Analysis
-
max time kernel
149s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
03/12/2022, 16:59
General
-
Target
842c5fc4f7f33140bb3e6884a0353509586aec57d1d2571091025da71c9db3a0.exe
-
Size
72KB
-
MD5
00d1505f71c9e21590d98f707524d1d7
-
SHA1
f6fb2df487e717ad902eb0b0b70272bb4a2aac50
-
SHA256
842c5fc4f7f33140bb3e6884a0353509586aec57d1d2571091025da71c9db3a0
-
SHA512
969f444e19c9afca5b2b337fc712355d05cf14c312c8d61dc160c08bb85648b19ed61db74589ceb7e0653f70ffa4db43bfb73ba35353cb590e474be6089413ce
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2G:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPy
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\842c5fc4f7f33140bb3e6884a0353509586aec57d1d2571091025da71c9db3a0.exe"C:\Users\Admin\AppData\Local\Temp\842c5fc4f7f33140bb3e6884a0353509586aec57d1d2571091025da71c9db3a0.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\4103401818\backup.exeC:\Users\Admin\AppData\Local\Temp\4103401818\backup.exe C:\Users\Admin\AppData\Local\Temp\4103401818\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\System Restore.exe"C:\Program Files\System Restore.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\data.exe"C:\Program Files\7-Zip\data.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\System Restore.exe"C:\Program Files\Common Files\SpeechEngines\System Restore.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- System policy modification
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\fr-FR\System Restore.exe"C:\Program Files\DVD Maker\fr-FR\System Restore.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\data.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\data.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
C:\Program Files\Google\Chrome\System Restore.exe"C:\Program Files\Google\Chrome\System Restore.exe" C:\Program Files\Google\Chrome\6⤵
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
-
C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\bin\7⤵
-
-
-
C:\Program Files\Java\jre7\backup.exe"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\6⤵
-
-
-
C:\Program Files\Microsoft Games\data.exe"C:\Program Files\Microsoft Games\data.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
-
C:\Program Files (x86)\data.exe"C:\Program Files (x86)\data.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Executes dropped EXE
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Services\data.exe"C:\Program Files (x86)\Common Files\Services\data.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Internet Explorer\de-DE\data.exe"C:\Program Files (x86)\Internet Explorer\de-DE\data.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\data.exe"C:\Program Files (x86)\Microsoft Office\data.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
C:\Users\Public\Music\Sample Music\System Restore.exe"C:\Users\Public\Music\Sample Music\System Restore.exe" C:\Users\Public\Music\Sample Music\7⤵
-
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
-
C:\Users\Public\Recorded TV\backup.exe"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\6⤵
-
-
C:\Users\Public\Videos\data.exeC:\Users\Public\Videos\data.exe C:\Users\Public\Videos\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
-
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
-
C:\Windows\CSC\backup.exeC:\Windows\CSC\backup.exe C:\Windows\CSC\5⤵
-
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD57db619b4c4ab6bb8391f8fac73680dd6
SHA1885814fdd4084e265d65d3c2e04d3ee3c7de8248
SHA2569f780a5cbb327e2cf7e1688d9f86f4e0eb514fc6d8afe863660cc6f30f440d4a
SHA512433718443cdfc30e73c01e3efe6cca38c2826837cb7108b51231aa39b33cd7e1e063342e7743ac95277241c691d3696320fe4677f6f02092536ab58d5cb971b6
-
Filesize
72KB
MD5500fc070672a15fb95a5f7174b4a6339
SHA184f17b0781c0a73208731a3607559db344a9f340
SHA2562124422aa9069533a3a6d1903dda151d6ea95924cb30906c34db6122f6888a5b
SHA5125ebd464868cefb4df4bdf0d9d2471b835c8542aeb49f30d370006df6b9116660fdecedd7e39e5acbe161b509dc7404466e227a7ff4b1daea6185463afed9c338
-
Filesize
72KB
MD5500fc070672a15fb95a5f7174b4a6339
SHA184f17b0781c0a73208731a3607559db344a9f340
SHA2562124422aa9069533a3a6d1903dda151d6ea95924cb30906c34db6122f6888a5b
SHA5125ebd464868cefb4df4bdf0d9d2471b835c8542aeb49f30d370006df6b9116660fdecedd7e39e5acbe161b509dc7404466e227a7ff4b1daea6185463afed9c338
-
Filesize
72KB
MD57ae1a20e29232cd8df6325698cc65153
SHA15bb163f3d6252d65a3653671de2519f0f29f1832
SHA256993fc6106ce19859cf8cf8b5bab6b351cceddebf9d88352b1144e5fd91fa86cf
SHA51210b189133836ca447d397d0e8dd2692f1305f01dcd5be8661bab12794706c19af463dc93b3cb87b65880290e818fb656599075b6fffc49972bc50cc131012428
-
Filesize
72KB
MD52d83e3a42aeff01b36128c5c58b6e02a
SHA1ff77323724376fac121ad151d92bd81d890cc442
SHA25641589c202ba6542082b71f0263b702fe9ae45b3106fe65e67221518e1f73df2f
SHA512e497f26cd263d46b94645611ddcf7430cda68cecd3f0ad1e79d723c191965b59e407bbc8b84c48c1b024d5a095cafdd046c6c2290c9b7446e877105b295ed73a
-
Filesize
72KB
MD52d83e3a42aeff01b36128c5c58b6e02a
SHA1ff77323724376fac121ad151d92bd81d890cc442
SHA25641589c202ba6542082b71f0263b702fe9ae45b3106fe65e67221518e1f73df2f
SHA512e497f26cd263d46b94645611ddcf7430cda68cecd3f0ad1e79d723c191965b59e407bbc8b84c48c1b024d5a095cafdd046c6c2290c9b7446e877105b295ed73a
-
Filesize
72KB
MD581644f1b146aa9e2d217c5153769f1f9
SHA109ff5a7a619759952d1d758d34c7705d63b10416
SHA2569afd5f3ad3b88b49a3ace721cd2873b83c674b37a75cc795e3e96192a55c3426
SHA512f165d3003726941bcad3bca96f0a2c667b6f5534180089eff92feae172ba64831354fbd4ee168e1dfec4174e5ba90aa7030281e18e9205a95bd290aa27993cea
-
Filesize
72KB
MD516d35c254ac183438b269a1151f71af5
SHA198976aa19f1a34756f4f6be032cef8bf4ef53c9a
SHA25626e152f5120f3e91244243d4bebb28cdeb73125c81cf27ab1816d431ce990696
SHA512062d0c61c37aa21ffbbb379d52852eb02c4a53fbdb8c65904844babfe5a330ad85b8de44765c13d10007191027d6acab09655034c17ac117aad8aa12837215f2
-
Filesize
72KB
MD516d35c254ac183438b269a1151f71af5
SHA198976aa19f1a34756f4f6be032cef8bf4ef53c9a
SHA25626e152f5120f3e91244243d4bebb28cdeb73125c81cf27ab1816d431ce990696
SHA512062d0c61c37aa21ffbbb379d52852eb02c4a53fbdb8c65904844babfe5a330ad85b8de44765c13d10007191027d6acab09655034c17ac117aad8aa12837215f2
-
Filesize
72KB
MD5f03e530329a66fc02c5b546a5df13698
SHA19382698a64b58078c85e77bdd0a2bb72e0bddeca
SHA2560716d9af5073f04951bb63a974db22c554bfeb64efb49083abf542ca7c6f884f
SHA512428b99567d722c1b28b3cdf8f62734e8ba3ea0ce50c30645b941498cbc5d6f8fc1b6b2c701df932c7ab0be27d0348460c9f8b2d69de7295bf8a30f14bd90daff
-
Filesize
72KB
MD581644f1b146aa9e2d217c5153769f1f9
SHA109ff5a7a619759952d1d758d34c7705d63b10416
SHA2569afd5f3ad3b88b49a3ace721cd2873b83c674b37a75cc795e3e96192a55c3426
SHA512f165d3003726941bcad3bca96f0a2c667b6f5534180089eff92feae172ba64831354fbd4ee168e1dfec4174e5ba90aa7030281e18e9205a95bd290aa27993cea
-
Filesize
72KB
MD581644f1b146aa9e2d217c5153769f1f9
SHA109ff5a7a619759952d1d758d34c7705d63b10416
SHA2569afd5f3ad3b88b49a3ace721cd2873b83c674b37a75cc795e3e96192a55c3426
SHA512f165d3003726941bcad3bca96f0a2c667b6f5534180089eff92feae172ba64831354fbd4ee168e1dfec4174e5ba90aa7030281e18e9205a95bd290aa27993cea
-
Filesize
72KB
MD5f03e530329a66fc02c5b546a5df13698
SHA19382698a64b58078c85e77bdd0a2bb72e0bddeca
SHA2560716d9af5073f04951bb63a974db22c554bfeb64efb49083abf542ca7c6f884f
SHA512428b99567d722c1b28b3cdf8f62734e8ba3ea0ce50c30645b941498cbc5d6f8fc1b6b2c701df932c7ab0be27d0348460c9f8b2d69de7295bf8a30f14bd90daff
-
Filesize
72KB
MD58c764c6ca975becd8bcabad123605990
SHA1cb2a455393f8281ea152fb60adb7cb6eb55c593e
SHA256513839d7ab37243923a1f9e5752e1c32f9d865906e34efb530055cef3bc7aed8
SHA512d5b0f1e9c4d1fe75312c7c33449ee19796a4d6a4c12ff571d75ca5dd21e8da475fb289aa18dfac9be56440c1508dd8e7dd19cc32e6d4b8b2785296c80f075835
-
Filesize
72KB
MD58c764c6ca975becd8bcabad123605990
SHA1cb2a455393f8281ea152fb60adb7cb6eb55c593e
SHA256513839d7ab37243923a1f9e5752e1c32f9d865906e34efb530055cef3bc7aed8
SHA512d5b0f1e9c4d1fe75312c7c33449ee19796a4d6a4c12ff571d75ca5dd21e8da475fb289aa18dfac9be56440c1508dd8e7dd19cc32e6d4b8b2785296c80f075835
-
Filesize
72KB
MD510d9ad024548ceb5c9d15f693538b264
SHA167b7691e98cd69b11373ef88a040157cc2ccc63d
SHA2561df0135d9a532db4977036125be6ecd607b601d845cf6f496b43d460b2576a87
SHA5127983167b9b6a970e87859e05cc7f03dcb14155997e0c270c4d31327ff63641bd7f11250c0f9c76519e6ea44e95cbff8d04642bb882fd66ff78ae41aa989e736b
-
Filesize
72KB
MD510d9ad024548ceb5c9d15f693538b264
SHA167b7691e98cd69b11373ef88a040157cc2ccc63d
SHA2561df0135d9a532db4977036125be6ecd607b601d845cf6f496b43d460b2576a87
SHA5127983167b9b6a970e87859e05cc7f03dcb14155997e0c270c4d31327ff63641bd7f11250c0f9c76519e6ea44e95cbff8d04642bb882fd66ff78ae41aa989e736b
-
Filesize
72KB
MD5090058b7398ba4485855be5131419056
SHA1aae4ead2dae21849648fd2bf5f5bc7a73c940d10
SHA256b7033918efa322f336506b798933e822eda7f140c721d771f0c3fe00ada900c2
SHA512f02015c18a061b92e8b3083448a65bc55e9413f92e8b1f87f132fed21546930b626e2c3161f8ba6d21f3251c3862d17224bd4b338c1fe694cc0266f77a450598
-
Filesize
72KB
MD5090058b7398ba4485855be5131419056
SHA1aae4ead2dae21849648fd2bf5f5bc7a73c940d10
SHA256b7033918efa322f336506b798933e822eda7f140c721d771f0c3fe00ada900c2
SHA512f02015c18a061b92e8b3083448a65bc55e9413f92e8b1f87f132fed21546930b626e2c3161f8ba6d21f3251c3862d17224bd4b338c1fe694cc0266f77a450598
-
Filesize
72KB
MD5cf89e01d008a5d1ce752b537a15858bc
SHA1c5b76e758a95737096b8fc2c7e703bd5529c1db9
SHA2564f1e2028fcc16a5dc8c7ce6ac43b7e74ae099e404c565d73e9dd105ce4369d9f
SHA512ab37f579f580d9ecb9f1227d9d00c2c64a0f3185f60c553e5fa58844e767996371f4deea3ee23f50d4b127a07951d94968ac9375df4c5c50a729904e29e34728
-
Filesize
72KB
MD5af71007abdfc0265443ff534ecbaf9b7
SHA1d60028ebbe99b01729809074a04ce76a3caa9b01
SHA256475543f92372ee04316679abfb2ef55520560d51ab83080136ade70ee422e3a1
SHA512ba396ef03f116fc0152a34495b5d36cb499d39baab1c935d1470b26dcb6a0c6edef3ce10d9c24e07b67cefa88585b33fdf5af4dd18cfa552f3f6b011ee6f1add
-
Filesize
72KB
MD56f3c78dc4db4480f73b1cbd933bb8730
SHA128163791e8437aae4a47eb1a2a000692a0067c77
SHA25630b38fd8e5371988710099f16134c5920c71550ec4061df928dee6b84b692155
SHA512ab2c463a7064343366d2ee0e6e2b24ca7a49e98f794996b739850a1f81756c2ad7c180084b093e86ff5742da656fd0fefe7cb60e1fdb3cb46342b4a17b342bb9
-
Filesize
72KB
MD5700348da8871facf6180d824e48516c4
SHA1979f0f6dc9e8b5877f0cecc49effcfc7051c192b
SHA25669b95c9162da1396b45c79303848087c2546c677b67ba697b345876d5e0570dd
SHA512cba7448b17d21ef192dd70ed799457448e6f21e9ba373db627da6890bfce334d77ea20604771b77f3b41c65c10a9b5c439a6e8789f8d1d995e5c8bfd8e24588c
-
Filesize
72KB
MD53e06965f05ed911c2bfe4e3daaa9c2d0
SHA138ebdb740b51796f2f45254c0e5000682119d0da
SHA2565e18fd718da047620b3af7f89b9f6c1e8d08018d312f02d1b0c897e9f75fd757
SHA5126e8d02ebe1f84969e63dff10647721d7c3c095a74e2c2d09e8507841c37369c3b80ef0f98df45c681055dbe2d0bbae06e4b712bde59662c1057f49808e4962d1
-
Filesize
72KB
MD56f3c78dc4db4480f73b1cbd933bb8730
SHA128163791e8437aae4a47eb1a2a000692a0067c77
SHA25630b38fd8e5371988710099f16134c5920c71550ec4061df928dee6b84b692155
SHA512ab2c463a7064343366d2ee0e6e2b24ca7a49e98f794996b739850a1f81756c2ad7c180084b093e86ff5742da656fd0fefe7cb60e1fdb3cb46342b4a17b342bb9
-
Filesize
72KB
MD589b36296bfd09ae764147c58f03aa221
SHA18a86b26f22b319f46e31c81196f8a632c7c30a18
SHA2560e6939888bc3b2cc3b8176b7e74e7ac1b82bcb626918a911899d373d9c4b604b
SHA5126203a14493d7df8b7ddac08b21d85c308923c4d0e5c7ead85959fa740aab5b897b67114efd479d47f83da6cfefd3926c9e2a56b9d5bc376c687e90bae641cdf4
-
Filesize
72KB
MD589b36296bfd09ae764147c58f03aa221
SHA18a86b26f22b319f46e31c81196f8a632c7c30a18
SHA2560e6939888bc3b2cc3b8176b7e74e7ac1b82bcb626918a911899d373d9c4b604b
SHA5126203a14493d7df8b7ddac08b21d85c308923c4d0e5c7ead85959fa740aab5b897b67114efd479d47f83da6cfefd3926c9e2a56b9d5bc376c687e90bae641cdf4
-
Filesize
72KB
MD57db619b4c4ab6bb8391f8fac73680dd6
SHA1885814fdd4084e265d65d3c2e04d3ee3c7de8248
SHA2569f780a5cbb327e2cf7e1688d9f86f4e0eb514fc6d8afe863660cc6f30f440d4a
SHA512433718443cdfc30e73c01e3efe6cca38c2826837cb7108b51231aa39b33cd7e1e063342e7743ac95277241c691d3696320fe4677f6f02092536ab58d5cb971b6
-
Filesize
72KB
MD57db619b4c4ab6bb8391f8fac73680dd6
SHA1885814fdd4084e265d65d3c2e04d3ee3c7de8248
SHA2569f780a5cbb327e2cf7e1688d9f86f4e0eb514fc6d8afe863660cc6f30f440d4a
SHA512433718443cdfc30e73c01e3efe6cca38c2826837cb7108b51231aa39b33cd7e1e063342e7743ac95277241c691d3696320fe4677f6f02092536ab58d5cb971b6
-
Filesize
72KB
MD5500fc070672a15fb95a5f7174b4a6339
SHA184f17b0781c0a73208731a3607559db344a9f340
SHA2562124422aa9069533a3a6d1903dda151d6ea95924cb30906c34db6122f6888a5b
SHA5125ebd464868cefb4df4bdf0d9d2471b835c8542aeb49f30d370006df6b9116660fdecedd7e39e5acbe161b509dc7404466e227a7ff4b1daea6185463afed9c338
-
Filesize
72KB
MD5500fc070672a15fb95a5f7174b4a6339
SHA184f17b0781c0a73208731a3607559db344a9f340
SHA2562124422aa9069533a3a6d1903dda151d6ea95924cb30906c34db6122f6888a5b
SHA5125ebd464868cefb4df4bdf0d9d2471b835c8542aeb49f30d370006df6b9116660fdecedd7e39e5acbe161b509dc7404466e227a7ff4b1daea6185463afed9c338
-
Filesize
72KB
MD57ae1a20e29232cd8df6325698cc65153
SHA15bb163f3d6252d65a3653671de2519f0f29f1832
SHA256993fc6106ce19859cf8cf8b5bab6b351cceddebf9d88352b1144e5fd91fa86cf
SHA51210b189133836ca447d397d0e8dd2692f1305f01dcd5be8661bab12794706c19af463dc93b3cb87b65880290e818fb656599075b6fffc49972bc50cc131012428
-
Filesize
72KB
MD57ae1a20e29232cd8df6325698cc65153
SHA15bb163f3d6252d65a3653671de2519f0f29f1832
SHA256993fc6106ce19859cf8cf8b5bab6b351cceddebf9d88352b1144e5fd91fa86cf
SHA51210b189133836ca447d397d0e8dd2692f1305f01dcd5be8661bab12794706c19af463dc93b3cb87b65880290e818fb656599075b6fffc49972bc50cc131012428
-
Filesize
72KB
MD52d83e3a42aeff01b36128c5c58b6e02a
SHA1ff77323724376fac121ad151d92bd81d890cc442
SHA25641589c202ba6542082b71f0263b702fe9ae45b3106fe65e67221518e1f73df2f
SHA512e497f26cd263d46b94645611ddcf7430cda68cecd3f0ad1e79d723c191965b59e407bbc8b84c48c1b024d5a095cafdd046c6c2290c9b7446e877105b295ed73a
-
Filesize
72KB
MD52d83e3a42aeff01b36128c5c58b6e02a
SHA1ff77323724376fac121ad151d92bd81d890cc442
SHA25641589c202ba6542082b71f0263b702fe9ae45b3106fe65e67221518e1f73df2f
SHA512e497f26cd263d46b94645611ddcf7430cda68cecd3f0ad1e79d723c191965b59e407bbc8b84c48c1b024d5a095cafdd046c6c2290c9b7446e877105b295ed73a
-
Filesize
72KB
MD581644f1b146aa9e2d217c5153769f1f9
SHA109ff5a7a619759952d1d758d34c7705d63b10416
SHA2569afd5f3ad3b88b49a3ace721cd2873b83c674b37a75cc795e3e96192a55c3426
SHA512f165d3003726941bcad3bca96f0a2c667b6f5534180089eff92feae172ba64831354fbd4ee168e1dfec4174e5ba90aa7030281e18e9205a95bd290aa27993cea
-
Filesize
72KB
MD581644f1b146aa9e2d217c5153769f1f9
SHA109ff5a7a619759952d1d758d34c7705d63b10416
SHA2569afd5f3ad3b88b49a3ace721cd2873b83c674b37a75cc795e3e96192a55c3426
SHA512f165d3003726941bcad3bca96f0a2c667b6f5534180089eff92feae172ba64831354fbd4ee168e1dfec4174e5ba90aa7030281e18e9205a95bd290aa27993cea
-
Filesize
72KB
MD516d35c254ac183438b269a1151f71af5
SHA198976aa19f1a34756f4f6be032cef8bf4ef53c9a
SHA25626e152f5120f3e91244243d4bebb28cdeb73125c81cf27ab1816d431ce990696
SHA512062d0c61c37aa21ffbbb379d52852eb02c4a53fbdb8c65904844babfe5a330ad85b8de44765c13d10007191027d6acab09655034c17ac117aad8aa12837215f2
-
Filesize
72KB
MD516d35c254ac183438b269a1151f71af5
SHA198976aa19f1a34756f4f6be032cef8bf4ef53c9a
SHA25626e152f5120f3e91244243d4bebb28cdeb73125c81cf27ab1816d431ce990696
SHA512062d0c61c37aa21ffbbb379d52852eb02c4a53fbdb8c65904844babfe5a330ad85b8de44765c13d10007191027d6acab09655034c17ac117aad8aa12837215f2
-
Filesize
72KB
MD5f03e530329a66fc02c5b546a5df13698
SHA19382698a64b58078c85e77bdd0a2bb72e0bddeca
SHA2560716d9af5073f04951bb63a974db22c554bfeb64efb49083abf542ca7c6f884f
SHA512428b99567d722c1b28b3cdf8f62734e8ba3ea0ce50c30645b941498cbc5d6f8fc1b6b2c701df932c7ab0be27d0348460c9f8b2d69de7295bf8a30f14bd90daff
-
Filesize
72KB
MD5f03e530329a66fc02c5b546a5df13698
SHA19382698a64b58078c85e77bdd0a2bb72e0bddeca
SHA2560716d9af5073f04951bb63a974db22c554bfeb64efb49083abf542ca7c6f884f
SHA512428b99567d722c1b28b3cdf8f62734e8ba3ea0ce50c30645b941498cbc5d6f8fc1b6b2c701df932c7ab0be27d0348460c9f8b2d69de7295bf8a30f14bd90daff
-
Filesize
72KB
MD581644f1b146aa9e2d217c5153769f1f9
SHA109ff5a7a619759952d1d758d34c7705d63b10416
SHA2569afd5f3ad3b88b49a3ace721cd2873b83c674b37a75cc795e3e96192a55c3426
SHA512f165d3003726941bcad3bca96f0a2c667b6f5534180089eff92feae172ba64831354fbd4ee168e1dfec4174e5ba90aa7030281e18e9205a95bd290aa27993cea
-
Filesize
72KB
MD581644f1b146aa9e2d217c5153769f1f9
SHA109ff5a7a619759952d1d758d34c7705d63b10416
SHA2569afd5f3ad3b88b49a3ace721cd2873b83c674b37a75cc795e3e96192a55c3426
SHA512f165d3003726941bcad3bca96f0a2c667b6f5534180089eff92feae172ba64831354fbd4ee168e1dfec4174e5ba90aa7030281e18e9205a95bd290aa27993cea
-
Filesize
72KB
MD5f03e530329a66fc02c5b546a5df13698
SHA19382698a64b58078c85e77bdd0a2bb72e0bddeca
SHA2560716d9af5073f04951bb63a974db22c554bfeb64efb49083abf542ca7c6f884f
SHA512428b99567d722c1b28b3cdf8f62734e8ba3ea0ce50c30645b941498cbc5d6f8fc1b6b2c701df932c7ab0be27d0348460c9f8b2d69de7295bf8a30f14bd90daff
-
Filesize
72KB
MD5f03e530329a66fc02c5b546a5df13698
SHA19382698a64b58078c85e77bdd0a2bb72e0bddeca
SHA2560716d9af5073f04951bb63a974db22c554bfeb64efb49083abf542ca7c6f884f
SHA512428b99567d722c1b28b3cdf8f62734e8ba3ea0ce50c30645b941498cbc5d6f8fc1b6b2c701df932c7ab0be27d0348460c9f8b2d69de7295bf8a30f14bd90daff
-
Filesize
72KB
MD562535c0f2d5dc6e30d8965a7d9f210e0
SHA1c4b6765c7b201f40222df52c98fcd619168e4cb2
SHA256654ddf88469aaa3f28826d110d8d7c35b015c826a3fde863e18565fd3643eac1
SHA512faba0d7ee655c87a9df3affd57bf2657213ab579cf3c8f3ce68060f961bb74087f5d1da643d1502b510d7948a36e096b971c95d68cbd4cd6b5637141febd62bf
-
Filesize
72KB
MD58c764c6ca975becd8bcabad123605990
SHA1cb2a455393f8281ea152fb60adb7cb6eb55c593e
SHA256513839d7ab37243923a1f9e5752e1c32f9d865906e34efb530055cef3bc7aed8
SHA512d5b0f1e9c4d1fe75312c7c33449ee19796a4d6a4c12ff571d75ca5dd21e8da475fb289aa18dfac9be56440c1508dd8e7dd19cc32e6d4b8b2785296c80f075835
-
Filesize
72KB
MD58c764c6ca975becd8bcabad123605990
SHA1cb2a455393f8281ea152fb60adb7cb6eb55c593e
SHA256513839d7ab37243923a1f9e5752e1c32f9d865906e34efb530055cef3bc7aed8
SHA512d5b0f1e9c4d1fe75312c7c33449ee19796a4d6a4c12ff571d75ca5dd21e8da475fb289aa18dfac9be56440c1508dd8e7dd19cc32e6d4b8b2785296c80f075835
-
Filesize
72KB
MD510d9ad024548ceb5c9d15f693538b264
SHA167b7691e98cd69b11373ef88a040157cc2ccc63d
SHA2561df0135d9a532db4977036125be6ecd607b601d845cf6f496b43d460b2576a87
SHA5127983167b9b6a970e87859e05cc7f03dcb14155997e0c270c4d31327ff63641bd7f11250c0f9c76519e6ea44e95cbff8d04642bb882fd66ff78ae41aa989e736b
-
Filesize
72KB
MD510d9ad024548ceb5c9d15f693538b264
SHA167b7691e98cd69b11373ef88a040157cc2ccc63d
SHA2561df0135d9a532db4977036125be6ecd607b601d845cf6f496b43d460b2576a87
SHA5127983167b9b6a970e87859e05cc7f03dcb14155997e0c270c4d31327ff63641bd7f11250c0f9c76519e6ea44e95cbff8d04642bb882fd66ff78ae41aa989e736b
-
Filesize
72KB
MD5090058b7398ba4485855be5131419056
SHA1aae4ead2dae21849648fd2bf5f5bc7a73c940d10
SHA256b7033918efa322f336506b798933e822eda7f140c721d771f0c3fe00ada900c2
SHA512f02015c18a061b92e8b3083448a65bc55e9413f92e8b1f87f132fed21546930b626e2c3161f8ba6d21f3251c3862d17224bd4b338c1fe694cc0266f77a450598
-
Filesize
72KB
MD5090058b7398ba4485855be5131419056
SHA1aae4ead2dae21849648fd2bf5f5bc7a73c940d10
SHA256b7033918efa322f336506b798933e822eda7f140c721d771f0c3fe00ada900c2
SHA512f02015c18a061b92e8b3083448a65bc55e9413f92e8b1f87f132fed21546930b626e2c3161f8ba6d21f3251c3862d17224bd4b338c1fe694cc0266f77a450598
-
Filesize
72KB
MD5cf89e01d008a5d1ce752b537a15858bc
SHA1c5b76e758a95737096b8fc2c7e703bd5529c1db9
SHA2564f1e2028fcc16a5dc8c7ce6ac43b7e74ae099e404c565d73e9dd105ce4369d9f
SHA512ab37f579f580d9ecb9f1227d9d00c2c64a0f3185f60c553e5fa58844e767996371f4deea3ee23f50d4b127a07951d94968ac9375df4c5c50a729904e29e34728
-
Filesize
72KB
MD5cf89e01d008a5d1ce752b537a15858bc
SHA1c5b76e758a95737096b8fc2c7e703bd5529c1db9
SHA2564f1e2028fcc16a5dc8c7ce6ac43b7e74ae099e404c565d73e9dd105ce4369d9f
SHA512ab37f579f580d9ecb9f1227d9d00c2c64a0f3185f60c553e5fa58844e767996371f4deea3ee23f50d4b127a07951d94968ac9375df4c5c50a729904e29e34728
-
Filesize
72KB
MD5af71007abdfc0265443ff534ecbaf9b7
SHA1d60028ebbe99b01729809074a04ce76a3caa9b01
SHA256475543f92372ee04316679abfb2ef55520560d51ab83080136ade70ee422e3a1
SHA512ba396ef03f116fc0152a34495b5d36cb499d39baab1c935d1470b26dcb6a0c6edef3ce10d9c24e07b67cefa88585b33fdf5af4dd18cfa552f3f6b011ee6f1add
-
Filesize
72KB
MD5af71007abdfc0265443ff534ecbaf9b7
SHA1d60028ebbe99b01729809074a04ce76a3caa9b01
SHA256475543f92372ee04316679abfb2ef55520560d51ab83080136ade70ee422e3a1
SHA512ba396ef03f116fc0152a34495b5d36cb499d39baab1c935d1470b26dcb6a0c6edef3ce10d9c24e07b67cefa88585b33fdf5af4dd18cfa552f3f6b011ee6f1add
-
Filesize
72KB
MD56f3c78dc4db4480f73b1cbd933bb8730
SHA128163791e8437aae4a47eb1a2a000692a0067c77
SHA25630b38fd8e5371988710099f16134c5920c71550ec4061df928dee6b84b692155
SHA512ab2c463a7064343366d2ee0e6e2b24ca7a49e98f794996b739850a1f81756c2ad7c180084b093e86ff5742da656fd0fefe7cb60e1fdb3cb46342b4a17b342bb9
-
Filesize
72KB
MD56f3c78dc4db4480f73b1cbd933bb8730
SHA128163791e8437aae4a47eb1a2a000692a0067c77
SHA25630b38fd8e5371988710099f16134c5920c71550ec4061df928dee6b84b692155
SHA512ab2c463a7064343366d2ee0e6e2b24ca7a49e98f794996b739850a1f81756c2ad7c180084b093e86ff5742da656fd0fefe7cb60e1fdb3cb46342b4a17b342bb9
-
Filesize
72KB
MD5700348da8871facf6180d824e48516c4
SHA1979f0f6dc9e8b5877f0cecc49effcfc7051c192b
SHA25669b95c9162da1396b45c79303848087c2546c677b67ba697b345876d5e0570dd
SHA512cba7448b17d21ef192dd70ed799457448e6f21e9ba373db627da6890bfce334d77ea20604771b77f3b41c65c10a9b5c439a6e8789f8d1d995e5c8bfd8e24588c
-
Filesize
72KB
MD5700348da8871facf6180d824e48516c4
SHA1979f0f6dc9e8b5877f0cecc49effcfc7051c192b
SHA25669b95c9162da1396b45c79303848087c2546c677b67ba697b345876d5e0570dd
SHA512cba7448b17d21ef192dd70ed799457448e6f21e9ba373db627da6890bfce334d77ea20604771b77f3b41c65c10a9b5c439a6e8789f8d1d995e5c8bfd8e24588c
-
Filesize
72KB
MD53e06965f05ed911c2bfe4e3daaa9c2d0
SHA138ebdb740b51796f2f45254c0e5000682119d0da
SHA2565e18fd718da047620b3af7f89b9f6c1e8d08018d312f02d1b0c897e9f75fd757
SHA5126e8d02ebe1f84969e63dff10647721d7c3c095a74e2c2d09e8507841c37369c3b80ef0f98df45c681055dbe2d0bbae06e4b712bde59662c1057f49808e4962d1
-
Filesize
72KB
MD53e06965f05ed911c2bfe4e3daaa9c2d0
SHA138ebdb740b51796f2f45254c0e5000682119d0da
SHA2565e18fd718da047620b3af7f89b9f6c1e8d08018d312f02d1b0c897e9f75fd757
SHA5126e8d02ebe1f84969e63dff10647721d7c3c095a74e2c2d09e8507841c37369c3b80ef0f98df45c681055dbe2d0bbae06e4b712bde59662c1057f49808e4962d1
-
Filesize
72KB
MD56f3c78dc4db4480f73b1cbd933bb8730
SHA128163791e8437aae4a47eb1a2a000692a0067c77
SHA25630b38fd8e5371988710099f16134c5920c71550ec4061df928dee6b84b692155
SHA512ab2c463a7064343366d2ee0e6e2b24ca7a49e98f794996b739850a1f81756c2ad7c180084b093e86ff5742da656fd0fefe7cb60e1fdb3cb46342b4a17b342bb9
-
Filesize
72KB
MD56f3c78dc4db4480f73b1cbd933bb8730
SHA128163791e8437aae4a47eb1a2a000692a0067c77
SHA25630b38fd8e5371988710099f16134c5920c71550ec4061df928dee6b84b692155
SHA512ab2c463a7064343366d2ee0e6e2b24ca7a49e98f794996b739850a1f81756c2ad7c180084b093e86ff5742da656fd0fefe7cb60e1fdb3cb46342b4a17b342bb9
-
Filesize
8KB
-
Filesize
8KB