Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
31-10-2023 08:53
General
-
Target
NEAS.4281d0687fcf15d4f8156623312d4b40.exe
-
Size
338KB
-
MD5
4281d0687fcf15d4f8156623312d4b40
-
SHA1
c4d5f76bde447dcacf02b5c9e2548264ea040185
-
SHA256
9c4f867e41abd23971d14831f2e2b70e382d91b77b32a8782ac4ed284b73b6a1
-
SHA512
c156209007ee3ddf065f25ab9294a40276bbbb6f754c477d1a79d6f79792ff20d32d796682c20a3536cae78377de38a360a60d29020c514a21ffa7e325004d86
-
SSDEEP
3072:BmVwRKCrIYlW9dLKEl4MC0iFixWS1WC2P9/Kv9:BmVn6O4Ep3s7BZe
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.4281d0687fcf15d4f8156623312d4b40.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.4281d0687fcf15d4f8156623312d4b40.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\3061027725\backup.exeC:\Users\Admin\AppData\Local\Temp\3061027725\backup.exe C:\Users\Admin\AppData\Local\Temp\3061027725\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\System Restore.exe"C:\Program Files\Common Files\System\it-IT\System Restore.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
-
-
-
C:\Program Files\Internet Explorer\System Restore.exe"C:\Program Files\Internet Explorer\System Restore.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
-
C:\Program Files\Windows Defender\backup.exe"C:\Program Files\Windows Defender\backup.exe" C:\Program Files\Windows Defender\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
-
C:\Program Files (x86)\Microsoft.NET\backup.exe"C:\Program Files (x86)\Microsoft.NET\backup.exe" C:\Program Files (x86)\Microsoft.NET\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
338KB
MD5717204e5b170a1f0dafdce25b8e9d4f4
SHA16a7a1763a7ea2b8d6398c95c68955da6c02d9a7f
SHA256f3b7afe7721701525f73809c41bef4a558611b0fd92ecffd5ac8b85232460ad7
SHA512f5aef121cb5f186fc5cd90ad135c36bc349061f14a2cc75c06f507abb0e3c3a75308faaf31ce4b41a0cbbd36507c26266f91016b2e7667a8421a18ae15e77088
-
Filesize
338KB
MD5c531927b01be6b5e4e99d88c4f23fd11
SHA1d05072471ce62ee306f8a639030fc1759d58606b
SHA2564441d3ee2e20c5682fa5ddc05701a5939b53febf7bc607ea0014108080ce26f4
SHA512b96e811b07c55edc9b1ec83c73172ba8d9d40a79b1dc4ba9047441e1fa7fbdc951738edd46d09041e2a57018edd465a2c69b0898a4b9ccd5fd376570a2b32964
-
Filesize
338KB
MD5c531927b01be6b5e4e99d88c4f23fd11
SHA1d05072471ce62ee306f8a639030fc1759d58606b
SHA2564441d3ee2e20c5682fa5ddc05701a5939b53febf7bc607ea0014108080ce26f4
SHA512b96e811b07c55edc9b1ec83c73172ba8d9d40a79b1dc4ba9047441e1fa7fbdc951738edd46d09041e2a57018edd465a2c69b0898a4b9ccd5fd376570a2b32964
-
Filesize
338KB
MD532a8ee174075fedb2bd028bc4de6f6ab
SHA14b9a53a390ae51a72cf4239f093ed8283c7409db
SHA25636f24b129fd5db5ac74e36e530774f06800b0b6ec239618200a86ef3f817d195
SHA512055f31f4b8eada1ce3839ad048f6e74fc6965d896b7638f75aac0d72f665ff0062a70d0f7ce18f436d25dc8df450f572b47e3680d77e4d932d00687604599618
-
Filesize
338KB
MD5690ce2855223ab1895bced93ab41c56c
SHA14e68e51812824af712e6f24102a416e3ce892130
SHA256cfbaa96e7451ba264ea5c3ea8987a2e25b4eda1fa4f506747d70046dcf233f03
SHA512ff6fee7c5cac86a5bafae33bdf153239a6575e6eaa4894d89e3efdd8edf9bdfad89a2baa404dcf90068262655332561cc3f9043b368dfa7d7ee97069806953b8
-
Filesize
338KB
MD5690ce2855223ab1895bced93ab41c56c
SHA14e68e51812824af712e6f24102a416e3ce892130
SHA256cfbaa96e7451ba264ea5c3ea8987a2e25b4eda1fa4f506747d70046dcf233f03
SHA512ff6fee7c5cac86a5bafae33bdf153239a6575e6eaa4894d89e3efdd8edf9bdfad89a2baa404dcf90068262655332561cc3f9043b368dfa7d7ee97069806953b8
-
Filesize
338KB
MD56915f8d9fdd9a74d647af07fc78af319
SHA12847ba713267091a8ba2ab4e530a6053c5edf153
SHA2561573ff20667199620a99d9e7bec3cd3904198cf6082e6f3208e81d47abb591db
SHA51246b9f6c8277a5b3102b4fb5d9c8ad1d246726e66809632a6184f22be12c6198762bd4cbec35dcd48af77393aa6a90c36c701cef5ab778c1b949f3d13872bdb70
-
Filesize
338KB
MD59e6cdb36e54dca3f87430e8c230f41da
SHA156318379829cbb9fd29ccd7a012754a20e225919
SHA256d7a7d9c09df5a68271185b9d938599f1e58dea2b17ef1a363eda969c71411a68
SHA5127d05b2730e06ac2e4710e156ad949678455e556b2530ecdb1e0f7723ace0ee328b96ffbef44a202d9b3d0c509ce2cfaf7e32275e8db0f4bee997adfa824913cd
-
Filesize
338KB
MD59e6cdb36e54dca3f87430e8c230f41da
SHA156318379829cbb9fd29ccd7a012754a20e225919
SHA256d7a7d9c09df5a68271185b9d938599f1e58dea2b17ef1a363eda969c71411a68
SHA5127d05b2730e06ac2e4710e156ad949678455e556b2530ecdb1e0f7723ace0ee328b96ffbef44a202d9b3d0c509ce2cfaf7e32275e8db0f4bee997adfa824913cd
-
Filesize
338KB
MD5c2cda2c916f5b7e062317b77cf32ad72
SHA11583dedf389b61d6629b302b560e5b3d88b8a372
SHA256b43cd0b39f8ac7ffd4ab03561f5fb6662868ebdc733d3a956eacb57643526331
SHA51211203420b0f8066baee0dc8da360a5a1a8c6bcb502cfdc3ec4f27a6536d79736c580537acd0b012b002ca5c2da6c72fc7e04675d3e8971c192ed8a1d7cd5241e
-
Filesize
338KB
MD56915f8d9fdd9a74d647af07fc78af319
SHA12847ba713267091a8ba2ab4e530a6053c5edf153
SHA2561573ff20667199620a99d9e7bec3cd3904198cf6082e6f3208e81d47abb591db
SHA51246b9f6c8277a5b3102b4fb5d9c8ad1d246726e66809632a6184f22be12c6198762bd4cbec35dcd48af77393aa6a90c36c701cef5ab778c1b949f3d13872bdb70
-
Filesize
338KB
MD56915f8d9fdd9a74d647af07fc78af319
SHA12847ba713267091a8ba2ab4e530a6053c5edf153
SHA2561573ff20667199620a99d9e7bec3cd3904198cf6082e6f3208e81d47abb591db
SHA51246b9f6c8277a5b3102b4fb5d9c8ad1d246726e66809632a6184f22be12c6198762bd4cbec35dcd48af77393aa6a90c36c701cef5ab778c1b949f3d13872bdb70
-
Filesize
338KB
MD5c579e3ab0710bd69c0718ac53bc6ef66
SHA17a65fa30b602553e43231d48b46cdac36d34b032
SHA256165f451610a01a7963beef076feff74db5961b364f4d8eb073300eef97bc06da
SHA512e94bf2a462b009ff200316d5cc6af09f73cc47e94913a72768db9235cd55b1fd4cf377be70a968f01947c36cc862b9b572f448e15c3c95892bfa78123f3b842a
-
Filesize
338KB
MD55fc4220b718722fb1767b9eba27b31e9
SHA16777f593b35ac8430e2b03c92d1e0341cd329e90
SHA25648aedd0aa7aa07cfe0254e0953cfdaf7fc8961250cbc9dbc7ee4a2a96e471b85
SHA512152788ffa12c77aa125ecc41972899cac23420d81cdfc53a25344a319899c594a9e4f22d55c4c41e25a261b359913ca59a18183146a5faa94ce65b0b3e6053e0
-
Filesize
338KB
MD55fc4220b718722fb1767b9eba27b31e9
SHA16777f593b35ac8430e2b03c92d1e0341cd329e90
SHA25648aedd0aa7aa07cfe0254e0953cfdaf7fc8961250cbc9dbc7ee4a2a96e471b85
SHA512152788ffa12c77aa125ecc41972899cac23420d81cdfc53a25344a319899c594a9e4f22d55c4c41e25a261b359913ca59a18183146a5faa94ce65b0b3e6053e0
-
Filesize
338KB
MD55789742de903d3e4687058733646a6de
SHA1a9f898f0465a1e52c318dc74d58494ff4a8586c0
SHA256ebd9fc65d9dc453911b72958c17561341d66b071771306eb5e10d5147362edd8
SHA512ca386a60c3ca28754d7e4de6baed3b8021f3bac46cd102672adee75e5ecac21e290003519620a2b22de1f3cbbc9136b1454d198ade67db099979824467b28a30
-
Filesize
338KB
MD55789742de903d3e4687058733646a6de
SHA1a9f898f0465a1e52c318dc74d58494ff4a8586c0
SHA256ebd9fc65d9dc453911b72958c17561341d66b071771306eb5e10d5147362edd8
SHA512ca386a60c3ca28754d7e4de6baed3b8021f3bac46cd102672adee75e5ecac21e290003519620a2b22de1f3cbbc9136b1454d198ade67db099979824467b28a30
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD5fc57e0a854eda36a85cd4b10a50c89d9
SHA11f7eb080d17e1e6b66bc07dd21d96b654da093ee
SHA25638fa798f92140e394a4829337f1df75fc8b636a5aa7549c718190c45ca8f4a3e
SHA5129c93313520e339142334e9671a7a6a3895ee467e44486f336ac47efe797722523e282175dc63e31e0ff9af492817fcbbf4ba97d16a5718273c385c3da46ee57c
-
Filesize
338KB
MD5fc57e0a854eda36a85cd4b10a50c89d9
SHA11f7eb080d17e1e6b66bc07dd21d96b654da093ee
SHA25638fa798f92140e394a4829337f1df75fc8b636a5aa7549c718190c45ca8f4a3e
SHA5129c93313520e339142334e9671a7a6a3895ee467e44486f336ac47efe797722523e282175dc63e31e0ff9af492817fcbbf4ba97d16a5718273c385c3da46ee57c
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD5fc57e0a854eda36a85cd4b10a50c89d9
SHA11f7eb080d17e1e6b66bc07dd21d96b654da093ee
SHA25638fa798f92140e394a4829337f1df75fc8b636a5aa7549c718190c45ca8f4a3e
SHA5129c93313520e339142334e9671a7a6a3895ee467e44486f336ac47efe797722523e282175dc63e31e0ff9af492817fcbbf4ba97d16a5718273c385c3da46ee57c
-
Filesize
105KB
MD5820eb987308abb31b0580b86f94e97a9
SHA1ad8680433d0f8ca36f15e08ff860c0b0ceddaa3e
SHA25684fb888a7efe563a4a7c493aa3a0156726f62f63ef571c97af3a07d8cf58243f
SHA51207cdc9ccbae3c3fd565032f4b9021a8d799a43cc255ff233c0e2e4eea0a9353980add0b274c54715c0260e6f04557675e6229f9664ce4ffd10b05b43e12dab33
-
Filesize
22B
MD576cdb2bad9582d23c1f6f4d868218d6c
SHA1b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA2568739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA5125e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f
-
Filesize
338KB
MD5c8c06bbbf8c8ddd06d2bbe03f28bff99
SHA1e3ec1e6902eaf49dbb99e53110f31b9f082def52
SHA25665ae6a5ff2f85f3f0bac662995f43b5848087de3e372847c1e9abc8d615a2c11
SHA51242b35d010a3c7a05052319455f1e6faa488d9e2d8ba3ad3bab71ad8603097a3a04434d601623e45c57e4cf365bcd57ea04642bb3412a9f461cf1e89643fdfcff
-
Filesize
338KB
MD5c8c06bbbf8c8ddd06d2bbe03f28bff99
SHA1e3ec1e6902eaf49dbb99e53110f31b9f082def52
SHA25665ae6a5ff2f85f3f0bac662995f43b5848087de3e372847c1e9abc8d615a2c11
SHA51242b35d010a3c7a05052319455f1e6faa488d9e2d8ba3ad3bab71ad8603097a3a04434d601623e45c57e4cf365bcd57ea04642bb3412a9f461cf1e89643fdfcff
-
Filesize
338KB
MD5717204e5b170a1f0dafdce25b8e9d4f4
SHA16a7a1763a7ea2b8d6398c95c68955da6c02d9a7f
SHA256f3b7afe7721701525f73809c41bef4a558611b0fd92ecffd5ac8b85232460ad7
SHA512f5aef121cb5f186fc5cd90ad135c36bc349061f14a2cc75c06f507abb0e3c3a75308faaf31ce4b41a0cbbd36507c26266f91016b2e7667a8421a18ae15e77088
-
Filesize
338KB
MD5717204e5b170a1f0dafdce25b8e9d4f4
SHA16a7a1763a7ea2b8d6398c95c68955da6c02d9a7f
SHA256f3b7afe7721701525f73809c41bef4a558611b0fd92ecffd5ac8b85232460ad7
SHA512f5aef121cb5f186fc5cd90ad135c36bc349061f14a2cc75c06f507abb0e3c3a75308faaf31ce4b41a0cbbd36507c26266f91016b2e7667a8421a18ae15e77088
-
Filesize
338KB
MD5c531927b01be6b5e4e99d88c4f23fd11
SHA1d05072471ce62ee306f8a639030fc1759d58606b
SHA2564441d3ee2e20c5682fa5ddc05701a5939b53febf7bc607ea0014108080ce26f4
SHA512b96e811b07c55edc9b1ec83c73172ba8d9d40a79b1dc4ba9047441e1fa7fbdc951738edd46d09041e2a57018edd465a2c69b0898a4b9ccd5fd376570a2b32964
-
Filesize
338KB
MD5c531927b01be6b5e4e99d88c4f23fd11
SHA1d05072471ce62ee306f8a639030fc1759d58606b
SHA2564441d3ee2e20c5682fa5ddc05701a5939b53febf7bc607ea0014108080ce26f4
SHA512b96e811b07c55edc9b1ec83c73172ba8d9d40a79b1dc4ba9047441e1fa7fbdc951738edd46d09041e2a57018edd465a2c69b0898a4b9ccd5fd376570a2b32964
-
Filesize
338KB
MD532a8ee174075fedb2bd028bc4de6f6ab
SHA14b9a53a390ae51a72cf4239f093ed8283c7409db
SHA25636f24b129fd5db5ac74e36e530774f06800b0b6ec239618200a86ef3f817d195
SHA512055f31f4b8eada1ce3839ad048f6e74fc6965d896b7638f75aac0d72f665ff0062a70d0f7ce18f436d25dc8df450f572b47e3680d77e4d932d00687604599618
-
Filesize
338KB
MD532a8ee174075fedb2bd028bc4de6f6ab
SHA14b9a53a390ae51a72cf4239f093ed8283c7409db
SHA25636f24b129fd5db5ac74e36e530774f06800b0b6ec239618200a86ef3f817d195
SHA512055f31f4b8eada1ce3839ad048f6e74fc6965d896b7638f75aac0d72f665ff0062a70d0f7ce18f436d25dc8df450f572b47e3680d77e4d932d00687604599618
-
Filesize
338KB
MD5690ce2855223ab1895bced93ab41c56c
SHA14e68e51812824af712e6f24102a416e3ce892130
SHA256cfbaa96e7451ba264ea5c3ea8987a2e25b4eda1fa4f506747d70046dcf233f03
SHA512ff6fee7c5cac86a5bafae33bdf153239a6575e6eaa4894d89e3efdd8edf9bdfad89a2baa404dcf90068262655332561cc3f9043b368dfa7d7ee97069806953b8
-
Filesize
338KB
MD5690ce2855223ab1895bced93ab41c56c
SHA14e68e51812824af712e6f24102a416e3ce892130
SHA256cfbaa96e7451ba264ea5c3ea8987a2e25b4eda1fa4f506747d70046dcf233f03
SHA512ff6fee7c5cac86a5bafae33bdf153239a6575e6eaa4894d89e3efdd8edf9bdfad89a2baa404dcf90068262655332561cc3f9043b368dfa7d7ee97069806953b8
-
Filesize
338KB
MD56915f8d9fdd9a74d647af07fc78af319
SHA12847ba713267091a8ba2ab4e530a6053c5edf153
SHA2561573ff20667199620a99d9e7bec3cd3904198cf6082e6f3208e81d47abb591db
SHA51246b9f6c8277a5b3102b4fb5d9c8ad1d246726e66809632a6184f22be12c6198762bd4cbec35dcd48af77393aa6a90c36c701cef5ab778c1b949f3d13872bdb70
-
Filesize
338KB
MD56915f8d9fdd9a74d647af07fc78af319
SHA12847ba713267091a8ba2ab4e530a6053c5edf153
SHA2561573ff20667199620a99d9e7bec3cd3904198cf6082e6f3208e81d47abb591db
SHA51246b9f6c8277a5b3102b4fb5d9c8ad1d246726e66809632a6184f22be12c6198762bd4cbec35dcd48af77393aa6a90c36c701cef5ab778c1b949f3d13872bdb70
-
Filesize
338KB
MD59e6cdb36e54dca3f87430e8c230f41da
SHA156318379829cbb9fd29ccd7a012754a20e225919
SHA256d7a7d9c09df5a68271185b9d938599f1e58dea2b17ef1a363eda969c71411a68
SHA5127d05b2730e06ac2e4710e156ad949678455e556b2530ecdb1e0f7723ace0ee328b96ffbef44a202d9b3d0c509ce2cfaf7e32275e8db0f4bee997adfa824913cd
-
Filesize
338KB
MD59e6cdb36e54dca3f87430e8c230f41da
SHA156318379829cbb9fd29ccd7a012754a20e225919
SHA256d7a7d9c09df5a68271185b9d938599f1e58dea2b17ef1a363eda969c71411a68
SHA5127d05b2730e06ac2e4710e156ad949678455e556b2530ecdb1e0f7723ace0ee328b96ffbef44a202d9b3d0c509ce2cfaf7e32275e8db0f4bee997adfa824913cd
-
Filesize
338KB
MD5c2cda2c916f5b7e062317b77cf32ad72
SHA11583dedf389b61d6629b302b560e5b3d88b8a372
SHA256b43cd0b39f8ac7ffd4ab03561f5fb6662868ebdc733d3a956eacb57643526331
SHA51211203420b0f8066baee0dc8da360a5a1a8c6bcb502cfdc3ec4f27a6536d79736c580537acd0b012b002ca5c2da6c72fc7e04675d3e8971c192ed8a1d7cd5241e
-
Filesize
338KB
MD5c2cda2c916f5b7e062317b77cf32ad72
SHA11583dedf389b61d6629b302b560e5b3d88b8a372
SHA256b43cd0b39f8ac7ffd4ab03561f5fb6662868ebdc733d3a956eacb57643526331
SHA51211203420b0f8066baee0dc8da360a5a1a8c6bcb502cfdc3ec4f27a6536d79736c580537acd0b012b002ca5c2da6c72fc7e04675d3e8971c192ed8a1d7cd5241e
-
Filesize
338KB
MD56915f8d9fdd9a74d647af07fc78af319
SHA12847ba713267091a8ba2ab4e530a6053c5edf153
SHA2561573ff20667199620a99d9e7bec3cd3904198cf6082e6f3208e81d47abb591db
SHA51246b9f6c8277a5b3102b4fb5d9c8ad1d246726e66809632a6184f22be12c6198762bd4cbec35dcd48af77393aa6a90c36c701cef5ab778c1b949f3d13872bdb70
-
Filesize
338KB
MD56915f8d9fdd9a74d647af07fc78af319
SHA12847ba713267091a8ba2ab4e530a6053c5edf153
SHA2561573ff20667199620a99d9e7bec3cd3904198cf6082e6f3208e81d47abb591db
SHA51246b9f6c8277a5b3102b4fb5d9c8ad1d246726e66809632a6184f22be12c6198762bd4cbec35dcd48af77393aa6a90c36c701cef5ab778c1b949f3d13872bdb70
-
Filesize
338KB
MD5c579e3ab0710bd69c0718ac53bc6ef66
SHA17a65fa30b602553e43231d48b46cdac36d34b032
SHA256165f451610a01a7963beef076feff74db5961b364f4d8eb073300eef97bc06da
SHA512e94bf2a462b009ff200316d5cc6af09f73cc47e94913a72768db9235cd55b1fd4cf377be70a968f01947c36cc862b9b572f448e15c3c95892bfa78123f3b842a
-
Filesize
338KB
MD5c579e3ab0710bd69c0718ac53bc6ef66
SHA17a65fa30b602553e43231d48b46cdac36d34b032
SHA256165f451610a01a7963beef076feff74db5961b364f4d8eb073300eef97bc06da
SHA512e94bf2a462b009ff200316d5cc6af09f73cc47e94913a72768db9235cd55b1fd4cf377be70a968f01947c36cc862b9b572f448e15c3c95892bfa78123f3b842a
-
Filesize
338KB
MD5c579e3ab0710bd69c0718ac53bc6ef66
SHA17a65fa30b602553e43231d48b46cdac36d34b032
SHA256165f451610a01a7963beef076feff74db5961b364f4d8eb073300eef97bc06da
SHA512e94bf2a462b009ff200316d5cc6af09f73cc47e94913a72768db9235cd55b1fd4cf377be70a968f01947c36cc862b9b572f448e15c3c95892bfa78123f3b842a
-
Filesize
338KB
MD55fc4220b718722fb1767b9eba27b31e9
SHA16777f593b35ac8430e2b03c92d1e0341cd329e90
SHA25648aedd0aa7aa07cfe0254e0953cfdaf7fc8961250cbc9dbc7ee4a2a96e471b85
SHA512152788ffa12c77aa125ecc41972899cac23420d81cdfc53a25344a319899c594a9e4f22d55c4c41e25a261b359913ca59a18183146a5faa94ce65b0b3e6053e0
-
Filesize
338KB
MD55fc4220b718722fb1767b9eba27b31e9
SHA16777f593b35ac8430e2b03c92d1e0341cd329e90
SHA25648aedd0aa7aa07cfe0254e0953cfdaf7fc8961250cbc9dbc7ee4a2a96e471b85
SHA512152788ffa12c77aa125ecc41972899cac23420d81cdfc53a25344a319899c594a9e4f22d55c4c41e25a261b359913ca59a18183146a5faa94ce65b0b3e6053e0
-
Filesize
338KB
MD55789742de903d3e4687058733646a6de
SHA1a9f898f0465a1e52c318dc74d58494ff4a8586c0
SHA256ebd9fc65d9dc453911b72958c17561341d66b071771306eb5e10d5147362edd8
SHA512ca386a60c3ca28754d7e4de6baed3b8021f3bac46cd102672adee75e5ecac21e290003519620a2b22de1f3cbbc9136b1454d198ade67db099979824467b28a30
-
Filesize
338KB
MD55789742de903d3e4687058733646a6de
SHA1a9f898f0465a1e52c318dc74d58494ff4a8586c0
SHA256ebd9fc65d9dc453911b72958c17561341d66b071771306eb5e10d5147362edd8
SHA512ca386a60c3ca28754d7e4de6baed3b8021f3bac46cd102672adee75e5ecac21e290003519620a2b22de1f3cbbc9136b1454d198ade67db099979824467b28a30
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD5fc57e0a854eda36a85cd4b10a50c89d9
SHA11f7eb080d17e1e6b66bc07dd21d96b654da093ee
SHA25638fa798f92140e394a4829337f1df75fc8b636a5aa7549c718190c45ca8f4a3e
SHA5129c93313520e339142334e9671a7a6a3895ee467e44486f336ac47efe797722523e282175dc63e31e0ff9af492817fcbbf4ba97d16a5718273c385c3da46ee57c
-
Filesize
338KB
MD5fc57e0a854eda36a85cd4b10a50c89d9
SHA11f7eb080d17e1e6b66bc07dd21d96b654da093ee
SHA25638fa798f92140e394a4829337f1df75fc8b636a5aa7549c718190c45ca8f4a3e
SHA5129c93313520e339142334e9671a7a6a3895ee467e44486f336ac47efe797722523e282175dc63e31e0ff9af492817fcbbf4ba97d16a5718273c385c3da46ee57c
-
Filesize
338KB
MD5fc57e0a854eda36a85cd4b10a50c89d9
SHA11f7eb080d17e1e6b66bc07dd21d96b654da093ee
SHA25638fa798f92140e394a4829337f1df75fc8b636a5aa7549c718190c45ca8f4a3e
SHA5129c93313520e339142334e9671a7a6a3895ee467e44486f336ac47efe797722523e282175dc63e31e0ff9af492817fcbbf4ba97d16a5718273c385c3da46ee57c
-
Filesize
338KB
MD5fc57e0a854eda36a85cd4b10a50c89d9
SHA11f7eb080d17e1e6b66bc07dd21d96b654da093ee
SHA25638fa798f92140e394a4829337f1df75fc8b636a5aa7549c718190c45ca8f4a3e
SHA5129c93313520e339142334e9671a7a6a3895ee467e44486f336ac47efe797722523e282175dc63e31e0ff9af492817fcbbf4ba97d16a5718273c385c3da46ee57c
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD530e6e08ee5b9ae846187089a41b7f126
SHA12cc6e22768eeffe6bacdc39e0f52266ecc559e4e
SHA256bcc9eab4824917984c94634b03347d5435aa7517f9d180a9148ac132dfc0d0d3
SHA5126390e056717601293aa770eac8195245967fd8e04479470bb5e43c247f6f282315947c74b25a6ac3142801073ea3ac355556dada59de3deac8441a73c382dfd9
-
Filesize
338KB
MD5fc57e0a854eda36a85cd4b10a50c89d9
SHA11f7eb080d17e1e6b66bc07dd21d96b654da093ee
SHA25638fa798f92140e394a4829337f1df75fc8b636a5aa7549c718190c45ca8f4a3e
SHA5129c93313520e339142334e9671a7a6a3895ee467e44486f336ac47efe797722523e282175dc63e31e0ff9af492817fcbbf4ba97d16a5718273c385c3da46ee57c
-
Filesize
338KB
MD5fc57e0a854eda36a85cd4b10a50c89d9
SHA11f7eb080d17e1e6b66bc07dd21d96b654da093ee
SHA25638fa798f92140e394a4829337f1df75fc8b636a5aa7549c718190c45ca8f4a3e
SHA5129c93313520e339142334e9671a7a6a3895ee467e44486f336ac47efe797722523e282175dc63e31e0ff9af492817fcbbf4ba97d16a5718273c385c3da46ee57c
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
4KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB
-
Filesize
112KB