Analysis
-
max time kernel
151s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
05/12/2022, 19:38
General
-
Target
05fca13ca3fb6ee4de57c26ce4b7910dbcb4022ff50565d3dcb1e8ddd1c03461.exe
-
Size
72KB
-
MD5
067be6718af3454e4ea3dc8a64c265d4
-
SHA1
ed1be8e075b9fdb9a444165005f7df58a1a56b34
-
SHA256
05fca13ca3fb6ee4de57c26ce4b7910dbcb4022ff50565d3dcb1e8ddd1c03461
-
SHA512
d8789ffbe6cae0a75d8cf1071400167709a75fce396894bc133c2874e59d145da304a2a07314e188a38215e32be8b86667f591996ce7c2a768133387d50f6fd8
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2M:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPY
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05fca13ca3fb6ee4de57c26ce4b7910dbcb4022ff50565d3dcb1e8ddd1c03461.exe"C:\Users\Admin\AppData\Local\Temp\05fca13ca3fb6ee4de57c26ce4b7910dbcb4022ff50565d3dcb1e8ddd1c03461.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2181159691\backup.exeC:\Users\Admin\AppData\Local\Temp\2181159691\backup.exe C:\Users\Admin\AppData\Local\Temp\2181159691\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\data.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\data.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\data.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\data.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
-
-
C:\Program Files\Common Files\System\System Restore.exe"C:\Program Files\Common Files\System\System Restore.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\update.exe"C:\Program Files\Common Files\System\ado\update.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
-
-
C:\Program Files\DVD Maker\Shared\update.exe"C:\Program Files\DVD Maker\Shared\update.exe" C:\Program Files\DVD Maker\Shared\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\data.exe"C:\Program Files\Microsoft Office\data.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
C:\Program Files (x86)\Google\Temp\data.exe"C:\Program Files (x86)\Google\Temp\data.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\update.exe"C:\Program Files (x86)\Microsoft Analysis Services\update.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\6⤵
-
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\data.exe"C:\Program Files (x86)\Microsoft Sync Framework\data.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
-
C:\Windows\update.exeC:\Windows\update.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Windows directory
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
-
C:\Windows\CSC\backup.exeC:\Windows\CSC\backup.exe C:\Windows\CSC\5⤵
-
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\update.exeC:\Users\Admin\AppData\Local\Temp\Low\update.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5a8752060f006564d36e1aee0a1b15c32
SHA1e627f38b6d0c720be4e937b3912243db580064cf
SHA256ccd5d47386e207c18beecfcb9835b06985cdc1d46552f873b6c79c7244bf8797
SHA5129fe13cbd998f7afd1e8c2b65be5ce58657017edca1198eaa6b8609413cca825a0d4438398cc073e6985c7e59bddb9267dcc5655714922c52351f2b793a4cf02c
-
Filesize
72KB
MD596c6f40af92dcf794e96bf04fe26fd95
SHA1db894a98f8010851094f4b8e998b2fca13544a7d
SHA256add8ed99cf06e21d4bcb39663cd8bcc141ee192cf2e30f08bfab7189b218d9e0
SHA512efe09da921ae24e54f1b7e0ebd713ff17c327d3ce324793f5d2fb3b2d62273d694e533552f9f07f8b655d8a90956bbf6c1ba1897c06dacdfd1f052399c116eb0
-
Filesize
72KB
MD596c6f40af92dcf794e96bf04fe26fd95
SHA1db894a98f8010851094f4b8e998b2fca13544a7d
SHA256add8ed99cf06e21d4bcb39663cd8bcc141ee192cf2e30f08bfab7189b218d9e0
SHA512efe09da921ae24e54f1b7e0ebd713ff17c327d3ce324793f5d2fb3b2d62273d694e533552f9f07f8b655d8a90956bbf6c1ba1897c06dacdfd1f052399c116eb0
-
Filesize
72KB
MD5b51a36a6a41f134c3d3d7c14a75c2371
SHA15d306724a1d7b8423646c97c928eac7f45cc1054
SHA256dce3ea8f5068a98940ccc48c00e127e9511c0da64eb863d2df9dbe039cf0bcbd
SHA512ac6b730c4fbeb671204a30546dae50d3a75521526ffb449eb2835f6c2c7c545066688120ccf8d2c3dfd2907bf5230c657b66c5646cfa66a485ba7eb6d5304e77
-
Filesize
72KB
MD50c7e26d7faf81bc3bd7d811c6d129245
SHA1811f1d21bca41469d919ee46e39be38d0205b13c
SHA256d38466167dc811512a0afd05c69b69d73dd453cb35193cc7bf719fb665cf33bb
SHA51246dcaa96902deedee5aece83706ce1ece8913eb069ccc007127c4435e026f916c3e08d443823b08182c490bbfae569b16dd126308dcba0c26392f89cb4197141
-
Filesize
72KB
MD50c7e26d7faf81bc3bd7d811c6d129245
SHA1811f1d21bca41469d919ee46e39be38d0205b13c
SHA256d38466167dc811512a0afd05c69b69d73dd453cb35193cc7bf719fb665cf33bb
SHA51246dcaa96902deedee5aece83706ce1ece8913eb069ccc007127c4435e026f916c3e08d443823b08182c490bbfae569b16dd126308dcba0c26392f89cb4197141
-
Filesize
72KB
MD5f07f44b85fc183423bcedfaaf7a88b92
SHA117173381efbe6fe534ac10e74d7dc00071bd4cc2
SHA2560dc0bd1120f64c4594a0b8975add86dbc78f326304e8323248a63177980fd451
SHA51246e8b44abb88d5b12fb01c02495291c6e965c739b1239541982025882e85c3e91fa6ee127c8f0619c2e53d3609bbbc246746d521f0fbcd0cf6f21aa7f691793f
-
Filesize
72KB
MD5f2beaa291d95300bb7d8094818103925
SHA138f760f4317f7cce7116559c63a20b3013d06520
SHA2565689cf73cc7e0513026679b672c91a5da04dded61be68df0a8d87596e640c368
SHA512bfa22b8ff49a6ea1befa584bf9b4608b4843c88d3370c4d4f3757cdb703bea1e98eea40a11af131ae7fed3425c04cf2a84a571e56e0da08188fb0be1b1e9ffef
-
Filesize
72KB
MD5f2beaa291d95300bb7d8094818103925
SHA138f760f4317f7cce7116559c63a20b3013d06520
SHA2565689cf73cc7e0513026679b672c91a5da04dded61be68df0a8d87596e640c368
SHA512bfa22b8ff49a6ea1befa584bf9b4608b4843c88d3370c4d4f3757cdb703bea1e98eea40a11af131ae7fed3425c04cf2a84a571e56e0da08188fb0be1b1e9ffef
-
Filesize
72KB
MD52c6c51813c1034e19ec1d055a95240f7
SHA17154a29090745e1dd10df486cd2896d0f57b572f
SHA25654dce2c24ba4bbc70fa3c97506b01060727755fd0ba46b3cdcfb515ad1efe590
SHA512e805421244283a59b0e12fd458f8f8525e3d433e9846e3751f3a3747c365a89597123abca966a0c46e6d5011cdbb72a7bf9d71e5861b9943bcf44ffd06a12ab8
-
Filesize
72KB
MD5f07f44b85fc183423bcedfaaf7a88b92
SHA117173381efbe6fe534ac10e74d7dc00071bd4cc2
SHA2560dc0bd1120f64c4594a0b8975add86dbc78f326304e8323248a63177980fd451
SHA51246e8b44abb88d5b12fb01c02495291c6e965c739b1239541982025882e85c3e91fa6ee127c8f0619c2e53d3609bbbc246746d521f0fbcd0cf6f21aa7f691793f
-
Filesize
72KB
MD5f07f44b85fc183423bcedfaaf7a88b92
SHA117173381efbe6fe534ac10e74d7dc00071bd4cc2
SHA2560dc0bd1120f64c4594a0b8975add86dbc78f326304e8323248a63177980fd451
SHA51246e8b44abb88d5b12fb01c02495291c6e965c739b1239541982025882e85c3e91fa6ee127c8f0619c2e53d3609bbbc246746d521f0fbcd0cf6f21aa7f691793f
-
Filesize
72KB
MD5c2c46147bbc1be42c46830b23936242f
SHA13c6ac1795acea0f5cdf24135733cc5070d35aac5
SHA256e9a09e7e7917deda3146c283a8f9442356758ac2b3e11a040f0dc603b38442cc
SHA5121ae0a4fe2af7ed4a54ff7c140cb622e494f1eaec5234790cb1235c9a5693132e9ccf1382a1e8f74f15170ea14125b0af412712200388a2fb929800544d6984a6
-
Filesize
72KB
MD5c2c46147bbc1be42c46830b23936242f
SHA13c6ac1795acea0f5cdf24135733cc5070d35aac5
SHA256e9a09e7e7917deda3146c283a8f9442356758ac2b3e11a040f0dc603b38442cc
SHA5121ae0a4fe2af7ed4a54ff7c140cb622e494f1eaec5234790cb1235c9a5693132e9ccf1382a1e8f74f15170ea14125b0af412712200388a2fb929800544d6984a6
-
Filesize
72KB
MD596c6f40af92dcf794e96bf04fe26fd95
SHA1db894a98f8010851094f4b8e998b2fca13544a7d
SHA256add8ed99cf06e21d4bcb39663cd8bcc141ee192cf2e30f08bfab7189b218d9e0
SHA512efe09da921ae24e54f1b7e0ebd713ff17c327d3ce324793f5d2fb3b2d62273d694e533552f9f07f8b655d8a90956bbf6c1ba1897c06dacdfd1f052399c116eb0
-
Filesize
72KB
MD596c6f40af92dcf794e96bf04fe26fd95
SHA1db894a98f8010851094f4b8e998b2fca13544a7d
SHA256add8ed99cf06e21d4bcb39663cd8bcc141ee192cf2e30f08bfab7189b218d9e0
SHA512efe09da921ae24e54f1b7e0ebd713ff17c327d3ce324793f5d2fb3b2d62273d694e533552f9f07f8b655d8a90956bbf6c1ba1897c06dacdfd1f052399c116eb0
-
Filesize
72KB
MD5924b3ff5a450033d8d0f12226ec53f7c
SHA1b54b5b232660a03eea238b9909a99a468c96f4ac
SHA25621c22ccbcee09e7140e80492d91318ec92f64e65fa90d49718213fa256071598
SHA512795175626ea469d31c12bc49e52e0d546021a8ba00f271fd5f060d55c4a4ab98fde9bf2645934a003cd915418808bab65f53f3a81275479d0fdde3e124bd5298
-
Filesize
72KB
MD5924b3ff5a450033d8d0f12226ec53f7c
SHA1b54b5b232660a03eea238b9909a99a468c96f4ac
SHA25621c22ccbcee09e7140e80492d91318ec92f64e65fa90d49718213fa256071598
SHA512795175626ea469d31c12bc49e52e0d546021a8ba00f271fd5f060d55c4a4ab98fde9bf2645934a003cd915418808bab65f53f3a81275479d0fdde3e124bd5298
-
Filesize
72KB
MD535ffc39d09010477bb7a91e897e315a4
SHA1309b0dafc905abdcd06ce79c40fae3c1e4cd4bcb
SHA25643e07966383aff827ebb5ecfb3c5bb625ce6f76b19bf7dc3813b031e41ace82a
SHA512332222f8a47f01727f7baa95170d9482b213ebc003709090fbf94f8b4fc864027ec40bc4e09c25a9d731b04679910b8e7f5c4ea18b2b94dd298e4662126bd68c
-
Filesize
72KB
MD535ffc39d09010477bb7a91e897e315a4
SHA1309b0dafc905abdcd06ce79c40fae3c1e4cd4bcb
SHA25643e07966383aff827ebb5ecfb3c5bb625ce6f76b19bf7dc3813b031e41ace82a
SHA512332222f8a47f01727f7baa95170d9482b213ebc003709090fbf94f8b4fc864027ec40bc4e09c25a9d731b04679910b8e7f5c4ea18b2b94dd298e4662126bd68c
-
Filesize
72KB
MD5b98ecf49a9b99c518a58387560f233ba
SHA1a9f212d34f2b23d1ad405ab018ebcc153929a8ff
SHA256eb39c50187602e0e6afccafe328970aa9c1cfd3d4123ea6e510b71a739d7a251
SHA512605600a9afbcae674456f299553a7bb7349d542fd046323416b2226a521fa1c1f524b32c75f751eef075436083532f5a0ca3b6386562e5de18422577d84b9b22
-
Filesize
72KB
MD5584b407e1e46eedcb447090c6a35387f
SHA1764a52fc1ac5d904b18ced1d6cc8aab76c871f9b
SHA2564aa53b73296746649b01a2b807470e8da8968fe1acf0658c1878713a100688b7
SHA512bceb4063ecbb64a01e6598024d556b0b1d6cd4add46a14aa7804b8794d8e4ba09b9ddb51db524e371b6c315e6afe75eb922ce72bba7baf71a4674e5b3e02a81d
-
Filesize
72KB
MD5460ee5167a7c3fedeef7ba0698a9b4d8
SHA1e4d97a8c0ebbf7456d9e00e943234fed101d9515
SHA256dca9c187f064127e72683e4681a9a2079a8ff8a593074fd12da45fa487a27b5e
SHA51234c9050835320732d7bf043cbdd9fdba29c4193079564f635d22794f91e7b81beee092a2f1549550034797d7534c4e97cf20d5205e93887af3148494bdb9f0e3
-
Filesize
72KB
MD5924b3ff5a450033d8d0f12226ec53f7c
SHA1b54b5b232660a03eea238b9909a99a468c96f4ac
SHA25621c22ccbcee09e7140e80492d91318ec92f64e65fa90d49718213fa256071598
SHA512795175626ea469d31c12bc49e52e0d546021a8ba00f271fd5f060d55c4a4ab98fde9bf2645934a003cd915418808bab65f53f3a81275479d0fdde3e124bd5298
-
Filesize
72KB
MD5460ee5167a7c3fedeef7ba0698a9b4d8
SHA1e4d97a8c0ebbf7456d9e00e943234fed101d9515
SHA256dca9c187f064127e72683e4681a9a2079a8ff8a593074fd12da45fa487a27b5e
SHA51234c9050835320732d7bf043cbdd9fdba29c4193079564f635d22794f91e7b81beee092a2f1549550034797d7534c4e97cf20d5205e93887af3148494bdb9f0e3
-
Filesize
72KB
MD5d8cc659362741a0e1a551b7782e02fb2
SHA1b5aab02f7addfaa5b82039c65bf80a0ded3bab01
SHA25681a23f9dcf7c54df21d5f49796b4ffca036ca426a5dca7ce8b2c7b061dc0a565
SHA512a685bc7bb06fca4b44099677bc2b9e80c200309c0ed0ed2fd812f2cb104fa09f7e03b5e55c994d62c6edb93bab486275d01cb5918f5a21ec068f2487f257e512
-
Filesize
72KB
MD5d8cc659362741a0e1a551b7782e02fb2
SHA1b5aab02f7addfaa5b82039c65bf80a0ded3bab01
SHA25681a23f9dcf7c54df21d5f49796b4ffca036ca426a5dca7ce8b2c7b061dc0a565
SHA512a685bc7bb06fca4b44099677bc2b9e80c200309c0ed0ed2fd812f2cb104fa09f7e03b5e55c994d62c6edb93bab486275d01cb5918f5a21ec068f2487f257e512
-
Filesize
72KB
MD5a8752060f006564d36e1aee0a1b15c32
SHA1e627f38b6d0c720be4e937b3912243db580064cf
SHA256ccd5d47386e207c18beecfcb9835b06985cdc1d46552f873b6c79c7244bf8797
SHA5129fe13cbd998f7afd1e8c2b65be5ce58657017edca1198eaa6b8609413cca825a0d4438398cc073e6985c7e59bddb9267dcc5655714922c52351f2b793a4cf02c
-
Filesize
72KB
MD5a8752060f006564d36e1aee0a1b15c32
SHA1e627f38b6d0c720be4e937b3912243db580064cf
SHA256ccd5d47386e207c18beecfcb9835b06985cdc1d46552f873b6c79c7244bf8797
SHA5129fe13cbd998f7afd1e8c2b65be5ce58657017edca1198eaa6b8609413cca825a0d4438398cc073e6985c7e59bddb9267dcc5655714922c52351f2b793a4cf02c
-
Filesize
72KB
MD596c6f40af92dcf794e96bf04fe26fd95
SHA1db894a98f8010851094f4b8e998b2fca13544a7d
SHA256add8ed99cf06e21d4bcb39663cd8bcc141ee192cf2e30f08bfab7189b218d9e0
SHA512efe09da921ae24e54f1b7e0ebd713ff17c327d3ce324793f5d2fb3b2d62273d694e533552f9f07f8b655d8a90956bbf6c1ba1897c06dacdfd1f052399c116eb0
-
Filesize
72KB
MD596c6f40af92dcf794e96bf04fe26fd95
SHA1db894a98f8010851094f4b8e998b2fca13544a7d
SHA256add8ed99cf06e21d4bcb39663cd8bcc141ee192cf2e30f08bfab7189b218d9e0
SHA512efe09da921ae24e54f1b7e0ebd713ff17c327d3ce324793f5d2fb3b2d62273d694e533552f9f07f8b655d8a90956bbf6c1ba1897c06dacdfd1f052399c116eb0
-
Filesize
72KB
MD5b51a36a6a41f134c3d3d7c14a75c2371
SHA15d306724a1d7b8423646c97c928eac7f45cc1054
SHA256dce3ea8f5068a98940ccc48c00e127e9511c0da64eb863d2df9dbe039cf0bcbd
SHA512ac6b730c4fbeb671204a30546dae50d3a75521526ffb449eb2835f6c2c7c545066688120ccf8d2c3dfd2907bf5230c657b66c5646cfa66a485ba7eb6d5304e77
-
Filesize
72KB
MD5b51a36a6a41f134c3d3d7c14a75c2371
SHA15d306724a1d7b8423646c97c928eac7f45cc1054
SHA256dce3ea8f5068a98940ccc48c00e127e9511c0da64eb863d2df9dbe039cf0bcbd
SHA512ac6b730c4fbeb671204a30546dae50d3a75521526ffb449eb2835f6c2c7c545066688120ccf8d2c3dfd2907bf5230c657b66c5646cfa66a485ba7eb6d5304e77
-
Filesize
72KB
MD50c7e26d7faf81bc3bd7d811c6d129245
SHA1811f1d21bca41469d919ee46e39be38d0205b13c
SHA256d38466167dc811512a0afd05c69b69d73dd453cb35193cc7bf719fb665cf33bb
SHA51246dcaa96902deedee5aece83706ce1ece8913eb069ccc007127c4435e026f916c3e08d443823b08182c490bbfae569b16dd126308dcba0c26392f89cb4197141
-
Filesize
72KB
MD50c7e26d7faf81bc3bd7d811c6d129245
SHA1811f1d21bca41469d919ee46e39be38d0205b13c
SHA256d38466167dc811512a0afd05c69b69d73dd453cb35193cc7bf719fb665cf33bb
SHA51246dcaa96902deedee5aece83706ce1ece8913eb069ccc007127c4435e026f916c3e08d443823b08182c490bbfae569b16dd126308dcba0c26392f89cb4197141
-
Filesize
72KB
MD5f07f44b85fc183423bcedfaaf7a88b92
SHA117173381efbe6fe534ac10e74d7dc00071bd4cc2
SHA2560dc0bd1120f64c4594a0b8975add86dbc78f326304e8323248a63177980fd451
SHA51246e8b44abb88d5b12fb01c02495291c6e965c739b1239541982025882e85c3e91fa6ee127c8f0619c2e53d3609bbbc246746d521f0fbcd0cf6f21aa7f691793f
-
Filesize
72KB
MD5f07f44b85fc183423bcedfaaf7a88b92
SHA117173381efbe6fe534ac10e74d7dc00071bd4cc2
SHA2560dc0bd1120f64c4594a0b8975add86dbc78f326304e8323248a63177980fd451
SHA51246e8b44abb88d5b12fb01c02495291c6e965c739b1239541982025882e85c3e91fa6ee127c8f0619c2e53d3609bbbc246746d521f0fbcd0cf6f21aa7f691793f
-
Filesize
72KB
MD5f2beaa291d95300bb7d8094818103925
SHA138f760f4317f7cce7116559c63a20b3013d06520
SHA2565689cf73cc7e0513026679b672c91a5da04dded61be68df0a8d87596e640c368
SHA512bfa22b8ff49a6ea1befa584bf9b4608b4843c88d3370c4d4f3757cdb703bea1e98eea40a11af131ae7fed3425c04cf2a84a571e56e0da08188fb0be1b1e9ffef
-
Filesize
72KB
MD5f2beaa291d95300bb7d8094818103925
SHA138f760f4317f7cce7116559c63a20b3013d06520
SHA2565689cf73cc7e0513026679b672c91a5da04dded61be68df0a8d87596e640c368
SHA512bfa22b8ff49a6ea1befa584bf9b4608b4843c88d3370c4d4f3757cdb703bea1e98eea40a11af131ae7fed3425c04cf2a84a571e56e0da08188fb0be1b1e9ffef
-
Filesize
72KB
MD52c6c51813c1034e19ec1d055a95240f7
SHA17154a29090745e1dd10df486cd2896d0f57b572f
SHA25654dce2c24ba4bbc70fa3c97506b01060727755fd0ba46b3cdcfb515ad1efe590
SHA512e805421244283a59b0e12fd458f8f8525e3d433e9846e3751f3a3747c365a89597123abca966a0c46e6d5011cdbb72a7bf9d71e5861b9943bcf44ffd06a12ab8
-
Filesize
72KB
MD52c6c51813c1034e19ec1d055a95240f7
SHA17154a29090745e1dd10df486cd2896d0f57b572f
SHA25654dce2c24ba4bbc70fa3c97506b01060727755fd0ba46b3cdcfb515ad1efe590
SHA512e805421244283a59b0e12fd458f8f8525e3d433e9846e3751f3a3747c365a89597123abca966a0c46e6d5011cdbb72a7bf9d71e5861b9943bcf44ffd06a12ab8
-
Filesize
72KB
MD5f07f44b85fc183423bcedfaaf7a88b92
SHA117173381efbe6fe534ac10e74d7dc00071bd4cc2
SHA2560dc0bd1120f64c4594a0b8975add86dbc78f326304e8323248a63177980fd451
SHA51246e8b44abb88d5b12fb01c02495291c6e965c739b1239541982025882e85c3e91fa6ee127c8f0619c2e53d3609bbbc246746d521f0fbcd0cf6f21aa7f691793f
-
Filesize
72KB
MD5f07f44b85fc183423bcedfaaf7a88b92
SHA117173381efbe6fe534ac10e74d7dc00071bd4cc2
SHA2560dc0bd1120f64c4594a0b8975add86dbc78f326304e8323248a63177980fd451
SHA51246e8b44abb88d5b12fb01c02495291c6e965c739b1239541982025882e85c3e91fa6ee127c8f0619c2e53d3609bbbc246746d521f0fbcd0cf6f21aa7f691793f
-
Filesize
72KB
MD52c6c51813c1034e19ec1d055a95240f7
SHA17154a29090745e1dd10df486cd2896d0f57b572f
SHA25654dce2c24ba4bbc70fa3c97506b01060727755fd0ba46b3cdcfb515ad1efe590
SHA512e805421244283a59b0e12fd458f8f8525e3d433e9846e3751f3a3747c365a89597123abca966a0c46e6d5011cdbb72a7bf9d71e5861b9943bcf44ffd06a12ab8
-
Filesize
72KB
MD5c2c46147bbc1be42c46830b23936242f
SHA13c6ac1795acea0f5cdf24135733cc5070d35aac5
SHA256e9a09e7e7917deda3146c283a8f9442356758ac2b3e11a040f0dc603b38442cc
SHA5121ae0a4fe2af7ed4a54ff7c140cb622e494f1eaec5234790cb1235c9a5693132e9ccf1382a1e8f74f15170ea14125b0af412712200388a2fb929800544d6984a6
-
Filesize
72KB
MD5c2c46147bbc1be42c46830b23936242f
SHA13c6ac1795acea0f5cdf24135733cc5070d35aac5
SHA256e9a09e7e7917deda3146c283a8f9442356758ac2b3e11a040f0dc603b38442cc
SHA5121ae0a4fe2af7ed4a54ff7c140cb622e494f1eaec5234790cb1235c9a5693132e9ccf1382a1e8f74f15170ea14125b0af412712200388a2fb929800544d6984a6
-
Filesize
72KB
MD596c6f40af92dcf794e96bf04fe26fd95
SHA1db894a98f8010851094f4b8e998b2fca13544a7d
SHA256add8ed99cf06e21d4bcb39663cd8bcc141ee192cf2e30f08bfab7189b218d9e0
SHA512efe09da921ae24e54f1b7e0ebd713ff17c327d3ce324793f5d2fb3b2d62273d694e533552f9f07f8b655d8a90956bbf6c1ba1897c06dacdfd1f052399c116eb0
-
Filesize
72KB
MD596c6f40af92dcf794e96bf04fe26fd95
SHA1db894a98f8010851094f4b8e998b2fca13544a7d
SHA256add8ed99cf06e21d4bcb39663cd8bcc141ee192cf2e30f08bfab7189b218d9e0
SHA512efe09da921ae24e54f1b7e0ebd713ff17c327d3ce324793f5d2fb3b2d62273d694e533552f9f07f8b655d8a90956bbf6c1ba1897c06dacdfd1f052399c116eb0
-
Filesize
72KB
MD5924b3ff5a450033d8d0f12226ec53f7c
SHA1b54b5b232660a03eea238b9909a99a468c96f4ac
SHA25621c22ccbcee09e7140e80492d91318ec92f64e65fa90d49718213fa256071598
SHA512795175626ea469d31c12bc49e52e0d546021a8ba00f271fd5f060d55c4a4ab98fde9bf2645934a003cd915418808bab65f53f3a81275479d0fdde3e124bd5298
-
Filesize
72KB
MD5924b3ff5a450033d8d0f12226ec53f7c
SHA1b54b5b232660a03eea238b9909a99a468c96f4ac
SHA25621c22ccbcee09e7140e80492d91318ec92f64e65fa90d49718213fa256071598
SHA512795175626ea469d31c12bc49e52e0d546021a8ba00f271fd5f060d55c4a4ab98fde9bf2645934a003cd915418808bab65f53f3a81275479d0fdde3e124bd5298
-
Filesize
72KB
MD535ffc39d09010477bb7a91e897e315a4
SHA1309b0dafc905abdcd06ce79c40fae3c1e4cd4bcb
SHA25643e07966383aff827ebb5ecfb3c5bb625ce6f76b19bf7dc3813b031e41ace82a
SHA512332222f8a47f01727f7baa95170d9482b213ebc003709090fbf94f8b4fc864027ec40bc4e09c25a9d731b04679910b8e7f5c4ea18b2b94dd298e4662126bd68c
-
Filesize
72KB
MD535ffc39d09010477bb7a91e897e315a4
SHA1309b0dafc905abdcd06ce79c40fae3c1e4cd4bcb
SHA25643e07966383aff827ebb5ecfb3c5bb625ce6f76b19bf7dc3813b031e41ace82a
SHA512332222f8a47f01727f7baa95170d9482b213ebc003709090fbf94f8b4fc864027ec40bc4e09c25a9d731b04679910b8e7f5c4ea18b2b94dd298e4662126bd68c
-
Filesize
72KB
MD535ffc39d09010477bb7a91e897e315a4
SHA1309b0dafc905abdcd06ce79c40fae3c1e4cd4bcb
SHA25643e07966383aff827ebb5ecfb3c5bb625ce6f76b19bf7dc3813b031e41ace82a
SHA512332222f8a47f01727f7baa95170d9482b213ebc003709090fbf94f8b4fc864027ec40bc4e09c25a9d731b04679910b8e7f5c4ea18b2b94dd298e4662126bd68c
-
Filesize
72KB
MD535ffc39d09010477bb7a91e897e315a4
SHA1309b0dafc905abdcd06ce79c40fae3c1e4cd4bcb
SHA25643e07966383aff827ebb5ecfb3c5bb625ce6f76b19bf7dc3813b031e41ace82a
SHA512332222f8a47f01727f7baa95170d9482b213ebc003709090fbf94f8b4fc864027ec40bc4e09c25a9d731b04679910b8e7f5c4ea18b2b94dd298e4662126bd68c
-
Filesize
72KB
MD5b98ecf49a9b99c518a58387560f233ba
SHA1a9f212d34f2b23d1ad405ab018ebcc153929a8ff
SHA256eb39c50187602e0e6afccafe328970aa9c1cfd3d4123ea6e510b71a739d7a251
SHA512605600a9afbcae674456f299553a7bb7349d542fd046323416b2226a521fa1c1f524b32c75f751eef075436083532f5a0ca3b6386562e5de18422577d84b9b22
-
Filesize
72KB
MD5b98ecf49a9b99c518a58387560f233ba
SHA1a9f212d34f2b23d1ad405ab018ebcc153929a8ff
SHA256eb39c50187602e0e6afccafe328970aa9c1cfd3d4123ea6e510b71a739d7a251
SHA512605600a9afbcae674456f299553a7bb7349d542fd046323416b2226a521fa1c1f524b32c75f751eef075436083532f5a0ca3b6386562e5de18422577d84b9b22
-
Filesize
72KB
MD5584b407e1e46eedcb447090c6a35387f
SHA1764a52fc1ac5d904b18ced1d6cc8aab76c871f9b
SHA2564aa53b73296746649b01a2b807470e8da8968fe1acf0658c1878713a100688b7
SHA512bceb4063ecbb64a01e6598024d556b0b1d6cd4add46a14aa7804b8794d8e4ba09b9ddb51db524e371b6c315e6afe75eb922ce72bba7baf71a4674e5b3e02a81d
-
Filesize
72KB
MD5584b407e1e46eedcb447090c6a35387f
SHA1764a52fc1ac5d904b18ced1d6cc8aab76c871f9b
SHA2564aa53b73296746649b01a2b807470e8da8968fe1acf0658c1878713a100688b7
SHA512bceb4063ecbb64a01e6598024d556b0b1d6cd4add46a14aa7804b8794d8e4ba09b9ddb51db524e371b6c315e6afe75eb922ce72bba7baf71a4674e5b3e02a81d
-
Filesize
72KB
MD5460ee5167a7c3fedeef7ba0698a9b4d8
SHA1e4d97a8c0ebbf7456d9e00e943234fed101d9515
SHA256dca9c187f064127e72683e4681a9a2079a8ff8a593074fd12da45fa487a27b5e
SHA51234c9050835320732d7bf043cbdd9fdba29c4193079564f635d22794f91e7b81beee092a2f1549550034797d7534c4e97cf20d5205e93887af3148494bdb9f0e3
-
Filesize
72KB
MD5460ee5167a7c3fedeef7ba0698a9b4d8
SHA1e4d97a8c0ebbf7456d9e00e943234fed101d9515
SHA256dca9c187f064127e72683e4681a9a2079a8ff8a593074fd12da45fa487a27b5e
SHA51234c9050835320732d7bf043cbdd9fdba29c4193079564f635d22794f91e7b81beee092a2f1549550034797d7534c4e97cf20d5205e93887af3148494bdb9f0e3
-
Filesize
72KB
MD5924b3ff5a450033d8d0f12226ec53f7c
SHA1b54b5b232660a03eea238b9909a99a468c96f4ac
SHA25621c22ccbcee09e7140e80492d91318ec92f64e65fa90d49718213fa256071598
SHA512795175626ea469d31c12bc49e52e0d546021a8ba00f271fd5f060d55c4a4ab98fde9bf2645934a003cd915418808bab65f53f3a81275479d0fdde3e124bd5298
-
Filesize
72KB
MD5924b3ff5a450033d8d0f12226ec53f7c
SHA1b54b5b232660a03eea238b9909a99a468c96f4ac
SHA25621c22ccbcee09e7140e80492d91318ec92f64e65fa90d49718213fa256071598
SHA512795175626ea469d31c12bc49e52e0d546021a8ba00f271fd5f060d55c4a4ab98fde9bf2645934a003cd915418808bab65f53f3a81275479d0fdde3e124bd5298
-
Filesize
72KB
MD5460ee5167a7c3fedeef7ba0698a9b4d8
SHA1e4d97a8c0ebbf7456d9e00e943234fed101d9515
SHA256dca9c187f064127e72683e4681a9a2079a8ff8a593074fd12da45fa487a27b5e
SHA51234c9050835320732d7bf043cbdd9fdba29c4193079564f635d22794f91e7b81beee092a2f1549550034797d7534c4e97cf20d5205e93887af3148494bdb9f0e3
-
Filesize
72KB
MD5460ee5167a7c3fedeef7ba0698a9b4d8
SHA1e4d97a8c0ebbf7456d9e00e943234fed101d9515
SHA256dca9c187f064127e72683e4681a9a2079a8ff8a593074fd12da45fa487a27b5e
SHA51234c9050835320732d7bf043cbdd9fdba29c4193079564f635d22794f91e7b81beee092a2f1549550034797d7534c4e97cf20d5205e93887af3148494bdb9f0e3
-
Filesize
8KB
-
Filesize
8KB