Analysis
-
max time kernel
138s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
04/10/2022, 06:08
General
-
Target
3243bcc53eba98d589ba5e2e9985f3659bec872f1759c37b3be50b91a077ff15.exe
-
Size
72KB
-
MD5
10df44d69af55128e5ce7ede94439657
-
SHA1
47c882a7edbc6e639aa954b564843ed7b1e09eee
-
SHA256
3243bcc53eba98d589ba5e2e9985f3659bec872f1759c37b3be50b91a077ff15
-
SHA512
9725219e1b1d4f1859a15e91a77ec33eaa4940ecdb5a48444ddf11f3eaeec71ddbd4cac84741650e3b8243e4d71f5e00f09fbf690c1c62532debbfacc44f1799
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2c:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrg
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 63 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3243bcc53eba98d589ba5e2e9985f3659bec872f1759c37b3be50b91a077ff15.exe"C:\Users\Admin\AppData\Local\Temp\3243bcc53eba98d589ba5e2e9985f3659bec872f1759c37b3be50b91a077ff15.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\1402899667\backup.exeC:\Users\Admin\AppData\Local\Temp\1402899667\backup.exe C:\Users\Admin\AppData\Local\Temp\1402899667\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\data.exe\data.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\update.exe"C:\Program Files\Common Files\Microsoft Shared\update.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\System Restore.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\System Restore.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\data.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\data.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\System Restore.exe"C:\Program Files\Microsoft Games\System Restore.exe" C:\Program Files\Microsoft Games\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD55b6e2ce3766665357977d39a277f69ad
SHA1ed85ccfe2c000fdb20fa83af9c6368f1e65396e0
SHA256b4163b2d053de057ec104f83ffb5eb857d2bb8781ec794db84687cc97a59173f
SHA5123206a682cd29b042f47a1e8ffc5d3edee1254157c3700f0860c8daf2ac409197f0b4a892f5b349239f51a2d10e4165baea2c14c6cf0727608bc9c08f5e6a3fe9
-
Filesize
72KB
MD5a7860791d3d28e4265d05cd301afea28
SHA15ce923b607fef070b8269883e5165ef435aab58f
SHA256f133cac25b7dbcb3ac3f64cc534b29a6f543f08738a53979bc9bca8e2b3aef80
SHA5122d389081fc8a87523cb3190072f061a1897709751a509aa9a2dd99a5d10a563d0dc745b493370d3df981c535bee9ab1f88fec9f9137bba4a6339946ca1431069
-
Filesize
72KB
MD5a7860791d3d28e4265d05cd301afea28
SHA15ce923b607fef070b8269883e5165ef435aab58f
SHA256f133cac25b7dbcb3ac3f64cc534b29a6f543f08738a53979bc9bca8e2b3aef80
SHA5122d389081fc8a87523cb3190072f061a1897709751a509aa9a2dd99a5d10a563d0dc745b493370d3df981c535bee9ab1f88fec9f9137bba4a6339946ca1431069
-
Filesize
72KB
MD5a3fa368183617f946a024c93d731f22c
SHA18c3c861cf58eb1be2c049a34d5528e86b5e8bb71
SHA256491c41353b869511f34b7b78f6da92631cafffb970de70673255268773e2761a
SHA512d8efe21c8a6abc54100d9d2b37ec1e4bb37e1c4ed0cde1f8645c0957ee1b1d2e40a06a0893d570813bc7cd9f1119a946637c64f5179951b5aa3aab8e26113617
-
Filesize
72KB
MD5c8f7237677646fe512728c900721ddb5
SHA12973f8ff45efc0921de5b38944f817db5264feac
SHA2563eaec332908c46463ef35615339f230ee5dd70d1f800a2ba32c65f472781d4bb
SHA5122828f06664912adb56cde8c235ec272041492232c1d1aa89c0f9b0b939c7fd2f70c1289f0c131147d23a5b1443f4caf2ed9dc1505a9e4dfc5ab8eaff033c9599
-
Filesize
72KB
MD5c8f7237677646fe512728c900721ddb5
SHA12973f8ff45efc0921de5b38944f817db5264feac
SHA2563eaec332908c46463ef35615339f230ee5dd70d1f800a2ba32c65f472781d4bb
SHA5122828f06664912adb56cde8c235ec272041492232c1d1aa89c0f9b0b939c7fd2f70c1289f0c131147d23a5b1443f4caf2ed9dc1505a9e4dfc5ab8eaff033c9599
-
Filesize
72KB
MD5e0874baabf03dac843fa7e0ce491cc4f
SHA127f1bacc2442cd34173066237f1bf8c8f6a52bfe
SHA25690d7de1450fef11e019e7556cc0798ea1f1e32b8374e0b6fa5166790153aeb4b
SHA5122ba924c4eb9ed87ad72ca2721dc85695601763fc44abf86124dc8aa21eede56db6d67ce667e645e40270de01b00ff10612724c362cd53e1acfbf23eae2786a5c
-
Filesize
72KB
MD5e0874baabf03dac843fa7e0ce491cc4f
SHA127f1bacc2442cd34173066237f1bf8c8f6a52bfe
SHA25690d7de1450fef11e019e7556cc0798ea1f1e32b8374e0b6fa5166790153aeb4b
SHA5122ba924c4eb9ed87ad72ca2721dc85695601763fc44abf86124dc8aa21eede56db6d67ce667e645e40270de01b00ff10612724c362cd53e1acfbf23eae2786a5c
-
Filesize
72KB
MD5639f22bba8719e458d5f6fcacf2b34e3
SHA163634674885dde719d5d8a89cc9fea2d4206219b
SHA25612cf43e73edc1ceaeb1adbf2ee2d63e8ed2fb7c78710cfccd3770258f821f895
SHA512e82b0ff3d9a4d9b58a33ed918136104a7f0191beff38e52626a2d6730b5314a5c7ab50be8ceb2ee2aab031feb13890b75d46142fd428ab156678adbc7ba79f69
-
Filesize
72KB
MD5639f22bba8719e458d5f6fcacf2b34e3
SHA163634674885dde719d5d8a89cc9fea2d4206219b
SHA25612cf43e73edc1ceaeb1adbf2ee2d63e8ed2fb7c78710cfccd3770258f821f895
SHA512e82b0ff3d9a4d9b58a33ed918136104a7f0191beff38e52626a2d6730b5314a5c7ab50be8ceb2ee2aab031feb13890b75d46142fd428ab156678adbc7ba79f69
-
Filesize
72KB
MD5a3fa368183617f946a024c93d731f22c
SHA18c3c861cf58eb1be2c049a34d5528e86b5e8bb71
SHA256491c41353b869511f34b7b78f6da92631cafffb970de70673255268773e2761a
SHA512d8efe21c8a6abc54100d9d2b37ec1e4bb37e1c4ed0cde1f8645c0957ee1b1d2e40a06a0893d570813bc7cd9f1119a946637c64f5179951b5aa3aab8e26113617
-
Filesize
72KB
MD5a3fa368183617f946a024c93d731f22c
SHA18c3c861cf58eb1be2c049a34d5528e86b5e8bb71
SHA256491c41353b869511f34b7b78f6da92631cafffb970de70673255268773e2761a
SHA512d8efe21c8a6abc54100d9d2b37ec1e4bb37e1c4ed0cde1f8645c0957ee1b1d2e40a06a0893d570813bc7cd9f1119a946637c64f5179951b5aa3aab8e26113617
-
Filesize
72KB
MD5c8f7237677646fe512728c900721ddb5
SHA12973f8ff45efc0921de5b38944f817db5264feac
SHA2563eaec332908c46463ef35615339f230ee5dd70d1f800a2ba32c65f472781d4bb
SHA5122828f06664912adb56cde8c235ec272041492232c1d1aa89c0f9b0b939c7fd2f70c1289f0c131147d23a5b1443f4caf2ed9dc1505a9e4dfc5ab8eaff033c9599
-
Filesize
72KB
MD5c8f7237677646fe512728c900721ddb5
SHA12973f8ff45efc0921de5b38944f817db5264feac
SHA2563eaec332908c46463ef35615339f230ee5dd70d1f800a2ba32c65f472781d4bb
SHA5122828f06664912adb56cde8c235ec272041492232c1d1aa89c0f9b0b939c7fd2f70c1289f0c131147d23a5b1443f4caf2ed9dc1505a9e4dfc5ab8eaff033c9599
-
Filesize
72KB
MD5f8d0fa0a7cfd33082cc590c7dfa1e451
SHA1c9f0b35bb1e226cee28c3ec2b93d77f47f21c1e7
SHA2569419012ee34bcec9be0d1e729efe74ee5edf7fa5fc502b1224ee9d122346aa4b
SHA512ccf58b7982225350674905b7400587a9daaf0bf75a4587a1c489bdf589d89c75036005b6e46197089110384ec0c02598e91945cd1fa20cd8312763dcbed9e829
-
Filesize
72KB
MD5f8d0fa0a7cfd33082cc590c7dfa1e451
SHA1c9f0b35bb1e226cee28c3ec2b93d77f47f21c1e7
SHA2569419012ee34bcec9be0d1e729efe74ee5edf7fa5fc502b1224ee9d122346aa4b
SHA512ccf58b7982225350674905b7400587a9daaf0bf75a4587a1c489bdf589d89c75036005b6e46197089110384ec0c02598e91945cd1fa20cd8312763dcbed9e829
-
Filesize
72KB
MD5a10df1008671478551cb9e00a4dc6c51
SHA19cdb6aeb1713dadf544de6b2e696ab69395ea06c
SHA256cec574090d58ac17eca496d08ce6b3acbc11e80b2ba8d0eddd115c865d2be0c9
SHA51231ab58e34a45d768da82828a2f4adc7ffee00ebd7ef85dbf6cb520e2fa62818eef8f14bcbfb3580e1312d9144caf4cdd1683e725e44e4ed7fa40fddb765f299e
-
Filesize
72KB
MD5a10df1008671478551cb9e00a4dc6c51
SHA19cdb6aeb1713dadf544de6b2e696ab69395ea06c
SHA256cec574090d58ac17eca496d08ce6b3acbc11e80b2ba8d0eddd115c865d2be0c9
SHA51231ab58e34a45d768da82828a2f4adc7ffee00ebd7ef85dbf6cb520e2fa62818eef8f14bcbfb3580e1312d9144caf4cdd1683e725e44e4ed7fa40fddb765f299e
-
Filesize
72KB
MD5a10df1008671478551cb9e00a4dc6c51
SHA19cdb6aeb1713dadf544de6b2e696ab69395ea06c
SHA256cec574090d58ac17eca496d08ce6b3acbc11e80b2ba8d0eddd115c865d2be0c9
SHA51231ab58e34a45d768da82828a2f4adc7ffee00ebd7ef85dbf6cb520e2fa62818eef8f14bcbfb3580e1312d9144caf4cdd1683e725e44e4ed7fa40fddb765f299e
-
Filesize
72KB
MD5d8b3f7ba17bd09b49dc334595a9c73ab
SHA13c4f3531a61e2f4b77a576828ef3274a3cd65bdf
SHA256b947cb7003678227fa1789c77c07371a5b57936e54fcc60125be74eead0abff5
SHA51288cdfc2251cde49b69704ae0b18e69ba40f7ccf041adb1b1a6a1f09fc4aeb1e88c6794e20801e80f60302b1adbaa60ff81b1941737bbb6964cd4d8b1bb38ecd2
-
Filesize
72KB
MD5d8b3f7ba17bd09b49dc334595a9c73ab
SHA13c4f3531a61e2f4b77a576828ef3274a3cd65bdf
SHA256b947cb7003678227fa1789c77c07371a5b57936e54fcc60125be74eead0abff5
SHA51288cdfc2251cde49b69704ae0b18e69ba40f7ccf041adb1b1a6a1f09fc4aeb1e88c6794e20801e80f60302b1adbaa60ff81b1941737bbb6964cd4d8b1bb38ecd2
-
Filesize
72KB
MD51cada50c9ed01edab1e610ea7ab0db1c
SHA132ade171b751d4053f2e3190ec7d1ad626a946f9
SHA256dd5731af23246c9aa74c030599bb91d8eb729f52920c53a415db25dd2f99cb11
SHA51211b127f1dd8f4263b1335f93579d4b43efbf862e13484c599f5fde7d87cb8b19fa13383755fa006a0e2273c80f4df7b88c7aa81d642ce9e652c027997e32e7e5
-
Filesize
72KB
MD5a10df1008671478551cb9e00a4dc6c51
SHA19cdb6aeb1713dadf544de6b2e696ab69395ea06c
SHA256cec574090d58ac17eca496d08ce6b3acbc11e80b2ba8d0eddd115c865d2be0c9
SHA51231ab58e34a45d768da82828a2f4adc7ffee00ebd7ef85dbf6cb520e2fa62818eef8f14bcbfb3580e1312d9144caf4cdd1683e725e44e4ed7fa40fddb765f299e
-
Filesize
72KB
MD5d3fdfa3d6052cffd74f5cb4296df7efb
SHA11bee26100e2fb20b32e9305388d2bac3334b3fdc
SHA2564bf0f23253ef9605f9eb3f438a1b1b95ba8adaa186f08610b1828c977c412ad6
SHA512e42fed59ad915e91576c1f5a61d15dd73b16432308b6a5e6b499116de6f3ab6104af9880ac1abecf2b20aaadc17744cfd0a25b96af4911ff9d7541b07efc661b
-
Filesize
72KB
MD53de562692f7b07b5c572006119d3b563
SHA16752290362115679c910057c92d7899d6923904f
SHA256df0ce79c5e5190e7092104f46768d03043abcbae20faa656ff0093d1f3ca4c08
SHA5129f4086e83035c96542d3ab823d048922b27bc13fc81854ba4ff57e852f55e87ef93ac8e473af7e794a8639d16e9797ac367f6a2b96566184e90629daf0ee3e62
-
Filesize
72KB
MD53de562692f7b07b5c572006119d3b563
SHA16752290362115679c910057c92d7899d6923904f
SHA256df0ce79c5e5190e7092104f46768d03043abcbae20faa656ff0093d1f3ca4c08
SHA5129f4086e83035c96542d3ab823d048922b27bc13fc81854ba4ff57e852f55e87ef93ac8e473af7e794a8639d16e9797ac367f6a2b96566184e90629daf0ee3e62
-
Filesize
72KB
MD55b6e2ce3766665357977d39a277f69ad
SHA1ed85ccfe2c000fdb20fa83af9c6368f1e65396e0
SHA256b4163b2d053de057ec104f83ffb5eb857d2bb8781ec794db84687cc97a59173f
SHA5123206a682cd29b042f47a1e8ffc5d3edee1254157c3700f0860c8daf2ac409197f0b4a892f5b349239f51a2d10e4165baea2c14c6cf0727608bc9c08f5e6a3fe9
-
Filesize
72KB
MD55b6e2ce3766665357977d39a277f69ad
SHA1ed85ccfe2c000fdb20fa83af9c6368f1e65396e0
SHA256b4163b2d053de057ec104f83ffb5eb857d2bb8781ec794db84687cc97a59173f
SHA5123206a682cd29b042f47a1e8ffc5d3edee1254157c3700f0860c8daf2ac409197f0b4a892f5b349239f51a2d10e4165baea2c14c6cf0727608bc9c08f5e6a3fe9
-
Filesize
72KB
MD5a7860791d3d28e4265d05cd301afea28
SHA15ce923b607fef070b8269883e5165ef435aab58f
SHA256f133cac25b7dbcb3ac3f64cc534b29a6f543f08738a53979bc9bca8e2b3aef80
SHA5122d389081fc8a87523cb3190072f061a1897709751a509aa9a2dd99a5d10a563d0dc745b493370d3df981c535bee9ab1f88fec9f9137bba4a6339946ca1431069
-
Filesize
72KB
MD5a7860791d3d28e4265d05cd301afea28
SHA15ce923b607fef070b8269883e5165ef435aab58f
SHA256f133cac25b7dbcb3ac3f64cc534b29a6f543f08738a53979bc9bca8e2b3aef80
SHA5122d389081fc8a87523cb3190072f061a1897709751a509aa9a2dd99a5d10a563d0dc745b493370d3df981c535bee9ab1f88fec9f9137bba4a6339946ca1431069
-
Filesize
72KB
MD5a3fa368183617f946a024c93d731f22c
SHA18c3c861cf58eb1be2c049a34d5528e86b5e8bb71
SHA256491c41353b869511f34b7b78f6da92631cafffb970de70673255268773e2761a
SHA512d8efe21c8a6abc54100d9d2b37ec1e4bb37e1c4ed0cde1f8645c0957ee1b1d2e40a06a0893d570813bc7cd9f1119a946637c64f5179951b5aa3aab8e26113617
-
Filesize
72KB
MD5a3fa368183617f946a024c93d731f22c
SHA18c3c861cf58eb1be2c049a34d5528e86b5e8bb71
SHA256491c41353b869511f34b7b78f6da92631cafffb970de70673255268773e2761a
SHA512d8efe21c8a6abc54100d9d2b37ec1e4bb37e1c4ed0cde1f8645c0957ee1b1d2e40a06a0893d570813bc7cd9f1119a946637c64f5179951b5aa3aab8e26113617
-
Filesize
72KB
MD5c8f7237677646fe512728c900721ddb5
SHA12973f8ff45efc0921de5b38944f817db5264feac
SHA2563eaec332908c46463ef35615339f230ee5dd70d1f800a2ba32c65f472781d4bb
SHA5122828f06664912adb56cde8c235ec272041492232c1d1aa89c0f9b0b939c7fd2f70c1289f0c131147d23a5b1443f4caf2ed9dc1505a9e4dfc5ab8eaff033c9599
-
Filesize
72KB
MD5c8f7237677646fe512728c900721ddb5
SHA12973f8ff45efc0921de5b38944f817db5264feac
SHA2563eaec332908c46463ef35615339f230ee5dd70d1f800a2ba32c65f472781d4bb
SHA5122828f06664912adb56cde8c235ec272041492232c1d1aa89c0f9b0b939c7fd2f70c1289f0c131147d23a5b1443f4caf2ed9dc1505a9e4dfc5ab8eaff033c9599
-
Filesize
72KB
MD5e0874baabf03dac843fa7e0ce491cc4f
SHA127f1bacc2442cd34173066237f1bf8c8f6a52bfe
SHA25690d7de1450fef11e019e7556cc0798ea1f1e32b8374e0b6fa5166790153aeb4b
SHA5122ba924c4eb9ed87ad72ca2721dc85695601763fc44abf86124dc8aa21eede56db6d67ce667e645e40270de01b00ff10612724c362cd53e1acfbf23eae2786a5c
-
Filesize
72KB
MD5e0874baabf03dac843fa7e0ce491cc4f
SHA127f1bacc2442cd34173066237f1bf8c8f6a52bfe
SHA25690d7de1450fef11e019e7556cc0798ea1f1e32b8374e0b6fa5166790153aeb4b
SHA5122ba924c4eb9ed87ad72ca2721dc85695601763fc44abf86124dc8aa21eede56db6d67ce667e645e40270de01b00ff10612724c362cd53e1acfbf23eae2786a5c
-
Filesize
72KB
MD5e0874baabf03dac843fa7e0ce491cc4f
SHA127f1bacc2442cd34173066237f1bf8c8f6a52bfe
SHA25690d7de1450fef11e019e7556cc0798ea1f1e32b8374e0b6fa5166790153aeb4b
SHA5122ba924c4eb9ed87ad72ca2721dc85695601763fc44abf86124dc8aa21eede56db6d67ce667e645e40270de01b00ff10612724c362cd53e1acfbf23eae2786a5c
-
Filesize
72KB
MD5e0874baabf03dac843fa7e0ce491cc4f
SHA127f1bacc2442cd34173066237f1bf8c8f6a52bfe
SHA25690d7de1450fef11e019e7556cc0798ea1f1e32b8374e0b6fa5166790153aeb4b
SHA5122ba924c4eb9ed87ad72ca2721dc85695601763fc44abf86124dc8aa21eede56db6d67ce667e645e40270de01b00ff10612724c362cd53e1acfbf23eae2786a5c
-
Filesize
72KB
MD5e0874baabf03dac843fa7e0ce491cc4f
SHA127f1bacc2442cd34173066237f1bf8c8f6a52bfe
SHA25690d7de1450fef11e019e7556cc0798ea1f1e32b8374e0b6fa5166790153aeb4b
SHA5122ba924c4eb9ed87ad72ca2721dc85695601763fc44abf86124dc8aa21eede56db6d67ce667e645e40270de01b00ff10612724c362cd53e1acfbf23eae2786a5c
-
Filesize
72KB
MD5639f22bba8719e458d5f6fcacf2b34e3
SHA163634674885dde719d5d8a89cc9fea2d4206219b
SHA25612cf43e73edc1ceaeb1adbf2ee2d63e8ed2fb7c78710cfccd3770258f821f895
SHA512e82b0ff3d9a4d9b58a33ed918136104a7f0191beff38e52626a2d6730b5314a5c7ab50be8ceb2ee2aab031feb13890b75d46142fd428ab156678adbc7ba79f69
-
Filesize
72KB
MD5639f22bba8719e458d5f6fcacf2b34e3
SHA163634674885dde719d5d8a89cc9fea2d4206219b
SHA25612cf43e73edc1ceaeb1adbf2ee2d63e8ed2fb7c78710cfccd3770258f821f895
SHA512e82b0ff3d9a4d9b58a33ed918136104a7f0191beff38e52626a2d6730b5314a5c7ab50be8ceb2ee2aab031feb13890b75d46142fd428ab156678adbc7ba79f69
-
Filesize
72KB
MD5639f22bba8719e458d5f6fcacf2b34e3
SHA163634674885dde719d5d8a89cc9fea2d4206219b
SHA25612cf43e73edc1ceaeb1adbf2ee2d63e8ed2fb7c78710cfccd3770258f821f895
SHA512e82b0ff3d9a4d9b58a33ed918136104a7f0191beff38e52626a2d6730b5314a5c7ab50be8ceb2ee2aab031feb13890b75d46142fd428ab156678adbc7ba79f69
-
Filesize
72KB
MD5a3fa368183617f946a024c93d731f22c
SHA18c3c861cf58eb1be2c049a34d5528e86b5e8bb71
SHA256491c41353b869511f34b7b78f6da92631cafffb970de70673255268773e2761a
SHA512d8efe21c8a6abc54100d9d2b37ec1e4bb37e1c4ed0cde1f8645c0957ee1b1d2e40a06a0893d570813bc7cd9f1119a946637c64f5179951b5aa3aab8e26113617
-
Filesize
72KB
MD5a3fa368183617f946a024c93d731f22c
SHA18c3c861cf58eb1be2c049a34d5528e86b5e8bb71
SHA256491c41353b869511f34b7b78f6da92631cafffb970de70673255268773e2761a
SHA512d8efe21c8a6abc54100d9d2b37ec1e4bb37e1c4ed0cde1f8645c0957ee1b1d2e40a06a0893d570813bc7cd9f1119a946637c64f5179951b5aa3aab8e26113617
-
Filesize
72KB
MD5a3fa368183617f946a024c93d731f22c
SHA18c3c861cf58eb1be2c049a34d5528e86b5e8bb71
SHA256491c41353b869511f34b7b78f6da92631cafffb970de70673255268773e2761a
SHA512d8efe21c8a6abc54100d9d2b37ec1e4bb37e1c4ed0cde1f8645c0957ee1b1d2e40a06a0893d570813bc7cd9f1119a946637c64f5179951b5aa3aab8e26113617
-
Filesize
72KB
MD5a3fa368183617f946a024c93d731f22c
SHA18c3c861cf58eb1be2c049a34d5528e86b5e8bb71
SHA256491c41353b869511f34b7b78f6da92631cafffb970de70673255268773e2761a
SHA512d8efe21c8a6abc54100d9d2b37ec1e4bb37e1c4ed0cde1f8645c0957ee1b1d2e40a06a0893d570813bc7cd9f1119a946637c64f5179951b5aa3aab8e26113617
-
Filesize
72KB
MD5c8f7237677646fe512728c900721ddb5
SHA12973f8ff45efc0921de5b38944f817db5264feac
SHA2563eaec332908c46463ef35615339f230ee5dd70d1f800a2ba32c65f472781d4bb
SHA5122828f06664912adb56cde8c235ec272041492232c1d1aa89c0f9b0b939c7fd2f70c1289f0c131147d23a5b1443f4caf2ed9dc1505a9e4dfc5ab8eaff033c9599
-
Filesize
72KB
MD5c8f7237677646fe512728c900721ddb5
SHA12973f8ff45efc0921de5b38944f817db5264feac
SHA2563eaec332908c46463ef35615339f230ee5dd70d1f800a2ba32c65f472781d4bb
SHA5122828f06664912adb56cde8c235ec272041492232c1d1aa89c0f9b0b939c7fd2f70c1289f0c131147d23a5b1443f4caf2ed9dc1505a9e4dfc5ab8eaff033c9599
-
Filesize
72KB
MD5f8d0fa0a7cfd33082cc590c7dfa1e451
SHA1c9f0b35bb1e226cee28c3ec2b93d77f47f21c1e7
SHA2569419012ee34bcec9be0d1e729efe74ee5edf7fa5fc502b1224ee9d122346aa4b
SHA512ccf58b7982225350674905b7400587a9daaf0bf75a4587a1c489bdf589d89c75036005b6e46197089110384ec0c02598e91945cd1fa20cd8312763dcbed9e829
-
Filesize
72KB
MD5f8d0fa0a7cfd33082cc590c7dfa1e451
SHA1c9f0b35bb1e226cee28c3ec2b93d77f47f21c1e7
SHA2569419012ee34bcec9be0d1e729efe74ee5edf7fa5fc502b1224ee9d122346aa4b
SHA512ccf58b7982225350674905b7400587a9daaf0bf75a4587a1c489bdf589d89c75036005b6e46197089110384ec0c02598e91945cd1fa20cd8312763dcbed9e829
-
Filesize
72KB
MD5a10df1008671478551cb9e00a4dc6c51
SHA19cdb6aeb1713dadf544de6b2e696ab69395ea06c
SHA256cec574090d58ac17eca496d08ce6b3acbc11e80b2ba8d0eddd115c865d2be0c9
SHA51231ab58e34a45d768da82828a2f4adc7ffee00ebd7ef85dbf6cb520e2fa62818eef8f14bcbfb3580e1312d9144caf4cdd1683e725e44e4ed7fa40fddb765f299e
-
Filesize
72KB
MD5a10df1008671478551cb9e00a4dc6c51
SHA19cdb6aeb1713dadf544de6b2e696ab69395ea06c
SHA256cec574090d58ac17eca496d08ce6b3acbc11e80b2ba8d0eddd115c865d2be0c9
SHA51231ab58e34a45d768da82828a2f4adc7ffee00ebd7ef85dbf6cb520e2fa62818eef8f14bcbfb3580e1312d9144caf4cdd1683e725e44e4ed7fa40fddb765f299e
-
Filesize
72KB
MD5a10df1008671478551cb9e00a4dc6c51
SHA19cdb6aeb1713dadf544de6b2e696ab69395ea06c
SHA256cec574090d58ac17eca496d08ce6b3acbc11e80b2ba8d0eddd115c865d2be0c9
SHA51231ab58e34a45d768da82828a2f4adc7ffee00ebd7ef85dbf6cb520e2fa62818eef8f14bcbfb3580e1312d9144caf4cdd1683e725e44e4ed7fa40fddb765f299e
-
Filesize
72KB
MD5a10df1008671478551cb9e00a4dc6c51
SHA19cdb6aeb1713dadf544de6b2e696ab69395ea06c
SHA256cec574090d58ac17eca496d08ce6b3acbc11e80b2ba8d0eddd115c865d2be0c9
SHA51231ab58e34a45d768da82828a2f4adc7ffee00ebd7ef85dbf6cb520e2fa62818eef8f14bcbfb3580e1312d9144caf4cdd1683e725e44e4ed7fa40fddb765f299e
-
Filesize
72KB
MD5d8b3f7ba17bd09b49dc334595a9c73ab
SHA13c4f3531a61e2f4b77a576828ef3274a3cd65bdf
SHA256b947cb7003678227fa1789c77c07371a5b57936e54fcc60125be74eead0abff5
SHA51288cdfc2251cde49b69704ae0b18e69ba40f7ccf041adb1b1a6a1f09fc4aeb1e88c6794e20801e80f60302b1adbaa60ff81b1941737bbb6964cd4d8b1bb38ecd2
-
Filesize
72KB
MD5d8b3f7ba17bd09b49dc334595a9c73ab
SHA13c4f3531a61e2f4b77a576828ef3274a3cd65bdf
SHA256b947cb7003678227fa1789c77c07371a5b57936e54fcc60125be74eead0abff5
SHA51288cdfc2251cde49b69704ae0b18e69ba40f7ccf041adb1b1a6a1f09fc4aeb1e88c6794e20801e80f60302b1adbaa60ff81b1941737bbb6964cd4d8b1bb38ecd2
-
Filesize
72KB
MD5d8b3f7ba17bd09b49dc334595a9c73ab
SHA13c4f3531a61e2f4b77a576828ef3274a3cd65bdf
SHA256b947cb7003678227fa1789c77c07371a5b57936e54fcc60125be74eead0abff5
SHA51288cdfc2251cde49b69704ae0b18e69ba40f7ccf041adb1b1a6a1f09fc4aeb1e88c6794e20801e80f60302b1adbaa60ff81b1941737bbb6964cd4d8b1bb38ecd2
-
Filesize
72KB
MD5d8b3f7ba17bd09b49dc334595a9c73ab
SHA13c4f3531a61e2f4b77a576828ef3274a3cd65bdf
SHA256b947cb7003678227fa1789c77c07371a5b57936e54fcc60125be74eead0abff5
SHA51288cdfc2251cde49b69704ae0b18e69ba40f7ccf041adb1b1a6a1f09fc4aeb1e88c6794e20801e80f60302b1adbaa60ff81b1941737bbb6964cd4d8b1bb38ecd2
-
Filesize
72KB
MD51cada50c9ed01edab1e610ea7ab0db1c
SHA132ade171b751d4053f2e3190ec7d1ad626a946f9
SHA256dd5731af23246c9aa74c030599bb91d8eb729f52920c53a415db25dd2f99cb11
SHA51211b127f1dd8f4263b1335f93579d4b43efbf862e13484c599f5fde7d87cb8b19fa13383755fa006a0e2273c80f4df7b88c7aa81d642ce9e652c027997e32e7e5
-
Filesize
72KB
MD51cada50c9ed01edab1e610ea7ab0db1c
SHA132ade171b751d4053f2e3190ec7d1ad626a946f9
SHA256dd5731af23246c9aa74c030599bb91d8eb729f52920c53a415db25dd2f99cb11
SHA51211b127f1dd8f4263b1335f93579d4b43efbf862e13484c599f5fde7d87cb8b19fa13383755fa006a0e2273c80f4df7b88c7aa81d642ce9e652c027997e32e7e5
-
Filesize
72KB
MD5a10df1008671478551cb9e00a4dc6c51
SHA19cdb6aeb1713dadf544de6b2e696ab69395ea06c
SHA256cec574090d58ac17eca496d08ce6b3acbc11e80b2ba8d0eddd115c865d2be0c9
SHA51231ab58e34a45d768da82828a2f4adc7ffee00ebd7ef85dbf6cb520e2fa62818eef8f14bcbfb3580e1312d9144caf4cdd1683e725e44e4ed7fa40fddb765f299e
-
Filesize
72KB
MD5a10df1008671478551cb9e00a4dc6c51
SHA19cdb6aeb1713dadf544de6b2e696ab69395ea06c
SHA256cec574090d58ac17eca496d08ce6b3acbc11e80b2ba8d0eddd115c865d2be0c9
SHA51231ab58e34a45d768da82828a2f4adc7ffee00ebd7ef85dbf6cb520e2fa62818eef8f14bcbfb3580e1312d9144caf4cdd1683e725e44e4ed7fa40fddb765f299e
-
Filesize
72KB
MD5d3fdfa3d6052cffd74f5cb4296df7efb
SHA11bee26100e2fb20b32e9305388d2bac3334b3fdc
SHA2564bf0f23253ef9605f9eb3f438a1b1b95ba8adaa186f08610b1828c977c412ad6
SHA512e42fed59ad915e91576c1f5a61d15dd73b16432308b6a5e6b499116de6f3ab6104af9880ac1abecf2b20aaadc17744cfd0a25b96af4911ff9d7541b07efc661b
-
Filesize
72KB
MD5d3fdfa3d6052cffd74f5cb4296df7efb
SHA11bee26100e2fb20b32e9305388d2bac3334b3fdc
SHA2564bf0f23253ef9605f9eb3f438a1b1b95ba8adaa186f08610b1828c977c412ad6
SHA512e42fed59ad915e91576c1f5a61d15dd73b16432308b6a5e6b499116de6f3ab6104af9880ac1abecf2b20aaadc17744cfd0a25b96af4911ff9d7541b07efc661b
-
Filesize
8KB
-
Filesize
8KB