Analysis
-
max time kernel
172s -
max time network
189s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
05/12/2022, 19:27
General
-
Target
3f71bf2d3b57ea17bf2a861c518fea351c8d2349e850b37edeb2486fdd201cf3.exe
-
Size
72KB
-
MD5
0242df2ac1fc4aff6f66e6cffa33b73d
-
SHA1
b4725bfa2771dbf9a4b5dad211e6d6ca4187f433
-
SHA256
3f71bf2d3b57ea17bf2a861c518fea351c8d2349e850b37edeb2486fdd201cf3
-
SHA512
300a5ddfdd33f116a5d5561a77db0804e156fb1d0ea5903e19d3200391b92142e669715259cfba24f429099d490e318d077494bead53cac7b31582af21b1362b
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2c:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPo
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 33 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f71bf2d3b57ea17bf2a861c518fea351c8d2349e850b37edeb2486fdd201cf3.exe"C:\Users\Admin\AppData\Local\Temp\3f71bf2d3b57ea17bf2a861c518fea351c8d2349e850b37edeb2486fdd201cf3.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\856326198\backup.exeC:\Users\Admin\AppData\Local\Temp\856326198\backup.exe C:\Users\Admin\AppData\Local\Temp\856326198\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\update.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\update.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\data.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\data.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\9⤵
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\update.exe"C:\Program Files\Common Files\System\msadc\update.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\msadc\en-US\System Restore.exe"C:\Program Files\Common Files\System\msadc\en-US\System Restore.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\update.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\update.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
- Disables RegEdit via registry modification
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\en-US\data.exe"C:\Program Files\Internet Explorer\en-US\data.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- System policy modification
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\ja-JP\data.exe"C:\Program Files\Internet Explorer\ja-JP\data.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- System policy modification
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files\Java\data.exe"C:\Program Files\Java\data.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\data.exe"C:\Program Files\Java\jdk1.8.0_66\jre\data.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\9⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\9⤵
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\lib\7⤵
-
-
-
C:\Program Files\Java\jre1.8.0_66\backup.exe"C:\Program Files\Java\jre1.8.0_66\backup.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_66\bin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\plugin2\8⤵
- System policy modification
-
-
C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\server\8⤵
-
-
-
C:\Program Files\Java\jre1.8.0_66\lib\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_66\lib\applet\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\applet\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\applet\8⤵
- System policy modification
-
-
C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\amd64\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Java\jre1.8.0_66\lib\cmm\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\cmm\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\cmm\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jre1.8.0_66\lib\deploy\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\deploy\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\deploy\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\lib\ext\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\ext\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\ext\8⤵
-
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
-
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\System Restore.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\System Restore.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\System Restore.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\System Restore.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Microsoft Office\root\fre\backup.exe"C:\Program Files\Microsoft Office\root\fre\backup.exe" C:\Program Files\Microsoft Office\root\fre\7⤵
-
-
C:\Program Files\Microsoft Office\root\Integration\backup.exe"C:\Program Files\Microsoft Office\root\Integration\backup.exe" C:\Program Files\Microsoft Office\root\Integration\7⤵
-
-
-
C:\Program Files\Microsoft Office\Updates\backup.exe"C:\Program Files\Microsoft Office\Updates\backup.exe" C:\Program Files\Microsoft Office\Updates\6⤵
-
-
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\6⤵
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\10⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\10⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\11⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\11⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\12⤵
-
-
-
-
-
-
-
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\System Restore.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\System Restore.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\8⤵
-
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
-
-
C:\Program Files (x86)\Google\Update\Download\data.exe"C:\Program Files (x86)\Google\Update\Download\data.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\9⤵
- System policy modification
-
-
-
-
C:\Program Files (x86)\Google\Update\Install\update.exe"C:\Program Files (x86)\Google\Update\Install\update.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
-
C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\8⤵
-
-
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
-
-
C:\Program Files (x86)\Microsoft\backup.exe"C:\Program Files (x86)\Microsoft\backup.exe" C:\Program Files (x86)\Microsoft\5⤵
-
-
-
C:\Users\update.exeC:\Users\update.exe C:\Users\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
- System policy modification
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
- System policy modification
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
- System policy modification
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\appcompat\System Restore.exe"C:\Windows\appcompat\System Restore.exe" C:\Windows\appcompat\5⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
- Executes dropped EXE
-
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
- System policy modification
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\apppatch\AppPatch64\update.exeC:\Windows\apppatch\AppPatch64\update.exe C:\Windows\apppatch\AppPatch64\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
- Drops file in Windows directory
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Windows\apppatch\CustomSDB\backup.exeC:\Windows\apppatch\CustomSDB\backup.exe C:\Windows\apppatch\CustomSDB\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\apppatch\de-DE\backup.exeC:\Windows\apppatch\de-DE\backup.exe C:\Windows\apppatch\de-DE\6⤵
-
-
C:\Windows\apppatch\en-US\backup.exeC:\Windows\apppatch\en-US\backup.exe C:\Windows\apppatch\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\apppatch\es-ES\backup.exeC:\Windows\apppatch\es-ES\backup.exe C:\Windows\apppatch\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Windows\apppatch\fr-FR\backup.exeC:\Windows\apppatch\fr-FR\backup.exe C:\Windows\apppatch\fr-FR\6⤵
- System policy modification
-
-
C:\Windows\apppatch\it-IT\backup.exeC:\Windows\apppatch\it-IT\backup.exe C:\Windows\apppatch\it-IT\6⤵
- System policy modification
-
-
C:\Windows\apppatch\ja-JP\backup.exeC:\Windows\apppatch\ja-JP\backup.exe C:\Windows\apppatch\ja-JP\6⤵
-
-
-
C:\Windows\AppReadiness\backup.exeC:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\5⤵
- System policy modification
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\assembly\GAC\Extensibility\data.exeC:\Windows\assembly\GAC\Extensibility\data.exe C:\Windows\assembly\GAC\Extensibility\7⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7⤵
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
-
C:\Windows\assembly\GAC_32\backup.exeC:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\6⤵
-
C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\7⤵
-
-
-
C:\Windows\assembly\GAC_64\backup.exeC:\Windows\assembly\GAC_64\backup.exe C:\Windows\assembly\GAC_64\6⤵
-
-
-
C:\Windows\bcastdvr\backup.exeC:\Windows\bcastdvr\backup.exe C:\Windows\bcastdvr\5⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5ae114d8ff80960ba9a9fb303daa33d47
SHA1f16b1d10d4a14dbbf753beacd0ea036f49395677
SHA256f20b04096802a0f127c6374ecafdce15170cc22038ed1332541237221bfa2332
SHA51250d8079ac196119e67e52720a1484a92027585c8c8db8e3671909d7f9571dd859a68fcf2ffcef74df3872f82d3a76935a1dc3ba92fd25ec4f803d6624c17294f
-
Filesize
72KB
MD5ae114d8ff80960ba9a9fb303daa33d47
SHA1f16b1d10d4a14dbbf753beacd0ea036f49395677
SHA256f20b04096802a0f127c6374ecafdce15170cc22038ed1332541237221bfa2332
SHA51250d8079ac196119e67e52720a1484a92027585c8c8db8e3671909d7f9571dd859a68fcf2ffcef74df3872f82d3a76935a1dc3ba92fd25ec4f803d6624c17294f
-
Filesize
72KB
MD5ac917321d912769246e8cb2e3228d1b5
SHA104d8a2cd51d0708fa70aa98c5da0520138e6c711
SHA2562db03e276b24f3ec92b1fdb271896583d2337cd970e04cc300c0542d98addf49
SHA51229d126414102b229407dae9a5c5866bc66867c7f3eafbeefb020bab654d7a5edca05a0e48c95f595294ba888dd2a78976bb43a4d5d3664f1d98ba956b382a49f
-
Filesize
72KB
MD5ac917321d912769246e8cb2e3228d1b5
SHA104d8a2cd51d0708fa70aa98c5da0520138e6c711
SHA2562db03e276b24f3ec92b1fdb271896583d2337cd970e04cc300c0542d98addf49
SHA51229d126414102b229407dae9a5c5866bc66867c7f3eafbeefb020bab654d7a5edca05a0e48c95f595294ba888dd2a78976bb43a4d5d3664f1d98ba956b382a49f
-
Filesize
72KB
MD5600a9aa2860518ff7795451a72e278d9
SHA19642709921d4efc8e52fce4f92d1aab6eafc5b9c
SHA256828e8587768025e4b7f48ef00aa948d76c1c0b1242d0bf664b443d33bd59a07b
SHA51287ee5ce521cf903fa77e57190bb500564174778e17360e125e772103f2d37e0e63a4bbe3475d6c578eff515697bf7c64b76ef99a84442a7d6e92e979f6292bc9
-
Filesize
72KB
MD5600a9aa2860518ff7795451a72e278d9
SHA19642709921d4efc8e52fce4f92d1aab6eafc5b9c
SHA256828e8587768025e4b7f48ef00aa948d76c1c0b1242d0bf664b443d33bd59a07b
SHA51287ee5ce521cf903fa77e57190bb500564174778e17360e125e772103f2d37e0e63a4bbe3475d6c578eff515697bf7c64b76ef99a84442a7d6e92e979f6292bc9
-
Filesize
72KB
MD5b10c2ee6c1b5986380a299c1885e891b
SHA1eae76e3e1848924117784210324701694b37f088
SHA2560c1e1218f492cbbf7b825f4a8beb6f95b8d35d2d115a75c02c88c9b397bcdd96
SHA512fcc9f40d9cddf1d5227724573693aa23eb0cf7d177ad8d48d56230383658e2564c68c916895e27346bbdc8ea286a903184697408016b4111ff28e8a08b69f635
-
Filesize
72KB
MD5b10c2ee6c1b5986380a299c1885e891b
SHA1eae76e3e1848924117784210324701694b37f088
SHA2560c1e1218f492cbbf7b825f4a8beb6f95b8d35d2d115a75c02c88c9b397bcdd96
SHA512fcc9f40d9cddf1d5227724573693aa23eb0cf7d177ad8d48d56230383658e2564c68c916895e27346bbdc8ea286a903184697408016b4111ff28e8a08b69f635
-
Filesize
72KB
MD53fd368646520a58479863ff0d0f0fd40
SHA1f11a0879066de6ec325d8661fbee6223a9663716
SHA2562bed67becfd8f73d1acf012b1da3d1566e68085fc2a98550dea0fbbe9b92eac8
SHA512a9247a37b45ab7fddb6cca11b03dff7f41785a8e1c62fb035a94109686e7d96a7a467d97a635fe4fde2e54b3e3d7ac0ef44f4d01f151524acf7d1f591abac352
-
Filesize
72KB
MD53fd368646520a58479863ff0d0f0fd40
SHA1f11a0879066de6ec325d8661fbee6223a9663716
SHA2562bed67becfd8f73d1acf012b1da3d1566e68085fc2a98550dea0fbbe9b92eac8
SHA512a9247a37b45ab7fddb6cca11b03dff7f41785a8e1c62fb035a94109686e7d96a7a467d97a635fe4fde2e54b3e3d7ac0ef44f4d01f151524acf7d1f591abac352
-
Filesize
72KB
MD516728aba0519545cdf82eb5b8c790824
SHA17cce86cf8ebde89c13bdd48bfce258ef66cb43f0
SHA25636f5229f0b3eac8041b576895c17c2280390cee3d466934b2e5258423c13f744
SHA51296ff256b46ad7fbe0d54fc2604b76ac051cb76f2f19c8b7b2f0adb6f7c3ab0689d67098c29200c76d4159a666fd5e79152ca06711831c0acce8a3a276e83af30
-
Filesize
72KB
MD516728aba0519545cdf82eb5b8c790824
SHA17cce86cf8ebde89c13bdd48bfce258ef66cb43f0
SHA25636f5229f0b3eac8041b576895c17c2280390cee3d466934b2e5258423c13f744
SHA51296ff256b46ad7fbe0d54fc2604b76ac051cb76f2f19c8b7b2f0adb6f7c3ab0689d67098c29200c76d4159a666fd5e79152ca06711831c0acce8a3a276e83af30
-
Filesize
72KB
MD51ed9ddc0ccc22ecc687fe7e04ab9eebf
SHA136da6d01162e262845f751045aafac0c8ebe228c
SHA25611a2e10c3147e4f241baca8ca927ba52da1ec822db521b13616033fcd6f0e7bf
SHA5125d1813b4b848187d72a0efed945d5f0d31bc52eb2fa997fb292c6fdcd70944642809d5e600bfb4a16c490316f58ed328929d64630f36ae9a32281f8a0216d737
-
Filesize
72KB
MD51ed9ddc0ccc22ecc687fe7e04ab9eebf
SHA136da6d01162e262845f751045aafac0c8ebe228c
SHA25611a2e10c3147e4f241baca8ca927ba52da1ec822db521b13616033fcd6f0e7bf
SHA5125d1813b4b848187d72a0efed945d5f0d31bc52eb2fa997fb292c6fdcd70944642809d5e600bfb4a16c490316f58ed328929d64630f36ae9a32281f8a0216d737
-
Filesize
72KB
MD588ef3d9789e553650d3fee441db9a935
SHA12fb34aa5beea5808947f57a0b5b4b6554891a3d3
SHA25682ec1c1759f4c5f15d345f4d1d4c3db9818e51111c1d1882ace47ba5e99553ee
SHA512b58b81fb6714081a91f0c208e156826917f5a2317ba9137acf3591af4df06223178d4f4aa2219efde9e2f37868ff37fa76b5c025cd4b54b5fd2f8cd86e220f84
-
Filesize
72KB
MD588ef3d9789e553650d3fee441db9a935
SHA12fb34aa5beea5808947f57a0b5b4b6554891a3d3
SHA25682ec1c1759f4c5f15d345f4d1d4c3db9818e51111c1d1882ace47ba5e99553ee
SHA512b58b81fb6714081a91f0c208e156826917f5a2317ba9137acf3591af4df06223178d4f4aa2219efde9e2f37868ff37fa76b5c025cd4b54b5fd2f8cd86e220f84
-
Filesize
72KB
MD5c5d074e343a05d185c6410760ab851ce
SHA1192fb83c730fefd3a891860668fb4901107a1e26
SHA256e37443b8a55ba0b88b7278f69e23bea7191e55e4014cc0c2f09eb59916452581
SHA512601f03ba7050d08a8d68241168f2fcdb0c3389d5960be8b094fb7fc68c99963cb5010054c1b9371b8cb677f940cb3f2b306ff078a80e6939932a671eba3b6891
-
Filesize
72KB
MD5c5d074e343a05d185c6410760ab851ce
SHA1192fb83c730fefd3a891860668fb4901107a1e26
SHA256e37443b8a55ba0b88b7278f69e23bea7191e55e4014cc0c2f09eb59916452581
SHA512601f03ba7050d08a8d68241168f2fcdb0c3389d5960be8b094fb7fc68c99963cb5010054c1b9371b8cb677f940cb3f2b306ff078a80e6939932a671eba3b6891
-
Filesize
72KB
MD52ca44fdb854ae75ff090c12126241fe1
SHA18ee1f9040785442850ba9e3af87791ed3d2642bb
SHA2560fa99f7d619e94f4de8c7ab2eb11d22cda0a15694c0cec10f740fee8aa7f76ca
SHA512d8944cee296ea42e844a02edca0122994316339aafefe58d27db82e45f06fce644096d2cb4d2ae1ed6a3662d08b32e92f31d6c4d2d8b39f25bea60768c858a48
-
Filesize
72KB
MD52ca44fdb854ae75ff090c12126241fe1
SHA18ee1f9040785442850ba9e3af87791ed3d2642bb
SHA2560fa99f7d619e94f4de8c7ab2eb11d22cda0a15694c0cec10f740fee8aa7f76ca
SHA512d8944cee296ea42e844a02edca0122994316339aafefe58d27db82e45f06fce644096d2cb4d2ae1ed6a3662d08b32e92f31d6c4d2d8b39f25bea60768c858a48
-
Filesize
72KB
MD552fdf8987abad96f50e17208d3ca3ad2
SHA14b128333e30658ad8320bf5cc16c45768408bcc9
SHA256f8f104c8e89f8dbcba64323028bd33b1f38abffe180107969ddf7cd6cfb5b18b
SHA5120c3b431367cacd810ea7508f5e85680f37e319b8e5be01017ad4f7e2f4d4a6e55902c7d6fab89ee3cae1c02c699a18b9c075b46b4624f186cbcce4205172f39e
-
Filesize
72KB
MD516728aba0519545cdf82eb5b8c790824
SHA17cce86cf8ebde89c13bdd48bfce258ef66cb43f0
SHA25636f5229f0b3eac8041b576895c17c2280390cee3d466934b2e5258423c13f744
SHA51296ff256b46ad7fbe0d54fc2604b76ac051cb76f2f19c8b7b2f0adb6f7c3ab0689d67098c29200c76d4159a666fd5e79152ca06711831c0acce8a3a276e83af30
-
Filesize
72KB
MD516728aba0519545cdf82eb5b8c790824
SHA17cce86cf8ebde89c13bdd48bfce258ef66cb43f0
SHA25636f5229f0b3eac8041b576895c17c2280390cee3d466934b2e5258423c13f744
SHA51296ff256b46ad7fbe0d54fc2604b76ac051cb76f2f19c8b7b2f0adb6f7c3ab0689d67098c29200c76d4159a666fd5e79152ca06711831c0acce8a3a276e83af30
-
Filesize
72KB
MD56cb9272f379113eae6a563ade57741c5
SHA1f08a4b2c67d6c0e2c95c73e61bee2c03a038f707
SHA25617e6b3ed4e7b503a621f2592d079ba671f26a49993c43253093c0b78d820a6c3
SHA5128fb0d14d0a90ba2be24a199a8a9d23124383cb525613c564f797b7f1bdb69db0eb825caf1f737ba374252be355014bbe3a1b7a3af84e78579b2843389d8cca37
-
Filesize
72KB
MD56cb9272f379113eae6a563ade57741c5
SHA1f08a4b2c67d6c0e2c95c73e61bee2c03a038f707
SHA25617e6b3ed4e7b503a621f2592d079ba671f26a49993c43253093c0b78d820a6c3
SHA5128fb0d14d0a90ba2be24a199a8a9d23124383cb525613c564f797b7f1bdb69db0eb825caf1f737ba374252be355014bbe3a1b7a3af84e78579b2843389d8cca37
-
Filesize
72KB
MD5c5d074e343a05d185c6410760ab851ce
SHA1192fb83c730fefd3a891860668fb4901107a1e26
SHA256e37443b8a55ba0b88b7278f69e23bea7191e55e4014cc0c2f09eb59916452581
SHA512601f03ba7050d08a8d68241168f2fcdb0c3389d5960be8b094fb7fc68c99963cb5010054c1b9371b8cb677f940cb3f2b306ff078a80e6939932a671eba3b6891
-
Filesize
72KB
MD5c5d074e343a05d185c6410760ab851ce
SHA1192fb83c730fefd3a891860668fb4901107a1e26
SHA256e37443b8a55ba0b88b7278f69e23bea7191e55e4014cc0c2f09eb59916452581
SHA512601f03ba7050d08a8d68241168f2fcdb0c3389d5960be8b094fb7fc68c99963cb5010054c1b9371b8cb677f940cb3f2b306ff078a80e6939932a671eba3b6891
-
Filesize
72KB
MD56cb9272f379113eae6a563ade57741c5
SHA1f08a4b2c67d6c0e2c95c73e61bee2c03a038f707
SHA25617e6b3ed4e7b503a621f2592d079ba671f26a49993c43253093c0b78d820a6c3
SHA5128fb0d14d0a90ba2be24a199a8a9d23124383cb525613c564f797b7f1bdb69db0eb825caf1f737ba374252be355014bbe3a1b7a3af84e78579b2843389d8cca37
-
Filesize
72KB
MD56cb9272f379113eae6a563ade57741c5
SHA1f08a4b2c67d6c0e2c95c73e61bee2c03a038f707
SHA25617e6b3ed4e7b503a621f2592d079ba671f26a49993c43253093c0b78d820a6c3
SHA5128fb0d14d0a90ba2be24a199a8a9d23124383cb525613c564f797b7f1bdb69db0eb825caf1f737ba374252be355014bbe3a1b7a3af84e78579b2843389d8cca37
-
Filesize
72KB
MD56cb9272f379113eae6a563ade57741c5
SHA1f08a4b2c67d6c0e2c95c73e61bee2c03a038f707
SHA25617e6b3ed4e7b503a621f2592d079ba671f26a49993c43253093c0b78d820a6c3
SHA5128fb0d14d0a90ba2be24a199a8a9d23124383cb525613c564f797b7f1bdb69db0eb825caf1f737ba374252be355014bbe3a1b7a3af84e78579b2843389d8cca37
-
Filesize
72KB
MD56cb9272f379113eae6a563ade57741c5
SHA1f08a4b2c67d6c0e2c95c73e61bee2c03a038f707
SHA25617e6b3ed4e7b503a621f2592d079ba671f26a49993c43253093c0b78d820a6c3
SHA5128fb0d14d0a90ba2be24a199a8a9d23124383cb525613c564f797b7f1bdb69db0eb825caf1f737ba374252be355014bbe3a1b7a3af84e78579b2843389d8cca37
-
Filesize
72KB
MD56cb9272f379113eae6a563ade57741c5
SHA1f08a4b2c67d6c0e2c95c73e61bee2c03a038f707
SHA25617e6b3ed4e7b503a621f2592d079ba671f26a49993c43253093c0b78d820a6c3
SHA5128fb0d14d0a90ba2be24a199a8a9d23124383cb525613c564f797b7f1bdb69db0eb825caf1f737ba374252be355014bbe3a1b7a3af84e78579b2843389d8cca37
-
Filesize
72KB
MD56cb9272f379113eae6a563ade57741c5
SHA1f08a4b2c67d6c0e2c95c73e61bee2c03a038f707
SHA25617e6b3ed4e7b503a621f2592d079ba671f26a49993c43253093c0b78d820a6c3
SHA5128fb0d14d0a90ba2be24a199a8a9d23124383cb525613c564f797b7f1bdb69db0eb825caf1f737ba374252be355014bbe3a1b7a3af84e78579b2843389d8cca37
-
Filesize
72KB
MD56cb9272f379113eae6a563ade57741c5
SHA1f08a4b2c67d6c0e2c95c73e61bee2c03a038f707
SHA25617e6b3ed4e7b503a621f2592d079ba671f26a49993c43253093c0b78d820a6c3
SHA5128fb0d14d0a90ba2be24a199a8a9d23124383cb525613c564f797b7f1bdb69db0eb825caf1f737ba374252be355014bbe3a1b7a3af84e78579b2843389d8cca37
-
Filesize
72KB
MD56cb9272f379113eae6a563ade57741c5
SHA1f08a4b2c67d6c0e2c95c73e61bee2c03a038f707
SHA25617e6b3ed4e7b503a621f2592d079ba671f26a49993c43253093c0b78d820a6c3
SHA5128fb0d14d0a90ba2be24a199a8a9d23124383cb525613c564f797b7f1bdb69db0eb825caf1f737ba374252be355014bbe3a1b7a3af84e78579b2843389d8cca37
-
Filesize
72KB
MD57299c34a9f49aa2495d6951b91402013
SHA176d6a9267278877ede2fee9efc2e7142d53deff6
SHA25678398d10ee050d922f41782a57a506d57c56e821de8f2af81d5899c166ebee36
SHA512c816900414a1ee20925e430f7ee80961008487d92946fdca18748c223644d36e4e870705a6ca02828dcd8137213cbf4bf41cba18e979b18f12310a8b13f983e6
-
Filesize
72KB
MD57299c34a9f49aa2495d6951b91402013
SHA176d6a9267278877ede2fee9efc2e7142d53deff6
SHA25678398d10ee050d922f41782a57a506d57c56e821de8f2af81d5899c166ebee36
SHA512c816900414a1ee20925e430f7ee80961008487d92946fdca18748c223644d36e4e870705a6ca02828dcd8137213cbf4bf41cba18e979b18f12310a8b13f983e6
-
Filesize
72KB
MD5e1147efca349824b218a37dea7cafa01
SHA1ab70896d57411d4a84d46eeb7f5eb6141315087b
SHA2561fec75c8fcd91dab688b1d7fc9c3f02e77ac0b38dbfdf11c68bffb8171320b39
SHA512de4b0f7d80ea0b4c2b5613db7f475b09b578960b33d714f61bd94984de1823efa3bbc3029e52346a94eede09f0ad678e588a5a11d7856cdf6a276fd59a5610ed
-
Filesize
72KB
MD5e1147efca349824b218a37dea7cafa01
SHA1ab70896d57411d4a84d46eeb7f5eb6141315087b
SHA2561fec75c8fcd91dab688b1d7fc9c3f02e77ac0b38dbfdf11c68bffb8171320b39
SHA512de4b0f7d80ea0b4c2b5613db7f475b09b578960b33d714f61bd94984de1823efa3bbc3029e52346a94eede09f0ad678e588a5a11d7856cdf6a276fd59a5610ed
-
Filesize
72KB
MD5e4801d8bbdf28367ba65216a50a48dc7
SHA1a97a5dc65aea4a77932399378e17e17d405076b4
SHA2566d16debe0ae65071c62ffd68f528121d267293f7f0a4256faa38b6a3b9d9943c
SHA512b7af2a4d9df8e049899ed3618a88da8b8e556d1a79475df7969c80ecf3185f0a39be44f880ae8e14b216daddc1216891d759454768ae4e73173765d630f1d36f
-
Filesize
72KB
MD5e4801d8bbdf28367ba65216a50a48dc7
SHA1a97a5dc65aea4a77932399378e17e17d405076b4
SHA2566d16debe0ae65071c62ffd68f528121d267293f7f0a4256faa38b6a3b9d9943c
SHA512b7af2a4d9df8e049899ed3618a88da8b8e556d1a79475df7969c80ecf3185f0a39be44f880ae8e14b216daddc1216891d759454768ae4e73173765d630f1d36f
-
Filesize
72KB
MD5ae114d8ff80960ba9a9fb303daa33d47
SHA1f16b1d10d4a14dbbf753beacd0ea036f49395677
SHA256f20b04096802a0f127c6374ecafdce15170cc22038ed1332541237221bfa2332
SHA51250d8079ac196119e67e52720a1484a92027585c8c8db8e3671909d7f9571dd859a68fcf2ffcef74df3872f82d3a76935a1dc3ba92fd25ec4f803d6624c17294f
-
Filesize
72KB
MD5ae114d8ff80960ba9a9fb303daa33d47
SHA1f16b1d10d4a14dbbf753beacd0ea036f49395677
SHA256f20b04096802a0f127c6374ecafdce15170cc22038ed1332541237221bfa2332
SHA51250d8079ac196119e67e52720a1484a92027585c8c8db8e3671909d7f9571dd859a68fcf2ffcef74df3872f82d3a76935a1dc3ba92fd25ec4f803d6624c17294f
-
Filesize
72KB
MD533b356ecd7a0efbb4e711216acd7a214
SHA1bc68a71031e12d5bc0319fe418d52fbbe5a0d467
SHA2563165e68909adb7131ab9bfc4e9c5ca6d7174414b20c8257ae4cc4af9f215b377
SHA51278bd548fa33045c4c2175f9f92e72a72f09e02274e528c72205e704ab5249d62d40f5bd4d44ab8d78c75c4d45a3b884641c00ac22a84db0ac39feb545728e539
-
Filesize
72KB
MD533b356ecd7a0efbb4e711216acd7a214
SHA1bc68a71031e12d5bc0319fe418d52fbbe5a0d467
SHA2563165e68909adb7131ab9bfc4e9c5ca6d7174414b20c8257ae4cc4af9f215b377
SHA51278bd548fa33045c4c2175f9f92e72a72f09e02274e528c72205e704ab5249d62d40f5bd4d44ab8d78c75c4d45a3b884641c00ac22a84db0ac39feb545728e539
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5f15fbe96225e5e57c8fa08fc0fde502a
SHA1271727f3984202d6fb9b3a5bd8bbba272e12bb16
SHA2560766aa78bfc9324a6b9331e75f15a20f89f65afbfc4871baef1502d827551c32
SHA5122550bbf19a2f186b9efa1e23c3aa0bdc1dce1b5b1365fd7792db8fc7c5b1e891751a08137d1da7664afd47eb8e25e7bd9943358a607a1ddb4f9ac2d55de8f520
-
Filesize
72KB
MD5b3320c3c5d8415e467df8e112f89117d
SHA16e54e4ef2fd12cb1d14d53d9c3c0602ab52bdb01
SHA256ccd70a080b2642d71a42fe8168a000792f3394044a00122eb998baa8ab4b0345
SHA51218fab69250ccd80df0eba74f70b4ffa3dbafe2d3a247fe1a2052d897b8b82daf59e30b0806192efcb64b44b588275da925618778e893b7de70b74f6043f42b07
-
Filesize
72KB
MD5b3320c3c5d8415e467df8e112f89117d
SHA16e54e4ef2fd12cb1d14d53d9c3c0602ab52bdb01
SHA256ccd70a080b2642d71a42fe8168a000792f3394044a00122eb998baa8ab4b0345
SHA51218fab69250ccd80df0eba74f70b4ffa3dbafe2d3a247fe1a2052d897b8b82daf59e30b0806192efcb64b44b588275da925618778e893b7de70b74f6043f42b07
-
Filesize
72KB
MD53115d03b84024eeebba5fbac4cea9c7e
SHA1b34ad6eeb2852c47c499115bbe15df3b5a92dcef
SHA2568a3e113a85fbf11c16c0842859fe1871c99e6527480376eed73de13902b7d4f0
SHA5129a85bd172174b3a96d4d46490bb38d2d92ca06f86e14e53949c15185b0485651c0448405776f8f285b5c31a59c7ecb1dcff8318622237c17d07273daacb5efc6
-
Filesize
72KB
MD5b2040cf9ec5dd924ca24e7ff44f48485
SHA14183b509cdf65c2add8dbc472ad617d6b8577754
SHA2568e256fb570e0be37e2a09e0f00b3a75c1f049055d04ff0c7b87ea619f207914e
SHA512dc516da7717fdba912e51844789b03a6b46af61b0bd5c99d39e99f32394915377f29cf19ee97e1b195278e7bd5267f81343c41e1d668f945950337639fddcb01
-
Filesize
72KB
MD5b2040cf9ec5dd924ca24e7ff44f48485
SHA14183b509cdf65c2add8dbc472ad617d6b8577754
SHA2568e256fb570e0be37e2a09e0f00b3a75c1f049055d04ff0c7b87ea619f207914e
SHA512dc516da7717fdba912e51844789b03a6b46af61b0bd5c99d39e99f32394915377f29cf19ee97e1b195278e7bd5267f81343c41e1d668f945950337639fddcb01
-
Filesize
72KB
MD5ae114d8ff80960ba9a9fb303daa33d47
SHA1f16b1d10d4a14dbbf753beacd0ea036f49395677
SHA256f20b04096802a0f127c6374ecafdce15170cc22038ed1332541237221bfa2332
SHA51250d8079ac196119e67e52720a1484a92027585c8c8db8e3671909d7f9571dd859a68fcf2ffcef74df3872f82d3a76935a1dc3ba92fd25ec4f803d6624c17294f
-
Filesize
72KB
MD5ae114d8ff80960ba9a9fb303daa33d47
SHA1f16b1d10d4a14dbbf753beacd0ea036f49395677
SHA256f20b04096802a0f127c6374ecafdce15170cc22038ed1332541237221bfa2332
SHA51250d8079ac196119e67e52720a1484a92027585c8c8db8e3671909d7f9571dd859a68fcf2ffcef74df3872f82d3a76935a1dc3ba92fd25ec4f803d6624c17294f