Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
05/12/2022, 19:26
General
-
Target
4151407aecdd35fd090fdf26fcaf0814c4be311d93f4801110a5ac7393d947d3.exe
-
Size
72KB
-
MD5
0bc426fab658dae8f009498df4155b02
-
SHA1
af6816fe742b1139024fa8f3b6595b16612daa45
-
SHA256
4151407aecdd35fd090fdf26fcaf0814c4be311d93f4801110a5ac7393d947d3
-
SHA512
62f8ac031f129b4552eb2a52a335c151f32e9073cdd0d2e29870372cd01e474d06fcb7857b4a675923b2d108b79ec77f0eeea8ad6cf747f7d02b95f35c919ae5
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2K:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrP+
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4151407aecdd35fd090fdf26fcaf0814c4be311d93f4801110a5ac7393d947d3.exe"C:\Users\Admin\AppData\Local\Temp\4151407aecdd35fd090fdf26fcaf0814c4be311d93f4801110a5ac7393d947d3.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3296522442\backup.exeC:\Users\Admin\AppData\Local\Temp\3296522442\backup.exe C:\Users\Admin\AppData\Local\Temp\3296522442\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\System Restore.exe"C:\Program Files\Common Files\System Restore.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\data.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\data.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\update.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\fr-FR\data.exe"C:\Program Files\DVD Maker\fr-FR\data.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
-
-
-
C:\Program Files\Google\System Restore.exe"C:\Program Files\Google\System Restore.exe" C:\Program Files\Google\5⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\10⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\11⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\9⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\10⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\11⤵
- Disables RegEdit via registry modification
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files (x86)\Common Files\data.exe"C:\Program Files (x86)\Common Files\data.exe" C:\Program Files (x86)\Common Files\5⤵
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\10⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\System Restore.exe"C:\Program Files (x86)\Google\CrashReports\System Restore.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Temp\data.exe"C:\Program Files (x86)\Google\Temp\data.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
-
C:\Users\data.exeC:\Users\data.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- System policy modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Documents\data.exeC:\Users\Admin\Documents\data.exe C:\Users\Admin\Documents\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- System policy modification
-
-
C:\Users\Admin\Favorites\update.exeC:\Users\Admin\Favorites\update.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\update.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\update.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5125623b86c9f77364d5ce69f03bf4bb6
SHA12a0e9e8dcce23148f7e3517ea28ff097ae0abf96
SHA256b492d6a94858877f88ad2545972d357d8548ca623fc3c1c7b36dad4911e06371
SHA512ce9c6cd5b59e8e57e7a020ad8c5a4a81e87ea9c639c38f7c88a146dee0f607610ff5337957da42e850aa7fd59722dc432dcb052727543244c9310cd5fd44f357
-
Filesize
72KB
MD5dd3a2582cfab785a4102a6c055df707b
SHA16e80896a554c3031e29a2c9747235d191ff6e4b3
SHA256888cc813a67b85f6b7f387873a18f22082308e7219d8856e3ecb5e8aeb59f346
SHA51210a4367bec1c25b449148bc68d4876fcb2d1f11d7c0f7075312a83c0c31297a6aabe4d89a29581ee1e3fb18089a8dfd5d0be924dd55ecdc9c78ae70b9142e2d9
-
Filesize
72KB
MD5dd3a2582cfab785a4102a6c055df707b
SHA16e80896a554c3031e29a2c9747235d191ff6e4b3
SHA256888cc813a67b85f6b7f387873a18f22082308e7219d8856e3ecb5e8aeb59f346
SHA51210a4367bec1c25b449148bc68d4876fcb2d1f11d7c0f7075312a83c0c31297a6aabe4d89a29581ee1e3fb18089a8dfd5d0be924dd55ecdc9c78ae70b9142e2d9
-
Filesize
72KB
MD57b82b95b6f1c519289e212dd10a3d5fb
SHA1407c808ba063f4238878cbffe355bac5ccf75850
SHA256ff5ef112772a14b61df5adea423679c9f6023cbcfe655cd55d31484637a7f8cb
SHA512196b38b3a35b9ac42739705f0562611641b5295b0ae8e51642a0821c9c5cd51f0135c3faa56c479c014a0cd9518e2205b91089f9d90b46c363ca9f501c567d4f
-
Filesize
72KB
MD57b82b95b6f1c519289e212dd10a3d5fb
SHA1407c808ba063f4238878cbffe355bac5ccf75850
SHA256ff5ef112772a14b61df5adea423679c9f6023cbcfe655cd55d31484637a7f8cb
SHA512196b38b3a35b9ac42739705f0562611641b5295b0ae8e51642a0821c9c5cd51f0135c3faa56c479c014a0cd9518e2205b91089f9d90b46c363ca9f501c567d4f
-
Filesize
72KB
MD526cb71cd675e92677dbd23ad95eb3947
SHA11ecde64cb206edfc5beee5ca66f72e5422915eee
SHA256fa3e1aeb92eaf8e3909eac7939d7e3dac31947213c22bb88119e004a9fc4fdb9
SHA5128b62a6e6306450cb223e903bd3deb1b3e2ea2cd174e27c2a3e5b4ec229d947415064119164691ee5469449f95f352b7f4c898742620748fd050049339a0fbbf9
-
Filesize
72KB
MD526cb71cd675e92677dbd23ad95eb3947
SHA11ecde64cb206edfc5beee5ca66f72e5422915eee
SHA256fa3e1aeb92eaf8e3909eac7939d7e3dac31947213c22bb88119e004a9fc4fdb9
SHA5128b62a6e6306450cb223e903bd3deb1b3e2ea2cd174e27c2a3e5b4ec229d947415064119164691ee5469449f95f352b7f4c898742620748fd050049339a0fbbf9
-
Filesize
72KB
MD571ca6cdf95873ffa805a25fb4a1dab83
SHA1d8e052c9eae9918d5182f9704f28b849a1c3616d
SHA2560cd34032d5b0454a3293a60cfce5128f7bc86d180fac0f298593742edee5e2cd
SHA512c7532bb30409f9695f15e5c4a28e2cbf73acbd279275451a7386c12f41ab3222eebb1572f2c4bc4e5235d184788c3417ec9d486b4e0cdc74638a45ab3d578fac
-
Filesize
72KB
MD571ca6cdf95873ffa805a25fb4a1dab83
SHA1d8e052c9eae9918d5182f9704f28b849a1c3616d
SHA2560cd34032d5b0454a3293a60cfce5128f7bc86d180fac0f298593742edee5e2cd
SHA512c7532bb30409f9695f15e5c4a28e2cbf73acbd279275451a7386c12f41ab3222eebb1572f2c4bc4e5235d184788c3417ec9d486b4e0cdc74638a45ab3d578fac
-
Filesize
72KB
MD5029b4e2678066b153d1356697d518e37
SHA13ebd79935e9ced24e7bc88b8015d8e886a5fcfb8
SHA2560d1efad94e999c6d3cdc5abae4ee89ea22df97e70f3d77c21b363377232b89a7
SHA512cd2428d29d777f019f48f6dd6860614f86de671d6cee1e1f77110ccdd3aa03a6296e35d44475e55318ab5fc8df9cef9a5b513afe21db99682897514da3b91376
-
Filesize
72KB
MD542ebfc12ef087cc6c5e90d44ad6e7d4b
SHA1b515bd4526065e2107e01134596b1250f48c814e
SHA256f423f6007016cb4dde2080f793117de08f1541fc4dada1dc19e69f0bff561ce5
SHA51249844ead5120a6483044c6e881abf5fdb7bfb31e64f30b67780eeb1302d05b16cc707b3eba680c569b85c4e8924eefa19264fbcab6602f6015cd535c01dd7251
-
Filesize
72KB
MD542ebfc12ef087cc6c5e90d44ad6e7d4b
SHA1b515bd4526065e2107e01134596b1250f48c814e
SHA256f423f6007016cb4dde2080f793117de08f1541fc4dada1dc19e69f0bff561ce5
SHA51249844ead5120a6483044c6e881abf5fdb7bfb31e64f30b67780eeb1302d05b16cc707b3eba680c569b85c4e8924eefa19264fbcab6602f6015cd535c01dd7251
-
Filesize
72KB
MD5440267bf55a12ed715565a574e20148e
SHA1c840a94d9f4e91c418624ed93691949413865907
SHA2566b2da059b9844a2d42751e4f73d3beebba83820a7139d42d6cf6eb6643c94b7e
SHA51212f9e53ececd3e98397530f836c0e899c168c3f463840e52c06f669bd25a150e610ed470d400418f6f6c8e225fa22e68cf7ab27ed7202dca621c0591b730a3aa
-
Filesize
72KB
MD53c86fdfcb8bd1de31bd5050ab4523a9a
SHA16fded207e5939bc6b74a6d98c9e711337581455e
SHA2561e3ee58456b2b8bea691978219ee45b31e054b7c489246181c043a7d3f1b65be
SHA512ceeff6f80cfa327ff7d18061c3846b670924476d9663c9cdcf8cae9b51a611d8a084cd547eafd0c95aaa7437a98964ccc920ccac9ad9af06fd21005910866828
-
Filesize
72KB
MD53c86fdfcb8bd1de31bd5050ab4523a9a
SHA16fded207e5939bc6b74a6d98c9e711337581455e
SHA2561e3ee58456b2b8bea691978219ee45b31e054b7c489246181c043a7d3f1b65be
SHA512ceeff6f80cfa327ff7d18061c3846b670924476d9663c9cdcf8cae9b51a611d8a084cd547eafd0c95aaa7437a98964ccc920ccac9ad9af06fd21005910866828
-
Filesize
72KB
MD5dd3a2582cfab785a4102a6c055df707b
SHA16e80896a554c3031e29a2c9747235d191ff6e4b3
SHA256888cc813a67b85f6b7f387873a18f22082308e7219d8856e3ecb5e8aeb59f346
SHA51210a4367bec1c25b449148bc68d4876fcb2d1f11d7c0f7075312a83c0c31297a6aabe4d89a29581ee1e3fb18089a8dfd5d0be924dd55ecdc9c78ae70b9142e2d9
-
Filesize
72KB
MD5dd3a2582cfab785a4102a6c055df707b
SHA16e80896a554c3031e29a2c9747235d191ff6e4b3
SHA256888cc813a67b85f6b7f387873a18f22082308e7219d8856e3ecb5e8aeb59f346
SHA51210a4367bec1c25b449148bc68d4876fcb2d1f11d7c0f7075312a83c0c31297a6aabe4d89a29581ee1e3fb18089a8dfd5d0be924dd55ecdc9c78ae70b9142e2d9
-
Filesize
72KB
MD597195d64449c4e84ec4982c8b8a78133
SHA15389220381ea23b20dc9f639ae49c063befb627a
SHA2569c75d4a52653abe9dadcb1778693f428105638b2a81d92a6e61df950cd98ff1c
SHA512f46f28ce881cba6ed6b2367fe844518c70455c40d1eb1ad2613c0ae32c22bd94ea5a4836db241d5ead973028f690a96c2817ca89e06dc6fbdf136cefbcf02020
-
Filesize
72KB
MD597195d64449c4e84ec4982c8b8a78133
SHA15389220381ea23b20dc9f639ae49c063befb627a
SHA2569c75d4a52653abe9dadcb1778693f428105638b2a81d92a6e61df950cd98ff1c
SHA512f46f28ce881cba6ed6b2367fe844518c70455c40d1eb1ad2613c0ae32c22bd94ea5a4836db241d5ead973028f690a96c2817ca89e06dc6fbdf136cefbcf02020
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD5f041c4a6e420373bed676e213e6bd961
SHA142e37d4c9f229c28a568defcdbf3909b210f9ef1
SHA256468e05f4e26423744adc12432896ffef6ba6dc08fc4f46bc7aefcf8722619830
SHA5123946e86ed365292b9696258b8f5adce9f3087a4db138da142a0fc3522d3a8651b2511cb86bc46cd57ac177e6a2841fc315189188d55d84620726399c3ffc8251
-
Filesize
72KB
MD5f041c4a6e420373bed676e213e6bd961
SHA142e37d4c9f229c28a568defcdbf3909b210f9ef1
SHA256468e05f4e26423744adc12432896ffef6ba6dc08fc4f46bc7aefcf8722619830
SHA5123946e86ed365292b9696258b8f5adce9f3087a4db138da142a0fc3522d3a8651b2511cb86bc46cd57ac177e6a2841fc315189188d55d84620726399c3ffc8251
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD5f041c4a6e420373bed676e213e6bd961
SHA142e37d4c9f229c28a568defcdbf3909b210f9ef1
SHA256468e05f4e26423744adc12432896ffef6ba6dc08fc4f46bc7aefcf8722619830
SHA5123946e86ed365292b9696258b8f5adce9f3087a4db138da142a0fc3522d3a8651b2511cb86bc46cd57ac177e6a2841fc315189188d55d84620726399c3ffc8251
-
Filesize
72KB
MD58a075d8748019901ccf8dd9e22b710c6
SHA162f5810722eeb7a3338e2f307bd848c09da3346a
SHA2568f28f22ed058ac1b8fcacf2c11c5aa7953460daf853b93fbe7d8ce23515f19b0
SHA51220aa124b222d78caf071f8a61fadfed65bb8b6a9ae7ff75cb4e08598259e127ad66e461e6b63640f2901d819201d3645c82f9cc4113b9d36f4ebc3767432c088
-
Filesize
72KB
MD58a075d8748019901ccf8dd9e22b710c6
SHA162f5810722eeb7a3338e2f307bd848c09da3346a
SHA2568f28f22ed058ac1b8fcacf2c11c5aa7953460daf853b93fbe7d8ce23515f19b0
SHA51220aa124b222d78caf071f8a61fadfed65bb8b6a9ae7ff75cb4e08598259e127ad66e461e6b63640f2901d819201d3645c82f9cc4113b9d36f4ebc3767432c088
-
Filesize
72KB
MD5125623b86c9f77364d5ce69f03bf4bb6
SHA12a0e9e8dcce23148f7e3517ea28ff097ae0abf96
SHA256b492d6a94858877f88ad2545972d357d8548ca623fc3c1c7b36dad4911e06371
SHA512ce9c6cd5b59e8e57e7a020ad8c5a4a81e87ea9c639c38f7c88a146dee0f607610ff5337957da42e850aa7fd59722dc432dcb052727543244c9310cd5fd44f357
-
Filesize
72KB
MD5125623b86c9f77364d5ce69f03bf4bb6
SHA12a0e9e8dcce23148f7e3517ea28ff097ae0abf96
SHA256b492d6a94858877f88ad2545972d357d8548ca623fc3c1c7b36dad4911e06371
SHA512ce9c6cd5b59e8e57e7a020ad8c5a4a81e87ea9c639c38f7c88a146dee0f607610ff5337957da42e850aa7fd59722dc432dcb052727543244c9310cd5fd44f357
-
Filesize
72KB
MD5dd3a2582cfab785a4102a6c055df707b
SHA16e80896a554c3031e29a2c9747235d191ff6e4b3
SHA256888cc813a67b85f6b7f387873a18f22082308e7219d8856e3ecb5e8aeb59f346
SHA51210a4367bec1c25b449148bc68d4876fcb2d1f11d7c0f7075312a83c0c31297a6aabe4d89a29581ee1e3fb18089a8dfd5d0be924dd55ecdc9c78ae70b9142e2d9
-
Filesize
72KB
MD5dd3a2582cfab785a4102a6c055df707b
SHA16e80896a554c3031e29a2c9747235d191ff6e4b3
SHA256888cc813a67b85f6b7f387873a18f22082308e7219d8856e3ecb5e8aeb59f346
SHA51210a4367bec1c25b449148bc68d4876fcb2d1f11d7c0f7075312a83c0c31297a6aabe4d89a29581ee1e3fb18089a8dfd5d0be924dd55ecdc9c78ae70b9142e2d9
-
Filesize
72KB
MD57b82b95b6f1c519289e212dd10a3d5fb
SHA1407c808ba063f4238878cbffe355bac5ccf75850
SHA256ff5ef112772a14b61df5adea423679c9f6023cbcfe655cd55d31484637a7f8cb
SHA512196b38b3a35b9ac42739705f0562611641b5295b0ae8e51642a0821c9c5cd51f0135c3faa56c479c014a0cd9518e2205b91089f9d90b46c363ca9f501c567d4f
-
Filesize
72KB
MD57b82b95b6f1c519289e212dd10a3d5fb
SHA1407c808ba063f4238878cbffe355bac5ccf75850
SHA256ff5ef112772a14b61df5adea423679c9f6023cbcfe655cd55d31484637a7f8cb
SHA512196b38b3a35b9ac42739705f0562611641b5295b0ae8e51642a0821c9c5cd51f0135c3faa56c479c014a0cd9518e2205b91089f9d90b46c363ca9f501c567d4f
-
Filesize
72KB
MD526cb71cd675e92677dbd23ad95eb3947
SHA11ecde64cb206edfc5beee5ca66f72e5422915eee
SHA256fa3e1aeb92eaf8e3909eac7939d7e3dac31947213c22bb88119e004a9fc4fdb9
SHA5128b62a6e6306450cb223e903bd3deb1b3e2ea2cd174e27c2a3e5b4ec229d947415064119164691ee5469449f95f352b7f4c898742620748fd050049339a0fbbf9
-
Filesize
72KB
MD526cb71cd675e92677dbd23ad95eb3947
SHA11ecde64cb206edfc5beee5ca66f72e5422915eee
SHA256fa3e1aeb92eaf8e3909eac7939d7e3dac31947213c22bb88119e004a9fc4fdb9
SHA5128b62a6e6306450cb223e903bd3deb1b3e2ea2cd174e27c2a3e5b4ec229d947415064119164691ee5469449f95f352b7f4c898742620748fd050049339a0fbbf9
-
Filesize
72KB
MD571ca6cdf95873ffa805a25fb4a1dab83
SHA1d8e052c9eae9918d5182f9704f28b849a1c3616d
SHA2560cd34032d5b0454a3293a60cfce5128f7bc86d180fac0f298593742edee5e2cd
SHA512c7532bb30409f9695f15e5c4a28e2cbf73acbd279275451a7386c12f41ab3222eebb1572f2c4bc4e5235d184788c3417ec9d486b4e0cdc74638a45ab3d578fac
-
Filesize
72KB
MD571ca6cdf95873ffa805a25fb4a1dab83
SHA1d8e052c9eae9918d5182f9704f28b849a1c3616d
SHA2560cd34032d5b0454a3293a60cfce5128f7bc86d180fac0f298593742edee5e2cd
SHA512c7532bb30409f9695f15e5c4a28e2cbf73acbd279275451a7386c12f41ab3222eebb1572f2c4bc4e5235d184788c3417ec9d486b4e0cdc74638a45ab3d578fac
-
Filesize
72KB
MD5029b4e2678066b153d1356697d518e37
SHA13ebd79935e9ced24e7bc88b8015d8e886a5fcfb8
SHA2560d1efad94e999c6d3cdc5abae4ee89ea22df97e70f3d77c21b363377232b89a7
SHA512cd2428d29d777f019f48f6dd6860614f86de671d6cee1e1f77110ccdd3aa03a6296e35d44475e55318ab5fc8df9cef9a5b513afe21db99682897514da3b91376
-
Filesize
72KB
MD5029b4e2678066b153d1356697d518e37
SHA13ebd79935e9ced24e7bc88b8015d8e886a5fcfb8
SHA2560d1efad94e999c6d3cdc5abae4ee89ea22df97e70f3d77c21b363377232b89a7
SHA512cd2428d29d777f019f48f6dd6860614f86de671d6cee1e1f77110ccdd3aa03a6296e35d44475e55318ab5fc8df9cef9a5b513afe21db99682897514da3b91376
-
Filesize
72KB
MD542ebfc12ef087cc6c5e90d44ad6e7d4b
SHA1b515bd4526065e2107e01134596b1250f48c814e
SHA256f423f6007016cb4dde2080f793117de08f1541fc4dada1dc19e69f0bff561ce5
SHA51249844ead5120a6483044c6e881abf5fdb7bfb31e64f30b67780eeb1302d05b16cc707b3eba680c569b85c4e8924eefa19264fbcab6602f6015cd535c01dd7251
-
Filesize
72KB
MD542ebfc12ef087cc6c5e90d44ad6e7d4b
SHA1b515bd4526065e2107e01134596b1250f48c814e
SHA256f423f6007016cb4dde2080f793117de08f1541fc4dada1dc19e69f0bff561ce5
SHA51249844ead5120a6483044c6e881abf5fdb7bfb31e64f30b67780eeb1302d05b16cc707b3eba680c569b85c4e8924eefa19264fbcab6602f6015cd535c01dd7251
-
Filesize
72KB
MD5440267bf55a12ed715565a574e20148e
SHA1c840a94d9f4e91c418624ed93691949413865907
SHA2566b2da059b9844a2d42751e4f73d3beebba83820a7139d42d6cf6eb6643c94b7e
SHA51212f9e53ececd3e98397530f836c0e899c168c3f463840e52c06f669bd25a150e610ed470d400418f6f6c8e225fa22e68cf7ab27ed7202dca621c0591b730a3aa
-
Filesize
72KB
MD5440267bf55a12ed715565a574e20148e
SHA1c840a94d9f4e91c418624ed93691949413865907
SHA2566b2da059b9844a2d42751e4f73d3beebba83820a7139d42d6cf6eb6643c94b7e
SHA51212f9e53ececd3e98397530f836c0e899c168c3f463840e52c06f669bd25a150e610ed470d400418f6f6c8e225fa22e68cf7ab27ed7202dca621c0591b730a3aa
-
Filesize
72KB
MD53c86fdfcb8bd1de31bd5050ab4523a9a
SHA16fded207e5939bc6b74a6d98c9e711337581455e
SHA2561e3ee58456b2b8bea691978219ee45b31e054b7c489246181c043a7d3f1b65be
SHA512ceeff6f80cfa327ff7d18061c3846b670924476d9663c9cdcf8cae9b51a611d8a084cd547eafd0c95aaa7437a98964ccc920ccac9ad9af06fd21005910866828
-
Filesize
72KB
MD53c86fdfcb8bd1de31bd5050ab4523a9a
SHA16fded207e5939bc6b74a6d98c9e711337581455e
SHA2561e3ee58456b2b8bea691978219ee45b31e054b7c489246181c043a7d3f1b65be
SHA512ceeff6f80cfa327ff7d18061c3846b670924476d9663c9cdcf8cae9b51a611d8a084cd547eafd0c95aaa7437a98964ccc920ccac9ad9af06fd21005910866828
-
Filesize
72KB
MD5dd3a2582cfab785a4102a6c055df707b
SHA16e80896a554c3031e29a2c9747235d191ff6e4b3
SHA256888cc813a67b85f6b7f387873a18f22082308e7219d8856e3ecb5e8aeb59f346
SHA51210a4367bec1c25b449148bc68d4876fcb2d1f11d7c0f7075312a83c0c31297a6aabe4d89a29581ee1e3fb18089a8dfd5d0be924dd55ecdc9c78ae70b9142e2d9
-
Filesize
72KB
MD5dd3a2582cfab785a4102a6c055df707b
SHA16e80896a554c3031e29a2c9747235d191ff6e4b3
SHA256888cc813a67b85f6b7f387873a18f22082308e7219d8856e3ecb5e8aeb59f346
SHA51210a4367bec1c25b449148bc68d4876fcb2d1f11d7c0f7075312a83c0c31297a6aabe4d89a29581ee1e3fb18089a8dfd5d0be924dd55ecdc9c78ae70b9142e2d9
-
Filesize
72KB
MD597195d64449c4e84ec4982c8b8a78133
SHA15389220381ea23b20dc9f639ae49c063befb627a
SHA2569c75d4a52653abe9dadcb1778693f428105638b2a81d92a6e61df950cd98ff1c
SHA512f46f28ce881cba6ed6b2367fe844518c70455c40d1eb1ad2613c0ae32c22bd94ea5a4836db241d5ead973028f690a96c2817ca89e06dc6fbdf136cefbcf02020
-
Filesize
72KB
MD597195d64449c4e84ec4982c8b8a78133
SHA15389220381ea23b20dc9f639ae49c063befb627a
SHA2569c75d4a52653abe9dadcb1778693f428105638b2a81d92a6e61df950cd98ff1c
SHA512f46f28ce881cba6ed6b2367fe844518c70455c40d1eb1ad2613c0ae32c22bd94ea5a4836db241d5ead973028f690a96c2817ca89e06dc6fbdf136cefbcf02020
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD5f041c4a6e420373bed676e213e6bd961
SHA142e37d4c9f229c28a568defcdbf3909b210f9ef1
SHA256468e05f4e26423744adc12432896ffef6ba6dc08fc4f46bc7aefcf8722619830
SHA5123946e86ed365292b9696258b8f5adce9f3087a4db138da142a0fc3522d3a8651b2511cb86bc46cd57ac177e6a2841fc315189188d55d84620726399c3ffc8251
-
Filesize
72KB
MD5f041c4a6e420373bed676e213e6bd961
SHA142e37d4c9f229c28a568defcdbf3909b210f9ef1
SHA256468e05f4e26423744adc12432896ffef6ba6dc08fc4f46bc7aefcf8722619830
SHA5123946e86ed365292b9696258b8f5adce9f3087a4db138da142a0fc3522d3a8651b2511cb86bc46cd57ac177e6a2841fc315189188d55d84620726399c3ffc8251
-
Filesize
72KB
MD5f041c4a6e420373bed676e213e6bd961
SHA142e37d4c9f229c28a568defcdbf3909b210f9ef1
SHA256468e05f4e26423744adc12432896ffef6ba6dc08fc4f46bc7aefcf8722619830
SHA5123946e86ed365292b9696258b8f5adce9f3087a4db138da142a0fc3522d3a8651b2511cb86bc46cd57ac177e6a2841fc315189188d55d84620726399c3ffc8251
-
Filesize
72KB
MD5f041c4a6e420373bed676e213e6bd961
SHA142e37d4c9f229c28a568defcdbf3909b210f9ef1
SHA256468e05f4e26423744adc12432896ffef6ba6dc08fc4f46bc7aefcf8722619830
SHA5123946e86ed365292b9696258b8f5adce9f3087a4db138da142a0fc3522d3a8651b2511cb86bc46cd57ac177e6a2841fc315189188d55d84620726399c3ffc8251
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD54983b503966b1bba16d2922e3531fab5
SHA10e3fde61781c3e439a6e2bff285ce613bdb2d231
SHA256ddf459e643293710b8a3d37cae71ccc9d6f1d2f2d4afadedf1260ee05abb3d31
SHA512374246f52eeda50f47a35d506037232cc79669661950685417a54517adaade0d3b1ae4977f54679c0ce849323c18f82099358b7b5ce0b505f5bdcb27d471b49d
-
Filesize
72KB
MD5f041c4a6e420373bed676e213e6bd961
SHA142e37d4c9f229c28a568defcdbf3909b210f9ef1
SHA256468e05f4e26423744adc12432896ffef6ba6dc08fc4f46bc7aefcf8722619830
SHA5123946e86ed365292b9696258b8f5adce9f3087a4db138da142a0fc3522d3a8651b2511cb86bc46cd57ac177e6a2841fc315189188d55d84620726399c3ffc8251
-
Filesize
72KB
MD5f041c4a6e420373bed676e213e6bd961
SHA142e37d4c9f229c28a568defcdbf3909b210f9ef1
SHA256468e05f4e26423744adc12432896ffef6ba6dc08fc4f46bc7aefcf8722619830
SHA5123946e86ed365292b9696258b8f5adce9f3087a4db138da142a0fc3522d3a8651b2511cb86bc46cd57ac177e6a2841fc315189188d55d84620726399c3ffc8251
-
Filesize
8KB
-
Filesize
8KB