Analysis
-
max time kernel
165s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
05-12-2022 19:22
General
-
Target
556e4b0d6b4b4c3cd0bfc3f9dfb7eeab7e30f49d09699e2a8c41f62100ff105e.exe
-
Size
72KB
-
MD5
0ce014b9765b459549656c17047af152
-
SHA1
c5860813e3c371b605cdacfc74016dba692b4d46
-
SHA256
556e4b0d6b4b4c3cd0bfc3f9dfb7eeab7e30f49d09699e2a8c41f62100ff105e
-
SHA512
9b495095ebc41bf007865cad36a169ab03d4e02984e50559aeb1be9831608b9b25620970e615fabf71c7166293ba1c39c766620e344228cd88da4957d43fc3a4
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2u:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPa
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\556e4b0d6b4b4c3cd0bfc3f9dfb7eeab7e30f49d09699e2a8c41f62100ff105e.exe"C:\Users\Admin\AppData\Local\Temp\556e4b0d6b4b4c3cd0bfc3f9dfb7eeab7e30f49d09699e2a8c41f62100ff105e.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\1880868637\backup.exeC:\Users\Admin\AppData\Local\Temp\1880868637\backup.exe C:\Users\Admin\AppData\Local\Temp\1880868637\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\data.exe"C:\Program Files\7-Zip\Lang\data.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\update.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
C:\Program Files\Common Files\System\Ole DB\System Restore.exe"C:\Program Files\Common Files\System\Ole DB\System Restore.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\System Restore.exe"C:\Program Files\DVD Maker\de-DE\System Restore.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
-
-
C:\Program Files\Java\jre7\backup.exe"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\6⤵
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\System Restore.exe"C:\Program Files (x86)\Adobe\System Restore.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\update.exe"C:\Program Files (x86)\Common Files\Services\update.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\data.exe"C:\Program Files (x86)\Internet Explorer\data.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD574b538220f39acfc3585f6075451fba5
SHA1f3bb490c897e292aaf35b444d2abb69b1291c759
SHA256058d70646a3fb617c70a728d91e57bf2d01d73533fa2c3f33f676c84cafceb53
SHA51283319663bd387e82243b003f4ecb0ec6089c2053b346515004a72fac40bd883ec77056c64d4f80bd9037c2b507d6014865522200691c05702019111f3a15ab0c
-
Filesize
72KB
MD5ab395a2dabb08fea23b707e7f1e9265d
SHA1eb5eff40edb3b6193206738cb02cbb5fec8650d9
SHA25651bac965cf7a476873240d123af50d84698681e1549f0904787c64ba6c1e26f0
SHA512a5a585fe594af6b05d52c00553b18908937e2010115317ad995d5eda4239091bebaeaa77e2896c989183a4d3ca810e06983f6d62bcc29f8312eb6e91d59187ed
-
Filesize
72KB
MD5ab395a2dabb08fea23b707e7f1e9265d
SHA1eb5eff40edb3b6193206738cb02cbb5fec8650d9
SHA25651bac965cf7a476873240d123af50d84698681e1549f0904787c64ba6c1e26f0
SHA512a5a585fe594af6b05d52c00553b18908937e2010115317ad995d5eda4239091bebaeaa77e2896c989183a4d3ca810e06983f6d62bcc29f8312eb6e91d59187ed
-
Filesize
72KB
MD5d7d3c5607d617ab28866cdb449cb99a6
SHA126a972ee0f3c21b781e749ae951aca02b852bac4
SHA2562f37f91ac15affe4062ccada4d559d4f162ee58fb6bfc9e174449547065ea4b2
SHA5129f14dadfac1b53eec96bc289b38a5f8251b9dfa61a70e9c46d8ec46365b1d1d0069e286e37b9aa25d72b9683fe885a46874a7f9b027ebc4b4d239aa9e1156213
-
Filesize
72KB
MD5516180544afaa4e627fa874de487580e
SHA1fde2b0dae5245d34a8bb5895c4445050aa2192f9
SHA2564ba659e52851f3e5458a946f545dcf2cfcd3cac07e07c448f9bf4642e3bd409f
SHA51271ea8f5cdc3fc32d9bb3f101d268dfe8c48093fabf5ef1738b04d52c6055d0ffd3444e0070fad66691d82a2ebc923ad8b6045780c4f624f937b88555d5104a2a
-
Filesize
72KB
MD5516180544afaa4e627fa874de487580e
SHA1fde2b0dae5245d34a8bb5895c4445050aa2192f9
SHA2564ba659e52851f3e5458a946f545dcf2cfcd3cac07e07c448f9bf4642e3bd409f
SHA51271ea8f5cdc3fc32d9bb3f101d268dfe8c48093fabf5ef1738b04d52c6055d0ffd3444e0070fad66691d82a2ebc923ad8b6045780c4f624f937b88555d5104a2a
-
Filesize
72KB
MD52b3fe1e451d4741e11afe07f30ff2404
SHA1601630ae138a1332b81ef6e509db35e157a0d1d5
SHA256754b33738e9e54b4ab6e49cd56e100e66170a87a5fadfaef7b1d7978a59eaeef
SHA512a85b723778dfa802faf60b5921476041dcefd34f937ee8ce93e3f9fdb812aad5a565e95f69992d63c1636fd7815b8e187db562e461661665c5129f4dce81e347
-
Filesize
72KB
MD50c9b9614b2dfd1530ed9f6248151fc79
SHA1c55d33d03cd95e02580fb542fb1777bb5540ce85
SHA25605bc7afef69bbb2f9a6151c1318a23d8319e2844257440676d8ea7f6c2abca57
SHA51281bad11486fd91038742d6cdaad3cae0f19dafe8813933a3e0d2e5a9be19e5d2307b4a3c46a0f255218a52650e9314627cb378e6845beb0a6f6550641feae006
-
Filesize
72KB
MD50c9b9614b2dfd1530ed9f6248151fc79
SHA1c55d33d03cd95e02580fb542fb1777bb5540ce85
SHA25605bc7afef69bbb2f9a6151c1318a23d8319e2844257440676d8ea7f6c2abca57
SHA51281bad11486fd91038742d6cdaad3cae0f19dafe8813933a3e0d2e5a9be19e5d2307b4a3c46a0f255218a52650e9314627cb378e6845beb0a6f6550641feae006
-
Filesize
72KB
MD52e17e39cebda6b7541594d3629516287
SHA1b5d59dd60f76a4d1fd846d68e53be8a4f7e06ca6
SHA256ca886026d3d2d3e68f6a0f31c6eac4c37f11f90dd5942d9770bb547bcf1947bd
SHA512799a1dd2dc8551d97b899deaa23f8f90cdd7bfefc3b5dcbc087f102af72a56e34a8ba0c03540c42084fc085bd466dfe85eb65cade50fc3a087335b75ba3791d5
-
Filesize
72KB
MD5902db366c6cfa51bb6a3612793d7d814
SHA1ef27ffbffa2ba6ad5e775317809f71b9e75b2eec
SHA2567bca2fa8105676c3a66873b34de0750f21eb5ff766489e4d30672c3a97e47b32
SHA512bce018b6d0dde094c44eb89b1beca3e505d05a0e8b43e2eb086aab4d23c5183f12e0e88b98a9b604e39d6f5d6520fe78770b12de7ef764019446e59d6645de0e
-
Filesize
72KB
MD5902db366c6cfa51bb6a3612793d7d814
SHA1ef27ffbffa2ba6ad5e775317809f71b9e75b2eec
SHA2567bca2fa8105676c3a66873b34de0750f21eb5ff766489e4d30672c3a97e47b32
SHA512bce018b6d0dde094c44eb89b1beca3e505d05a0e8b43e2eb086aab4d23c5183f12e0e88b98a9b604e39d6f5d6520fe78770b12de7ef764019446e59d6645de0e
-
Filesize
72KB
MD52e17e39cebda6b7541594d3629516287
SHA1b5d59dd60f76a4d1fd846d68e53be8a4f7e06ca6
SHA256ca886026d3d2d3e68f6a0f31c6eac4c37f11f90dd5942d9770bb547bcf1947bd
SHA512799a1dd2dc8551d97b899deaa23f8f90cdd7bfefc3b5dcbc087f102af72a56e34a8ba0c03540c42084fc085bd466dfe85eb65cade50fc3a087335b75ba3791d5
-
Filesize
72KB
MD581ecf277bbd17a298060a2104c52bd04
SHA177a3015a69022c3fe9735240b69b5e927e40c63f
SHA25649e33ed342233e16dc796d06fb35123395aeffb5d0be3617f697368427de920d
SHA5126ec8418988efa7ff19b67dc211cb28685b83500266179db1e0494d11cad156e4c963b3171dc90b81f2d412e820644ef8033ae3ec334d3b4abd0d25c6d823272f
-
Filesize
72KB
MD581ecf277bbd17a298060a2104c52bd04
SHA177a3015a69022c3fe9735240b69b5e927e40c63f
SHA25649e33ed342233e16dc796d06fb35123395aeffb5d0be3617f697368427de920d
SHA5126ec8418988efa7ff19b67dc211cb28685b83500266179db1e0494d11cad156e4c963b3171dc90b81f2d412e820644ef8033ae3ec334d3b4abd0d25c6d823272f
-
Filesize
72KB
MD51e4a0765f2ae236abc3ff6a88098a48b
SHA1d39450467af8a8b1d0636a7f578beba177eaf0ff
SHA256774404a362cdd750b488d2596ceadcb897b106e0320f614e5f06513f89c2d4ff
SHA512fc1b24947c5ba8e8c9fba98008e59b4d4ae8dee864aa0b2112d4a4b0370f71da07d2c5f8de1f889d777b67e32d6f3be7a6bf7bd3088f6c3ac1bfca162df74035
-
Filesize
72KB
MD51e4a0765f2ae236abc3ff6a88098a48b
SHA1d39450467af8a8b1d0636a7f578beba177eaf0ff
SHA256774404a362cdd750b488d2596ceadcb897b106e0320f614e5f06513f89c2d4ff
SHA512fc1b24947c5ba8e8c9fba98008e59b4d4ae8dee864aa0b2112d4a4b0370f71da07d2c5f8de1f889d777b67e32d6f3be7a6bf7bd3088f6c3ac1bfca162df74035
-
Filesize
72KB
MD5e20946243a75d261c1c7a82ab6fbb0c6
SHA1adbb6e6361c5f1d57c7e7b0ed1471b998408ae54
SHA2562b00475066a12fad4df7555ea0a2dad0e453385e486ac2ef374f5081ca32b830
SHA51284c89d9c7b35c86ddc291adabd46ae731ae4b11c5f4e3aaa96188ead90d9432dcf8bc2ff19899c76de2c7eb7453079b5719361d590dc2c9efeb7134116716cb9
-
Filesize
72KB
MD5e20946243a75d261c1c7a82ab6fbb0c6
SHA1adbb6e6361c5f1d57c7e7b0ed1471b998408ae54
SHA2562b00475066a12fad4df7555ea0a2dad0e453385e486ac2ef374f5081ca32b830
SHA51284c89d9c7b35c86ddc291adabd46ae731ae4b11c5f4e3aaa96188ead90d9432dcf8bc2ff19899c76de2c7eb7453079b5719361d590dc2c9efeb7134116716cb9
-
Filesize
72KB
MD56dfe0406a6a86489cf303317ff669764
SHA18767475e6dad3c064392ba026f6a4c50615bcda1
SHA25601f7ef78b8ebc551f2fa7dcd24ff91644cef136fc0e984dd72053f9bebbe40ec
SHA51295165581a17b24edaf2510506e64638b916e6773ee3b9b00930d2911518e279fac639951e527b2fc1e0088a423e53b479e45479470aefe496e9101ac19bc31ad
-
Filesize
72KB
MD5de237673d8c70519697147eabc444171
SHA103df62379cfd88c19412a291b123edba29794795
SHA25693f6e07fb6c8bacb01a3b3e8ab39178caff78de363862b55059b46116e80ff6b
SHA5125c2e33e3b227fe0dc0173d7544f737196951ea060c3b288ae895ae24eec83d808a54e0018f15877e2376bdcf64faefd1bef69f84e8ece3c506adde8520ea0c33
-
Filesize
72KB
MD5cfb03cc3839c6621c01a1a061f9a8447
SHA15bd6fd63aa5f4defc630ba6baa41f65c158b1276
SHA2564fd020a1de270560ef926856d76ca1dc0165d2feea2bb4b8c9573e9ba2ec2f8c
SHA5124b9125622e8d439148735bfd06e41a8ceef2ee85401f60f3aa379d74e15e7f51560388d7fdad94ca9ec12c6a981baa70fa38c89f3d94310da43ea343352f32f6
-
Filesize
72KB
MD515154c0571c375d31927c0ad9c3ff5a3
SHA1f3b174e5ba05f57f645b6c9e1d47098109433078
SHA25698cf2b6307a480f433372844cc51419ecff360f9e5c4045595bea80c3a61fcff
SHA51228e8e15862a5da0507f62ad8204499d735729fa03ff3af37b28e0db2438e5868d954a908adecfe7f25891a5d641f103c2f31b0103a19085ac45cb3ca60105c7d
-
Filesize
72KB
MD5d2dce593fe46ba9040baba5a0b7df840
SHA10bdbd3dec1efd18efa09c2aac90adeb5bc692fa3
SHA256c026a5d694d883798ccb1f80bd78d686a106225b64ac5783d8563d9ab037c2e6
SHA5127ad62ca42ee49cd904a9e1ff753ff3865bee214f81a3fb683753d8687e0fe25cc186ae2762cfcb44979d2fc919ea3595041e09a621c15f1c95871ab0ab7a6471
-
Filesize
72KB
MD5cfb03cc3839c6621c01a1a061f9a8447
SHA15bd6fd63aa5f4defc630ba6baa41f65c158b1276
SHA2564fd020a1de270560ef926856d76ca1dc0165d2feea2bb4b8c9573e9ba2ec2f8c
SHA5124b9125622e8d439148735bfd06e41a8ceef2ee85401f60f3aa379d74e15e7f51560388d7fdad94ca9ec12c6a981baa70fa38c89f3d94310da43ea343352f32f6
-
Filesize
72KB
MD5f68c118e75ed0142f34146674578a1e3
SHA184e9474f050da384e80a8a8027dd7adc45132de1
SHA256e7d2a163115349330a1f41ee2eb870756c241067c5fe6752649bd41512f0d4d2
SHA51202204c2a6916c0618e745fe3da19124d0d3704bd853c891af1892a224d057753e468e4718983088215950395f22f0aa938a86e97d6caa802b5939295d01695b0
-
Filesize
72KB
MD5f68c118e75ed0142f34146674578a1e3
SHA184e9474f050da384e80a8a8027dd7adc45132de1
SHA256e7d2a163115349330a1f41ee2eb870756c241067c5fe6752649bd41512f0d4d2
SHA51202204c2a6916c0618e745fe3da19124d0d3704bd853c891af1892a224d057753e468e4718983088215950395f22f0aa938a86e97d6caa802b5939295d01695b0
-
Filesize
72KB
MD574b538220f39acfc3585f6075451fba5
SHA1f3bb490c897e292aaf35b444d2abb69b1291c759
SHA256058d70646a3fb617c70a728d91e57bf2d01d73533fa2c3f33f676c84cafceb53
SHA51283319663bd387e82243b003f4ecb0ec6089c2053b346515004a72fac40bd883ec77056c64d4f80bd9037c2b507d6014865522200691c05702019111f3a15ab0c
-
Filesize
72KB
MD574b538220f39acfc3585f6075451fba5
SHA1f3bb490c897e292aaf35b444d2abb69b1291c759
SHA256058d70646a3fb617c70a728d91e57bf2d01d73533fa2c3f33f676c84cafceb53
SHA51283319663bd387e82243b003f4ecb0ec6089c2053b346515004a72fac40bd883ec77056c64d4f80bd9037c2b507d6014865522200691c05702019111f3a15ab0c
-
Filesize
72KB
MD5ab395a2dabb08fea23b707e7f1e9265d
SHA1eb5eff40edb3b6193206738cb02cbb5fec8650d9
SHA25651bac965cf7a476873240d123af50d84698681e1549f0904787c64ba6c1e26f0
SHA512a5a585fe594af6b05d52c00553b18908937e2010115317ad995d5eda4239091bebaeaa77e2896c989183a4d3ca810e06983f6d62bcc29f8312eb6e91d59187ed
-
Filesize
72KB
MD5ab395a2dabb08fea23b707e7f1e9265d
SHA1eb5eff40edb3b6193206738cb02cbb5fec8650d9
SHA25651bac965cf7a476873240d123af50d84698681e1549f0904787c64ba6c1e26f0
SHA512a5a585fe594af6b05d52c00553b18908937e2010115317ad995d5eda4239091bebaeaa77e2896c989183a4d3ca810e06983f6d62bcc29f8312eb6e91d59187ed
-
Filesize
72KB
MD5d7d3c5607d617ab28866cdb449cb99a6
SHA126a972ee0f3c21b781e749ae951aca02b852bac4
SHA2562f37f91ac15affe4062ccada4d559d4f162ee58fb6bfc9e174449547065ea4b2
SHA5129f14dadfac1b53eec96bc289b38a5f8251b9dfa61a70e9c46d8ec46365b1d1d0069e286e37b9aa25d72b9683fe885a46874a7f9b027ebc4b4d239aa9e1156213
-
Filesize
72KB
MD5d7d3c5607d617ab28866cdb449cb99a6
SHA126a972ee0f3c21b781e749ae951aca02b852bac4
SHA2562f37f91ac15affe4062ccada4d559d4f162ee58fb6bfc9e174449547065ea4b2
SHA5129f14dadfac1b53eec96bc289b38a5f8251b9dfa61a70e9c46d8ec46365b1d1d0069e286e37b9aa25d72b9683fe885a46874a7f9b027ebc4b4d239aa9e1156213
-
Filesize
72KB
MD5516180544afaa4e627fa874de487580e
SHA1fde2b0dae5245d34a8bb5895c4445050aa2192f9
SHA2564ba659e52851f3e5458a946f545dcf2cfcd3cac07e07c448f9bf4642e3bd409f
SHA51271ea8f5cdc3fc32d9bb3f101d268dfe8c48093fabf5ef1738b04d52c6055d0ffd3444e0070fad66691d82a2ebc923ad8b6045780c4f624f937b88555d5104a2a
-
Filesize
72KB
MD5516180544afaa4e627fa874de487580e
SHA1fde2b0dae5245d34a8bb5895c4445050aa2192f9
SHA2564ba659e52851f3e5458a946f545dcf2cfcd3cac07e07c448f9bf4642e3bd409f
SHA51271ea8f5cdc3fc32d9bb3f101d268dfe8c48093fabf5ef1738b04d52c6055d0ffd3444e0070fad66691d82a2ebc923ad8b6045780c4f624f937b88555d5104a2a
-
Filesize
72KB
MD52b3fe1e451d4741e11afe07f30ff2404
SHA1601630ae138a1332b81ef6e509db35e157a0d1d5
SHA256754b33738e9e54b4ab6e49cd56e100e66170a87a5fadfaef7b1d7978a59eaeef
SHA512a85b723778dfa802faf60b5921476041dcefd34f937ee8ce93e3f9fdb812aad5a565e95f69992d63c1636fd7815b8e187db562e461661665c5129f4dce81e347
-
Filesize
72KB
MD52b3fe1e451d4741e11afe07f30ff2404
SHA1601630ae138a1332b81ef6e509db35e157a0d1d5
SHA256754b33738e9e54b4ab6e49cd56e100e66170a87a5fadfaef7b1d7978a59eaeef
SHA512a85b723778dfa802faf60b5921476041dcefd34f937ee8ce93e3f9fdb812aad5a565e95f69992d63c1636fd7815b8e187db562e461661665c5129f4dce81e347
-
Filesize
72KB
MD50c9b9614b2dfd1530ed9f6248151fc79
SHA1c55d33d03cd95e02580fb542fb1777bb5540ce85
SHA25605bc7afef69bbb2f9a6151c1318a23d8319e2844257440676d8ea7f6c2abca57
SHA51281bad11486fd91038742d6cdaad3cae0f19dafe8813933a3e0d2e5a9be19e5d2307b4a3c46a0f255218a52650e9314627cb378e6845beb0a6f6550641feae006
-
Filesize
72KB
MD50c9b9614b2dfd1530ed9f6248151fc79
SHA1c55d33d03cd95e02580fb542fb1777bb5540ce85
SHA25605bc7afef69bbb2f9a6151c1318a23d8319e2844257440676d8ea7f6c2abca57
SHA51281bad11486fd91038742d6cdaad3cae0f19dafe8813933a3e0d2e5a9be19e5d2307b4a3c46a0f255218a52650e9314627cb378e6845beb0a6f6550641feae006
-
Filesize
72KB
MD52e17e39cebda6b7541594d3629516287
SHA1b5d59dd60f76a4d1fd846d68e53be8a4f7e06ca6
SHA256ca886026d3d2d3e68f6a0f31c6eac4c37f11f90dd5942d9770bb547bcf1947bd
SHA512799a1dd2dc8551d97b899deaa23f8f90cdd7bfefc3b5dcbc087f102af72a56e34a8ba0c03540c42084fc085bd466dfe85eb65cade50fc3a087335b75ba3791d5
-
Filesize
72KB
MD52e17e39cebda6b7541594d3629516287
SHA1b5d59dd60f76a4d1fd846d68e53be8a4f7e06ca6
SHA256ca886026d3d2d3e68f6a0f31c6eac4c37f11f90dd5942d9770bb547bcf1947bd
SHA512799a1dd2dc8551d97b899deaa23f8f90cdd7bfefc3b5dcbc087f102af72a56e34a8ba0c03540c42084fc085bd466dfe85eb65cade50fc3a087335b75ba3791d5
-
Filesize
72KB
MD5902db366c6cfa51bb6a3612793d7d814
SHA1ef27ffbffa2ba6ad5e775317809f71b9e75b2eec
SHA2567bca2fa8105676c3a66873b34de0750f21eb5ff766489e4d30672c3a97e47b32
SHA512bce018b6d0dde094c44eb89b1beca3e505d05a0e8b43e2eb086aab4d23c5183f12e0e88b98a9b604e39d6f5d6520fe78770b12de7ef764019446e59d6645de0e
-
Filesize
72KB
MD5902db366c6cfa51bb6a3612793d7d814
SHA1ef27ffbffa2ba6ad5e775317809f71b9e75b2eec
SHA2567bca2fa8105676c3a66873b34de0750f21eb5ff766489e4d30672c3a97e47b32
SHA512bce018b6d0dde094c44eb89b1beca3e505d05a0e8b43e2eb086aab4d23c5183f12e0e88b98a9b604e39d6f5d6520fe78770b12de7ef764019446e59d6645de0e
-
Filesize
72KB
MD52e17e39cebda6b7541594d3629516287
SHA1b5d59dd60f76a4d1fd846d68e53be8a4f7e06ca6
SHA256ca886026d3d2d3e68f6a0f31c6eac4c37f11f90dd5942d9770bb547bcf1947bd
SHA512799a1dd2dc8551d97b899deaa23f8f90cdd7bfefc3b5dcbc087f102af72a56e34a8ba0c03540c42084fc085bd466dfe85eb65cade50fc3a087335b75ba3791d5
-
Filesize
72KB
MD52e17e39cebda6b7541594d3629516287
SHA1b5d59dd60f76a4d1fd846d68e53be8a4f7e06ca6
SHA256ca886026d3d2d3e68f6a0f31c6eac4c37f11f90dd5942d9770bb547bcf1947bd
SHA512799a1dd2dc8551d97b899deaa23f8f90cdd7bfefc3b5dcbc087f102af72a56e34a8ba0c03540c42084fc085bd466dfe85eb65cade50fc3a087335b75ba3791d5
-
Filesize
72KB
MD52e17e39cebda6b7541594d3629516287
SHA1b5d59dd60f76a4d1fd846d68e53be8a4f7e06ca6
SHA256ca886026d3d2d3e68f6a0f31c6eac4c37f11f90dd5942d9770bb547bcf1947bd
SHA512799a1dd2dc8551d97b899deaa23f8f90cdd7bfefc3b5dcbc087f102af72a56e34a8ba0c03540c42084fc085bd466dfe85eb65cade50fc3a087335b75ba3791d5
-
Filesize
72KB
MD581ecf277bbd17a298060a2104c52bd04
SHA177a3015a69022c3fe9735240b69b5e927e40c63f
SHA25649e33ed342233e16dc796d06fb35123395aeffb5d0be3617f697368427de920d
SHA5126ec8418988efa7ff19b67dc211cb28685b83500266179db1e0494d11cad156e4c963b3171dc90b81f2d412e820644ef8033ae3ec334d3b4abd0d25c6d823272f
-
Filesize
72KB
MD581ecf277bbd17a298060a2104c52bd04
SHA177a3015a69022c3fe9735240b69b5e927e40c63f
SHA25649e33ed342233e16dc796d06fb35123395aeffb5d0be3617f697368427de920d
SHA5126ec8418988efa7ff19b67dc211cb28685b83500266179db1e0494d11cad156e4c963b3171dc90b81f2d412e820644ef8033ae3ec334d3b4abd0d25c6d823272f
-
Filesize
72KB
MD51e4a0765f2ae236abc3ff6a88098a48b
SHA1d39450467af8a8b1d0636a7f578beba177eaf0ff
SHA256774404a362cdd750b488d2596ceadcb897b106e0320f614e5f06513f89c2d4ff
SHA512fc1b24947c5ba8e8c9fba98008e59b4d4ae8dee864aa0b2112d4a4b0370f71da07d2c5f8de1f889d777b67e32d6f3be7a6bf7bd3088f6c3ac1bfca162df74035
-
Filesize
72KB
MD51e4a0765f2ae236abc3ff6a88098a48b
SHA1d39450467af8a8b1d0636a7f578beba177eaf0ff
SHA256774404a362cdd750b488d2596ceadcb897b106e0320f614e5f06513f89c2d4ff
SHA512fc1b24947c5ba8e8c9fba98008e59b4d4ae8dee864aa0b2112d4a4b0370f71da07d2c5f8de1f889d777b67e32d6f3be7a6bf7bd3088f6c3ac1bfca162df74035
-
Filesize
72KB
MD5e20946243a75d261c1c7a82ab6fbb0c6
SHA1adbb6e6361c5f1d57c7e7b0ed1471b998408ae54
SHA2562b00475066a12fad4df7555ea0a2dad0e453385e486ac2ef374f5081ca32b830
SHA51284c89d9c7b35c86ddc291adabd46ae731ae4b11c5f4e3aaa96188ead90d9432dcf8bc2ff19899c76de2c7eb7453079b5719361d590dc2c9efeb7134116716cb9
-
Filesize
72KB
MD5e20946243a75d261c1c7a82ab6fbb0c6
SHA1adbb6e6361c5f1d57c7e7b0ed1471b998408ae54
SHA2562b00475066a12fad4df7555ea0a2dad0e453385e486ac2ef374f5081ca32b830
SHA51284c89d9c7b35c86ddc291adabd46ae731ae4b11c5f4e3aaa96188ead90d9432dcf8bc2ff19899c76de2c7eb7453079b5719361d590dc2c9efeb7134116716cb9
-
Filesize
72KB
MD56dfe0406a6a86489cf303317ff669764
SHA18767475e6dad3c064392ba026f6a4c50615bcda1
SHA25601f7ef78b8ebc551f2fa7dcd24ff91644cef136fc0e984dd72053f9bebbe40ec
SHA51295165581a17b24edaf2510506e64638b916e6773ee3b9b00930d2911518e279fac639951e527b2fc1e0088a423e53b479e45479470aefe496e9101ac19bc31ad
-
Filesize
72KB
MD56dfe0406a6a86489cf303317ff669764
SHA18767475e6dad3c064392ba026f6a4c50615bcda1
SHA25601f7ef78b8ebc551f2fa7dcd24ff91644cef136fc0e984dd72053f9bebbe40ec
SHA51295165581a17b24edaf2510506e64638b916e6773ee3b9b00930d2911518e279fac639951e527b2fc1e0088a423e53b479e45479470aefe496e9101ac19bc31ad
-
Filesize
72KB
MD5de237673d8c70519697147eabc444171
SHA103df62379cfd88c19412a291b123edba29794795
SHA25693f6e07fb6c8bacb01a3b3e8ab39178caff78de363862b55059b46116e80ff6b
SHA5125c2e33e3b227fe0dc0173d7544f737196951ea060c3b288ae895ae24eec83d808a54e0018f15877e2376bdcf64faefd1bef69f84e8ece3c506adde8520ea0c33
-
Filesize
72KB
MD5de237673d8c70519697147eabc444171
SHA103df62379cfd88c19412a291b123edba29794795
SHA25693f6e07fb6c8bacb01a3b3e8ab39178caff78de363862b55059b46116e80ff6b
SHA5125c2e33e3b227fe0dc0173d7544f737196951ea060c3b288ae895ae24eec83d808a54e0018f15877e2376bdcf64faefd1bef69f84e8ece3c506adde8520ea0c33
-
Filesize
72KB
MD5cfb03cc3839c6621c01a1a061f9a8447
SHA15bd6fd63aa5f4defc630ba6baa41f65c158b1276
SHA2564fd020a1de270560ef926856d76ca1dc0165d2feea2bb4b8c9573e9ba2ec2f8c
SHA5124b9125622e8d439148735bfd06e41a8ceef2ee85401f60f3aa379d74e15e7f51560388d7fdad94ca9ec12c6a981baa70fa38c89f3d94310da43ea343352f32f6
-
Filesize
72KB
MD5cfb03cc3839c6621c01a1a061f9a8447
SHA15bd6fd63aa5f4defc630ba6baa41f65c158b1276
SHA2564fd020a1de270560ef926856d76ca1dc0165d2feea2bb4b8c9573e9ba2ec2f8c
SHA5124b9125622e8d439148735bfd06e41a8ceef2ee85401f60f3aa379d74e15e7f51560388d7fdad94ca9ec12c6a981baa70fa38c89f3d94310da43ea343352f32f6
-
Filesize
72KB
MD515154c0571c375d31927c0ad9c3ff5a3
SHA1f3b174e5ba05f57f645b6c9e1d47098109433078
SHA25698cf2b6307a480f433372844cc51419ecff360f9e5c4045595bea80c3a61fcff
SHA51228e8e15862a5da0507f62ad8204499d735729fa03ff3af37b28e0db2438e5868d954a908adecfe7f25891a5d641f103c2f31b0103a19085ac45cb3ca60105c7d
-
Filesize
72KB
MD515154c0571c375d31927c0ad9c3ff5a3
SHA1f3b174e5ba05f57f645b6c9e1d47098109433078
SHA25698cf2b6307a480f433372844cc51419ecff360f9e5c4045595bea80c3a61fcff
SHA51228e8e15862a5da0507f62ad8204499d735729fa03ff3af37b28e0db2438e5868d954a908adecfe7f25891a5d641f103c2f31b0103a19085ac45cb3ca60105c7d
-
Filesize
72KB
MD5d2dce593fe46ba9040baba5a0b7df840
SHA10bdbd3dec1efd18efa09c2aac90adeb5bc692fa3
SHA256c026a5d694d883798ccb1f80bd78d686a106225b64ac5783d8563d9ab037c2e6
SHA5127ad62ca42ee49cd904a9e1ff753ff3865bee214f81a3fb683753d8687e0fe25cc186ae2762cfcb44979d2fc919ea3595041e09a621c15f1c95871ab0ab7a6471
-
Filesize
72KB
MD5d2dce593fe46ba9040baba5a0b7df840
SHA10bdbd3dec1efd18efa09c2aac90adeb5bc692fa3
SHA256c026a5d694d883798ccb1f80bd78d686a106225b64ac5783d8563d9ab037c2e6
SHA5127ad62ca42ee49cd904a9e1ff753ff3865bee214f81a3fb683753d8687e0fe25cc186ae2762cfcb44979d2fc919ea3595041e09a621c15f1c95871ab0ab7a6471
-
Filesize
72KB
MD5cfb03cc3839c6621c01a1a061f9a8447
SHA15bd6fd63aa5f4defc630ba6baa41f65c158b1276
SHA2564fd020a1de270560ef926856d76ca1dc0165d2feea2bb4b8c9573e9ba2ec2f8c
SHA5124b9125622e8d439148735bfd06e41a8ceef2ee85401f60f3aa379d74e15e7f51560388d7fdad94ca9ec12c6a981baa70fa38c89f3d94310da43ea343352f32f6
-
Filesize
72KB
MD5cfb03cc3839c6621c01a1a061f9a8447
SHA15bd6fd63aa5f4defc630ba6baa41f65c158b1276
SHA2564fd020a1de270560ef926856d76ca1dc0165d2feea2bb4b8c9573e9ba2ec2f8c
SHA5124b9125622e8d439148735bfd06e41a8ceef2ee85401f60f3aa379d74e15e7f51560388d7fdad94ca9ec12c6a981baa70fa38c89f3d94310da43ea343352f32f6
-
Filesize
8KB