3ca23471bacea9d14bef8805f41e21220c66a99298a79f432be9708c5263f12f118699ff892dad85e2140d58443bc5b02157dfa7a5f434b3a2
-
Filesize
72KB
MD58705a179f53d798e44d7516ca5b8ed14
SHA12d4d994a195e05f41728aa86b97c13849a67de76
SHA25620c6383c60e3da5c28de4ec20b5d15a3b57ede07eb0b30e68de114e1ccf3f79b
SHA51283468a22beff0b3ca23471bacea9d14bef8805f41e21220c66a99298a79f432be9708c5263f12f118699ff892dad85e2140d58443bc5b02157dfa7a5f434b3a2
-
Filesize
72KB
MD58705a179f53d798e44d7516ca5b8ed14
SHA12d4d994a195e05f41728aa86b97c13849a67de76
SHA25620c6383c60e3da5c28de4ec20b5d15a3b57ede07eb0b30e68de114e1ccf3f79b
SHA51283468a22beff0b3ca23471bacea9d14bef8805f41e21220c66a99298a79f432be9708c5263f12f118699ff892dad85e2140d58443bc5b02157dfa7a5f434b3a2
-
Filesize
72KB
MD58705a179f53d798e44d7516ca5b8ed14
SHA12d4d994a195e05f41728aa86b97c13849a67de76
SHA25620c6383c60e3da5c28de4ec20b5d15a3b57ede07eb0b30e68de114e1ccf3f79b
SHA51283468a22beff0b3ca23471bacea9d14bef8805f41e21220c66a99298a79f432be9708c5263f12f118699ff892dad85e2140d58443bc5b02157dfa7a5f434b3a2
-
Filesize
72KB
MD58705a179f53d798e44d7516ca5b8ed14
SHA12d4d994a195e05f41728aa86b97c13849a67de76
SHA25620c6383c60e3da5c28de4ec20b5d15a3b57ede07eb0b30e68de114e1ccf3f79b
SHA51283468a22beff0b3ca23471bacea9d14bef8805f41e21220c66a99298a79f432be9708c5263f12f118699ff892dad85e2140d58443bc5b02157dfa7a5f434b3a2
-
Filesize
72KB
MD58705a179f53d798e44d7516ca5b8ed14
SHA12d4d994a195e05f41728aa86b97c13849a67de76
SHA25620c6383c60e3da5c28de4ec20b5d15a3b57ede07eb0b30e68de114e1ccf3f79b
SHA51283468a22beff0b3ca23471bacea9d14bef8805f41e21220c66a99298a79f432be9708c5263f12f118699ff892dad85e2140d58443bc5b02157dfa7a5f434b3a2
-
Filesize
72KB
MD52c16fbd10d754b9ef3c115a63d298c03
SHA1d36ad629f515fec16f960e56e3789fe4e6af068e
SHA256c8705e53d419e6994525895ca786d791fe4d2bd3b28b2ca2eee4ab2b2c0c4811
SHA512df1bb648c5c60c45e7e7949553bc1340fd4065e3584d2ecde476191aa785cbf632cbd1d053f611b4563a06cefecfec08c1bca84ab898bf88b49331d804ac1710
-
Filesize
72KB
MD52c16fbd10d754b9ef3c115a63d298c03
SHA1d36ad629f515fec16f960e56e3789fe4e6af068e
SHA256c8705e53d419e6994525895ca786d791fe4d2bd3b28b2ca2eee4ab2b2c0c4811
SHA512df1bb648c5c60c45e7e7949553bc1340fd4065e3584d2ecde476191aa785cbf632cbd1d053f611b4563a06cefecfec08c1bca84ab898bf88b49331d804ac1710
-
Filesize
72KB
MD572e46ce0a42030d1bdc0da30df9da1be
SHA123d52d0197d5e0829b75bc3819a4c2cef8a0ae92
SHA2568ec61f05b6dedcec77ab11a269ee6d5af59215959e3610e9ecf5793db00d0408
SHA5120251ca2c10b75bf2c32d42ce31b147865721b988f895bde5846147d7143dc25a65129c73800517f19e96b93d37bcf5fe7edd190f282a10e185495ae6b98b65df
-
Filesize
72KB
MD572e46ce0a42030d1bdc0da30df9da1be
SHA123d52d0197d5e0829b75bc3819a4c2cef8a0ae92
SHA2568ec61f05b6dedcec77ab11a269ee6d5af59215959e3610e9ecf5793db00d0408
SHA5120251ca2c10b75bf2c32d42ce31b147865721b988f895bde5846147d7143dc25a65129c73800517f19e96b93d37bcf5fe7edd190f282a10e185495ae6b98b65df
-
Filesize
72KB
MD526f7c186ebdf2147eace5b4a24f68831
SHA188470a0fbbc61db5ff0564c279712505050c0a5a
SHA256db6d66f45896125ea7e58a47234059970b527cfbeafc1a1e0814208c159c352c
SHA5120fe3e6d2f629b47d620216a93a1f3c8776810d96e356b2374c2a70c30f62027f4173c07f8c5bf42de766600c34d9347ef48263835f2ab489acfcabd64ce8a12c
-
Filesize
72KB
MD526f7c186ebdf2147eace5b4a24f68831
SHA188470a0fbbc61db5ff0564c279712505050c0a5a
SHA256db6d66f45896125ea7e58a47234059970b527cfbeafc1a1e0814208c159c352c
SHA5120fe3e6d2f629b47d620216a93a1f3c8776810d96e356b2374c2a70c30f62027f4173c07f8c5bf42de766600c34d9347ef48263835f2ab489acfcabd64ce8a12c
-
Filesize
72KB
MD5945d17acc42e2885eb58bdcb1dfdbbfc
SHA1c5200b1f3ce2d4d32db13bf6f8db95cdb2ada2b1
SHA2561a76be5a22153351d2f13057bfe151ebde447070025f24f8ec442ccdee5449ee
SHA51211e28b2ef46bef5efd78c7c57561373c2e4813d6abcb2a69f71f6a7f23200145c7673b3bb009b65578768a2a3ed4877aeb66c01bff64ab9f94373c4f7688de4c
-
Filesize
72KB
MD5945d17acc42e2885eb58bdcb1dfdbbfc
SHA1c5200b1f3ce2d4d32db13bf6f8db95cdb2ada2b1
SHA2561a76be5a22153351d2f13057bfe151ebde447070025f24f8ec442ccdee5449ee
SHA51211e28b2ef46bef5efd78c7c57561373c2e4813d6abcb2a69f71f6a7f23200145c7673b3bb009b65578768a2a3ed4877aeb66c01bff64ab9f94373c4f7688de4c
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD5ef24a2076a566e69b56cb531f183d48c
SHA128ba883f8805390a922d3843489fe92aca048bb3
SHA256465412008e1a0de0d6d48c5b68f3732dffe23436e2501ed43f98bbc6ae387f5b
SHA512a2f5102a7c5236fc9e1e09f1678e20711e475c74ccc574e53eaac430be76e15eb60e69367ad67010cd1aaaabae376d58c18b65bfee12dc8d437a9b0da439222d
-
Filesize
72KB
MD505c7275f9dfb3fd151c46721ba0029d6
SHA1ca91a181e40f968f2972c070b7f36e7cfc5ff4d6
SHA2565a91f45ecee2da050ec49d482ee4fdc6e0d37c72c7a71e74bebbd9f2d06fa21d
SHA512abf08e11115eaf3cf44efec65e5115c284ce20c5c070fe3c8588e22ca68b4742e4b37817081adc283b336e88972a4b6bb9134d241d33c140c1a2de882741603c
-
Filesize
72KB
MD505c7275f9dfb3fd151c46721ba0029d6
SHA1ca91a181e40f968f2972c070b7f36e7cfc5ff4d6
SHA2565a91f45ecee2da050ec49d482ee4fdc6e0d37c72c7a71e74bebbd9f2d06fa21d
SHA512abf08e11115eaf3cf44efec65e5115c284ce20c5c070fe3c8588e22ca68b4742e4b37817081adc283b336e88972a4b6bb9134d241d33c140c1a2de882741603c
-
Filesize
72KB
MD5520c769c06c294bb24d5928b54beccdc
SHA1b76aacbb8bcdb66a59f7bc2496704c826c629a69
SHA256b25dd5056fd8cd199346c5b6079ef7b8a03e872047552bdff79dcc4cb8e6bba0
SHA512307934b30b90f02c6b4f02854d987bb268b91d80dba0be2d1c5ce757646a622aa12300e38c9ceaf4c2313e4c8453fc16e233cd2f010ec8a7a9dcd1e00b43260c
-
Filesize
72KB
MD5520c769c06c294bb24d5928b54beccdc
SHA1b76aacbb8bcdb66a59f7bc2496704c826c629a69
SHA256b25dd5056fd8cd199346c5b6079ef7b8a03e872047552bdff79dcc4cb8e6bba0
SHA512307934b30b90f02c6b4f02854d987bb268b91d80dba0be2d1c5ce757646a622aa12300e38c9ceaf4c2313e4c8453fc16e233cd2f010ec8a7a9dcd1e00b43260c