Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
191s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
21/10/2022, 01:41
General
-
Target
1bc1d88a6ad855261c06f32d0ad4c854621ec9533069796aa868ab7cbc7765d0.exe
-
Size
72KB
-
MD5
64e3316b01f23049c8b780f070c2a85a
-
SHA1
b538933b3cc2373b218881710b320f635f380d08
-
SHA256
1bc1d88a6ad855261c06f32d0ad4c854621ec9533069796aa868ab7cbc7765d0
-
SHA512
246e0ba6ef2199830455790973a26c9bf226014dea344d0620b6a4d721db69fc30e1c1021276c3b580fe0dc9b8ab50b0d4244da98c45df82914024590395a322
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2l:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrJ
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1bc1d88a6ad855261c06f32d0ad4c854621ec9533069796aa868ab7cbc7765d0.exe"C:\Users\Admin\AppData\Local\Temp\1bc1d88a6ad855261c06f32d0ad4c854621ec9533069796aa868ab7cbc7765d0.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2752809531\backup.exeC:\Users\Admin\AppData\Local\Temp\2752809531\backup.exe C:\Users\Admin\AppData\Local\Temp\2752809531\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\System Restore.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\System Restore.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\data.exe"C:\Program Files\Common Files\System\it-IT\data.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\update.exe"C:\Program Files\DVD Maker\en-US\update.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
C:\Program Files\DVD Maker\it-IT\data.exe"C:\Program Files\DVD Maker\it-IT\data.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD57a287d6c325d2c2d44dfa0319e52f00e
SHA1bb836071be73acd355a9dcdeca67e624ad2811d9
SHA256c278e2b266eaf5bb06e4a828aeaa9738d7533d0acecad6c79fcaeb08b747c3b9
SHA512ba01d1435a13a5878c7a900be90c8554f8d4575fabb45fe1e7792228d027afa2a34e4f6b4a143fd555aa1ab868168b2c111a86c159a4cf6a6f798f5dd9947105
-
Filesize
72KB
MD544c607858c51a387f8f9db4f4568c57a
SHA10c12758465cda86471a844626a8d16aaf1b75e92
SHA2561dd831722c0c98db31f5065447f750551fe4507983e2a44f7055d48820ff3ce9
SHA5127d855397e9d705f6a6a6f42177b5b2244e93f928a4b15c84c21d36408430e6e4eaba59f08ba8cefeb3f66e59ac25fe7a7aef360aa93d8c2f2f32050110753eb6
-
Filesize
72KB
MD544c607858c51a387f8f9db4f4568c57a
SHA10c12758465cda86471a844626a8d16aaf1b75e92
SHA2561dd831722c0c98db31f5065447f750551fe4507983e2a44f7055d48820ff3ce9
SHA5127d855397e9d705f6a6a6f42177b5b2244e93f928a4b15c84c21d36408430e6e4eaba59f08ba8cefeb3f66e59ac25fe7a7aef360aa93d8c2f2f32050110753eb6
-
Filesize
72KB
MD5d26465bb4dab5e07d0c7f24c070ba1c8
SHA10b648644a2c442cbe4e1e57a36fcd1411ecd7f10
SHA2567a00cf2a1d20df617cb438e75743577c7ca70ab597165d1c70513871ed2aee7c
SHA512f59a6f27d3848706d25b12b6aabdd228bff2600f3d4f7adcbf69866bde70c6f7708004639b8f47a38dfaaf9d7fd4c795bc5741935c14a3de3ec7a173137312ab
-
Filesize
72KB
MD55d769650e477fd8ccff4c0009908d0d6
SHA1e60b768de34cebe98d728b7c3c70f56c4fba1084
SHA25621e01b2315a7a7e674b5e15f64daeb1b3b736bfa01e9b98947b221047c72d368
SHA5125b99ae0733d12ed1964c56f8311199492e4cc1ae1fcbad147a1bd629ecaa7df202afd95a00b43a5b243e288cf9aeee877e74ba641553a7ff275a2a37725d265e
-
Filesize
72KB
MD55d769650e477fd8ccff4c0009908d0d6
SHA1e60b768de34cebe98d728b7c3c70f56c4fba1084
SHA25621e01b2315a7a7e674b5e15f64daeb1b3b736bfa01e9b98947b221047c72d368
SHA5125b99ae0733d12ed1964c56f8311199492e4cc1ae1fcbad147a1bd629ecaa7df202afd95a00b43a5b243e288cf9aeee877e74ba641553a7ff275a2a37725d265e
-
Filesize
72KB
MD51475046c1f89bdb1f702e40abbd5c4b2
SHA1c78eebe785999211f601ed7069b74f0d4c8604d2
SHA2562331b058566d66520dfc6925ec54d9f9010a4ada2dff449745e60e498d9b2e89
SHA5127a759184afd665fd589198c12cf12180180a1c684c8ac14ee761e291610651d4f2f4cc6069cc85ec6b01bff0dd5e93a9e2fc7a4aeef00d902a12977538401419
-
Filesize
72KB
MD5703c6374eb6d7d4b2a3dc30b6910b8f7
SHA1c57deb8f4d2d64078787aaf7eaf4669b5b3b888c
SHA256eed1d23f401a3fc7a2e84c072607b1a6aa37a88d2a9954a304b0f0c20ed8f9ba
SHA512e8b95283b20d30a9d56a95d2c69a951283fd72535bf0b80535a3649aaab7fead9d0be19772845d59ed00f39376d5ebe88d25d6684ac84dac23907c94887f33b4
-
Filesize
72KB
MD5703c6374eb6d7d4b2a3dc30b6910b8f7
SHA1c57deb8f4d2d64078787aaf7eaf4669b5b3b888c
SHA256eed1d23f401a3fc7a2e84c072607b1a6aa37a88d2a9954a304b0f0c20ed8f9ba
SHA512e8b95283b20d30a9d56a95d2c69a951283fd72535bf0b80535a3649aaab7fead9d0be19772845d59ed00f39376d5ebe88d25d6684ac84dac23907c94887f33b4
-
Filesize
72KB
MD54d191ddbc47d454d3a6e1d5ffb0b7666
SHA10bebe56b42a1934bf57e3e7538d84fe951c74836
SHA256a8a19b3b39257b3c9c1e7e8615cfd98d9cb1f5cbe6e320dd07f9ab32cff7d48c
SHA512729b3a72570aaa6891d4bf795b1f249198e3313a13778f7ddc62cbe11a0a83908e5e0005380470fca8b7c728880e98832ab6b9dbcbdb99dbcca1af06211cfa0a
-
Filesize
72KB
MD51475046c1f89bdb1f702e40abbd5c4b2
SHA1c78eebe785999211f601ed7069b74f0d4c8604d2
SHA2562331b058566d66520dfc6925ec54d9f9010a4ada2dff449745e60e498d9b2e89
SHA5127a759184afd665fd589198c12cf12180180a1c684c8ac14ee761e291610651d4f2f4cc6069cc85ec6b01bff0dd5e93a9e2fc7a4aeef00d902a12977538401419
-
Filesize
72KB
MD51475046c1f89bdb1f702e40abbd5c4b2
SHA1c78eebe785999211f601ed7069b74f0d4c8604d2
SHA2562331b058566d66520dfc6925ec54d9f9010a4ada2dff449745e60e498d9b2e89
SHA5127a759184afd665fd589198c12cf12180180a1c684c8ac14ee761e291610651d4f2f4cc6069cc85ec6b01bff0dd5e93a9e2fc7a4aeef00d902a12977538401419
-
Filesize
72KB
MD54d191ddbc47d454d3a6e1d5ffb0b7666
SHA10bebe56b42a1934bf57e3e7538d84fe951c74836
SHA256a8a19b3b39257b3c9c1e7e8615cfd98d9cb1f5cbe6e320dd07f9ab32cff7d48c
SHA512729b3a72570aaa6891d4bf795b1f249198e3313a13778f7ddc62cbe11a0a83908e5e0005380470fca8b7c728880e98832ab6b9dbcbdb99dbcca1af06211cfa0a
-
Filesize
72KB
MD5cb7d2272061dcf7e73b5931af5dd2f3f
SHA16b939341a8925d5850445da0859b09561a6a7a92
SHA256c74ce3d7769d5b8ce59ace9b0040db4217e2c34504e9f591a71ce6974d0c5f9b
SHA512a9452e3f2116ca09852d9fa4a533c8138ab813a535150e1aea12cd39e758b37871cf3397304ea518bcffb4f83a69fc57647bc34b95c25d8751161f74a9f422fb
-
Filesize
72KB
MD5cb7d2272061dcf7e73b5931af5dd2f3f
SHA16b939341a8925d5850445da0859b09561a6a7a92
SHA256c74ce3d7769d5b8ce59ace9b0040db4217e2c34504e9f591a71ce6974d0c5f9b
SHA512a9452e3f2116ca09852d9fa4a533c8138ab813a535150e1aea12cd39e758b37871cf3397304ea518bcffb4f83a69fc57647bc34b95c25d8751161f74a9f422fb
-
Filesize
72KB
MD5b29548c4756bf7f4a26bb4b0e6bc27b4
SHA1f1fba41c37b567008f42dea6a75a6a326f122d36
SHA256383ff404b9ef199f2ac3a80735b433d98b4bef8dc886c5c5e984e1e25624b4b3
SHA512300dd247d0b89794610a4802d3f4624fb1f78ae4b7bcfffd8f6fc896486c3142a57ad489f4e1a92ec69acd6e3bbefcc4d8eb8c50e85c3ff2254a3e962e6a8d7a
-
Filesize
72KB
MD5b29548c4756bf7f4a26bb4b0e6bc27b4
SHA1f1fba41c37b567008f42dea6a75a6a326f122d36
SHA256383ff404b9ef199f2ac3a80735b433d98b4bef8dc886c5c5e984e1e25624b4b3
SHA512300dd247d0b89794610a4802d3f4624fb1f78ae4b7bcfffd8f6fc896486c3142a57ad489f4e1a92ec69acd6e3bbefcc4d8eb8c50e85c3ff2254a3e962e6a8d7a
-
Filesize
72KB
MD55e0cbbe4fc6de01e668c3389cda0e7ff
SHA1670bbb2d1d13e99ee61666ad2f207bd0ed23602d
SHA2569a554c5ab2ffbc2c52a901e9c6cb511cb6d6a716f509aa2c521b20da9fb9764b
SHA512e4d2d6ab13246e68c678f034e88f451ff0084ca12bccf43969bcab3f9d9344a8cee7f54e976a99a21eb2ed3677db8775c37639ae4116da4c16df50009bec1763
-
Filesize
72KB
MD55e0cbbe4fc6de01e668c3389cda0e7ff
SHA1670bbb2d1d13e99ee61666ad2f207bd0ed23602d
SHA2569a554c5ab2ffbc2c52a901e9c6cb511cb6d6a716f509aa2c521b20da9fb9764b
SHA512e4d2d6ab13246e68c678f034e88f451ff0084ca12bccf43969bcab3f9d9344a8cee7f54e976a99a21eb2ed3677db8775c37639ae4116da4c16df50009bec1763
-
Filesize
72KB
MD5b55bac69d4642dfd2c6fe0d5e6330e76
SHA18785f517219ae5a411d08ca8cc523f6a3a53113c
SHA256d81dab41fd3a0ff7b6f6897b290238fe916c2495c7e7ec09247104b28d822957
SHA51278d9707028359695229815de68734c48817213b7fba8243fc345dfbdfca1c4a9388fe24f2157d6ca7c7744dda976a75236d48fe5c717ed9b430f5b29bcf1c4f6
-
Filesize
72KB
MD5b55bac69d4642dfd2c6fe0d5e6330e76
SHA18785f517219ae5a411d08ca8cc523f6a3a53113c
SHA256d81dab41fd3a0ff7b6f6897b290238fe916c2495c7e7ec09247104b28d822957
SHA51278d9707028359695229815de68734c48817213b7fba8243fc345dfbdfca1c4a9388fe24f2157d6ca7c7744dda976a75236d48fe5c717ed9b430f5b29bcf1c4f6
-
Filesize
72KB
MD54d5c4c9eabdcb2e0c3b22cb0029e00e9
SHA1802e438f42e7fe52368d1a4bfeeffbd121077d07
SHA256ddc7fc1b011992639d1c7be6184d9dd904df038a153d155aeef40370e449d907
SHA512d7d345a8afb43b62a9399200f57dc39de6b37f30d74f52f4111f0da769e909e84ed720dc89b4b105e8f5825fe7b470ce9f3d56595f8fe7e1cb43c4f45a652c27
-
Filesize
72KB
MD54d5c4c9eabdcb2e0c3b22cb0029e00e9
SHA1802e438f42e7fe52368d1a4bfeeffbd121077d07
SHA256ddc7fc1b011992639d1c7be6184d9dd904df038a153d155aeef40370e449d907
SHA512d7d345a8afb43b62a9399200f57dc39de6b37f30d74f52f4111f0da769e909e84ed720dc89b4b105e8f5825fe7b470ce9f3d56595f8fe7e1cb43c4f45a652c27
-
Filesize
72KB
MD5b55bac69d4642dfd2c6fe0d5e6330e76
SHA18785f517219ae5a411d08ca8cc523f6a3a53113c
SHA256d81dab41fd3a0ff7b6f6897b290238fe916c2495c7e7ec09247104b28d822957
SHA51278d9707028359695229815de68734c48817213b7fba8243fc345dfbdfca1c4a9388fe24f2157d6ca7c7744dda976a75236d48fe5c717ed9b430f5b29bcf1c4f6
-
Filesize
72KB
MD54d5c4c9eabdcb2e0c3b22cb0029e00e9
SHA1802e438f42e7fe52368d1a4bfeeffbd121077d07
SHA256ddc7fc1b011992639d1c7be6184d9dd904df038a153d155aeef40370e449d907
SHA512d7d345a8afb43b62a9399200f57dc39de6b37f30d74f52f4111f0da769e909e84ed720dc89b4b105e8f5825fe7b470ce9f3d56595f8fe7e1cb43c4f45a652c27
-
Filesize
72KB
MD51feed94a5ac28def973cd1496a7be2c0
SHA15c817348de4c44c3b86375e8ae0d8ba2e2273ed6
SHA256204c8e70335425e336f135ca262574fd445aa9813aa9f755094c1ef58d0ef842
SHA5122b402dfef12bacf9fa294d5f95e858daf47976f1bb7c8ab59432c7f7b6e13f63f21425d8ab9a15b6118ec2649d51b84de6022fc2b80a628b7bd55204e186d182
-
Filesize
72KB
MD51feed94a5ac28def973cd1496a7be2c0
SHA15c817348de4c44c3b86375e8ae0d8ba2e2273ed6
SHA256204c8e70335425e336f135ca262574fd445aa9813aa9f755094c1ef58d0ef842
SHA5122b402dfef12bacf9fa294d5f95e858daf47976f1bb7c8ab59432c7f7b6e13f63f21425d8ab9a15b6118ec2649d51b84de6022fc2b80a628b7bd55204e186d182
-
Filesize
72KB
MD57a287d6c325d2c2d44dfa0319e52f00e
SHA1bb836071be73acd355a9dcdeca67e624ad2811d9
SHA256c278e2b266eaf5bb06e4a828aeaa9738d7533d0acecad6c79fcaeb08b747c3b9
SHA512ba01d1435a13a5878c7a900be90c8554f8d4575fabb45fe1e7792228d027afa2a34e4f6b4a143fd555aa1ab868168b2c111a86c159a4cf6a6f798f5dd9947105
-
Filesize
72KB
MD57a287d6c325d2c2d44dfa0319e52f00e
SHA1bb836071be73acd355a9dcdeca67e624ad2811d9
SHA256c278e2b266eaf5bb06e4a828aeaa9738d7533d0acecad6c79fcaeb08b747c3b9
SHA512ba01d1435a13a5878c7a900be90c8554f8d4575fabb45fe1e7792228d027afa2a34e4f6b4a143fd555aa1ab868168b2c111a86c159a4cf6a6f798f5dd9947105
-
Filesize
72KB
MD544c607858c51a387f8f9db4f4568c57a
SHA10c12758465cda86471a844626a8d16aaf1b75e92
SHA2561dd831722c0c98db31f5065447f750551fe4507983e2a44f7055d48820ff3ce9
SHA5127d855397e9d705f6a6a6f42177b5b2244e93f928a4b15c84c21d36408430e6e4eaba59f08ba8cefeb3f66e59ac25fe7a7aef360aa93d8c2f2f32050110753eb6
-
Filesize
72KB
MD544c607858c51a387f8f9db4f4568c57a
SHA10c12758465cda86471a844626a8d16aaf1b75e92
SHA2561dd831722c0c98db31f5065447f750551fe4507983e2a44f7055d48820ff3ce9
SHA5127d855397e9d705f6a6a6f42177b5b2244e93f928a4b15c84c21d36408430e6e4eaba59f08ba8cefeb3f66e59ac25fe7a7aef360aa93d8c2f2f32050110753eb6
-
Filesize
72KB
MD5d26465bb4dab5e07d0c7f24c070ba1c8
SHA10b648644a2c442cbe4e1e57a36fcd1411ecd7f10
SHA2567a00cf2a1d20df617cb438e75743577c7ca70ab597165d1c70513871ed2aee7c
SHA512f59a6f27d3848706d25b12b6aabdd228bff2600f3d4f7adcbf69866bde70c6f7708004639b8f47a38dfaaf9d7fd4c795bc5741935c14a3de3ec7a173137312ab
-
Filesize
72KB
MD5d26465bb4dab5e07d0c7f24c070ba1c8
SHA10b648644a2c442cbe4e1e57a36fcd1411ecd7f10
SHA2567a00cf2a1d20df617cb438e75743577c7ca70ab597165d1c70513871ed2aee7c
SHA512f59a6f27d3848706d25b12b6aabdd228bff2600f3d4f7adcbf69866bde70c6f7708004639b8f47a38dfaaf9d7fd4c795bc5741935c14a3de3ec7a173137312ab
-
Filesize
72KB
MD55d769650e477fd8ccff4c0009908d0d6
SHA1e60b768de34cebe98d728b7c3c70f56c4fba1084
SHA25621e01b2315a7a7e674b5e15f64daeb1b3b736bfa01e9b98947b221047c72d368
SHA5125b99ae0733d12ed1964c56f8311199492e4cc1ae1fcbad147a1bd629ecaa7df202afd95a00b43a5b243e288cf9aeee877e74ba641553a7ff275a2a37725d265e
-
Filesize
72KB
MD55d769650e477fd8ccff4c0009908d0d6
SHA1e60b768de34cebe98d728b7c3c70f56c4fba1084
SHA25621e01b2315a7a7e674b5e15f64daeb1b3b736bfa01e9b98947b221047c72d368
SHA5125b99ae0733d12ed1964c56f8311199492e4cc1ae1fcbad147a1bd629ecaa7df202afd95a00b43a5b243e288cf9aeee877e74ba641553a7ff275a2a37725d265e
-
Filesize
72KB
MD51475046c1f89bdb1f702e40abbd5c4b2
SHA1c78eebe785999211f601ed7069b74f0d4c8604d2
SHA2562331b058566d66520dfc6925ec54d9f9010a4ada2dff449745e60e498d9b2e89
SHA5127a759184afd665fd589198c12cf12180180a1c684c8ac14ee761e291610651d4f2f4cc6069cc85ec6b01bff0dd5e93a9e2fc7a4aeef00d902a12977538401419
-
Filesize
72KB
MD51475046c1f89bdb1f702e40abbd5c4b2
SHA1c78eebe785999211f601ed7069b74f0d4c8604d2
SHA2562331b058566d66520dfc6925ec54d9f9010a4ada2dff449745e60e498d9b2e89
SHA5127a759184afd665fd589198c12cf12180180a1c684c8ac14ee761e291610651d4f2f4cc6069cc85ec6b01bff0dd5e93a9e2fc7a4aeef00d902a12977538401419
-
Filesize
72KB
MD5703c6374eb6d7d4b2a3dc30b6910b8f7
SHA1c57deb8f4d2d64078787aaf7eaf4669b5b3b888c
SHA256eed1d23f401a3fc7a2e84c072607b1a6aa37a88d2a9954a304b0f0c20ed8f9ba
SHA512e8b95283b20d30a9d56a95d2c69a951283fd72535bf0b80535a3649aaab7fead9d0be19772845d59ed00f39376d5ebe88d25d6684ac84dac23907c94887f33b4
-
Filesize
72KB
MD5703c6374eb6d7d4b2a3dc30b6910b8f7
SHA1c57deb8f4d2d64078787aaf7eaf4669b5b3b888c
SHA256eed1d23f401a3fc7a2e84c072607b1a6aa37a88d2a9954a304b0f0c20ed8f9ba
SHA512e8b95283b20d30a9d56a95d2c69a951283fd72535bf0b80535a3649aaab7fead9d0be19772845d59ed00f39376d5ebe88d25d6684ac84dac23907c94887f33b4
-
Filesize
72KB
MD54d191ddbc47d454d3a6e1d5ffb0b7666
SHA10bebe56b42a1934bf57e3e7538d84fe951c74836
SHA256a8a19b3b39257b3c9c1e7e8615cfd98d9cb1f5cbe6e320dd07f9ab32cff7d48c
SHA512729b3a72570aaa6891d4bf795b1f249198e3313a13778f7ddc62cbe11a0a83908e5e0005380470fca8b7c728880e98832ab6b9dbcbdb99dbcca1af06211cfa0a
-
Filesize
72KB
MD54d191ddbc47d454d3a6e1d5ffb0b7666
SHA10bebe56b42a1934bf57e3e7538d84fe951c74836
SHA256a8a19b3b39257b3c9c1e7e8615cfd98d9cb1f5cbe6e320dd07f9ab32cff7d48c
SHA512729b3a72570aaa6891d4bf795b1f249198e3313a13778f7ddc62cbe11a0a83908e5e0005380470fca8b7c728880e98832ab6b9dbcbdb99dbcca1af06211cfa0a
-
Filesize
72KB
MD51475046c1f89bdb1f702e40abbd5c4b2
SHA1c78eebe785999211f601ed7069b74f0d4c8604d2
SHA2562331b058566d66520dfc6925ec54d9f9010a4ada2dff449745e60e498d9b2e89
SHA5127a759184afd665fd589198c12cf12180180a1c684c8ac14ee761e291610651d4f2f4cc6069cc85ec6b01bff0dd5e93a9e2fc7a4aeef00d902a12977538401419
-
Filesize
72KB
MD51475046c1f89bdb1f702e40abbd5c4b2
SHA1c78eebe785999211f601ed7069b74f0d4c8604d2
SHA2562331b058566d66520dfc6925ec54d9f9010a4ada2dff449745e60e498d9b2e89
SHA5127a759184afd665fd589198c12cf12180180a1c684c8ac14ee761e291610651d4f2f4cc6069cc85ec6b01bff0dd5e93a9e2fc7a4aeef00d902a12977538401419
-
Filesize
72KB
MD54d191ddbc47d454d3a6e1d5ffb0b7666
SHA10bebe56b42a1934bf57e3e7538d84fe951c74836
SHA256a8a19b3b39257b3c9c1e7e8615cfd98d9cb1f5cbe6e320dd07f9ab32cff7d48c
SHA512729b3a72570aaa6891d4bf795b1f249198e3313a13778f7ddc62cbe11a0a83908e5e0005380470fca8b7c728880e98832ab6b9dbcbdb99dbcca1af06211cfa0a
-
Filesize
72KB
MD54d191ddbc47d454d3a6e1d5ffb0b7666
SHA10bebe56b42a1934bf57e3e7538d84fe951c74836
SHA256a8a19b3b39257b3c9c1e7e8615cfd98d9cb1f5cbe6e320dd07f9ab32cff7d48c
SHA512729b3a72570aaa6891d4bf795b1f249198e3313a13778f7ddc62cbe11a0a83908e5e0005380470fca8b7c728880e98832ab6b9dbcbdb99dbcca1af06211cfa0a
-
Filesize
72KB
MD54d191ddbc47d454d3a6e1d5ffb0b7666
SHA10bebe56b42a1934bf57e3e7538d84fe951c74836
SHA256a8a19b3b39257b3c9c1e7e8615cfd98d9cb1f5cbe6e320dd07f9ab32cff7d48c
SHA512729b3a72570aaa6891d4bf795b1f249198e3313a13778f7ddc62cbe11a0a83908e5e0005380470fca8b7c728880e98832ab6b9dbcbdb99dbcca1af06211cfa0a
-
Filesize
72KB
MD5cb7d2272061dcf7e73b5931af5dd2f3f
SHA16b939341a8925d5850445da0859b09561a6a7a92
SHA256c74ce3d7769d5b8ce59ace9b0040db4217e2c34504e9f591a71ce6974d0c5f9b
SHA512a9452e3f2116ca09852d9fa4a533c8138ab813a535150e1aea12cd39e758b37871cf3397304ea518bcffb4f83a69fc57647bc34b95c25d8751161f74a9f422fb
-
Filesize
72KB
MD5cb7d2272061dcf7e73b5931af5dd2f3f
SHA16b939341a8925d5850445da0859b09561a6a7a92
SHA256c74ce3d7769d5b8ce59ace9b0040db4217e2c34504e9f591a71ce6974d0c5f9b
SHA512a9452e3f2116ca09852d9fa4a533c8138ab813a535150e1aea12cd39e758b37871cf3397304ea518bcffb4f83a69fc57647bc34b95c25d8751161f74a9f422fb
-
Filesize
72KB
MD5b29548c4756bf7f4a26bb4b0e6bc27b4
SHA1f1fba41c37b567008f42dea6a75a6a326f122d36
SHA256383ff404b9ef199f2ac3a80735b433d98b4bef8dc886c5c5e984e1e25624b4b3
SHA512300dd247d0b89794610a4802d3f4624fb1f78ae4b7bcfffd8f6fc896486c3142a57ad489f4e1a92ec69acd6e3bbefcc4d8eb8c50e85c3ff2254a3e962e6a8d7a
-
Filesize
72KB
MD5b29548c4756bf7f4a26bb4b0e6bc27b4
SHA1f1fba41c37b567008f42dea6a75a6a326f122d36
SHA256383ff404b9ef199f2ac3a80735b433d98b4bef8dc886c5c5e984e1e25624b4b3
SHA512300dd247d0b89794610a4802d3f4624fb1f78ae4b7bcfffd8f6fc896486c3142a57ad489f4e1a92ec69acd6e3bbefcc4d8eb8c50e85c3ff2254a3e962e6a8d7a
-
Filesize
72KB
MD55e0cbbe4fc6de01e668c3389cda0e7ff
SHA1670bbb2d1d13e99ee61666ad2f207bd0ed23602d
SHA2569a554c5ab2ffbc2c52a901e9c6cb511cb6d6a716f509aa2c521b20da9fb9764b
SHA512e4d2d6ab13246e68c678f034e88f451ff0084ca12bccf43969bcab3f9d9344a8cee7f54e976a99a21eb2ed3677db8775c37639ae4116da4c16df50009bec1763
-
Filesize
72KB
MD55e0cbbe4fc6de01e668c3389cda0e7ff
SHA1670bbb2d1d13e99ee61666ad2f207bd0ed23602d
SHA2569a554c5ab2ffbc2c52a901e9c6cb511cb6d6a716f509aa2c521b20da9fb9764b
SHA512e4d2d6ab13246e68c678f034e88f451ff0084ca12bccf43969bcab3f9d9344a8cee7f54e976a99a21eb2ed3677db8775c37639ae4116da4c16df50009bec1763
-
Filesize
72KB
MD5b55bac69d4642dfd2c6fe0d5e6330e76
SHA18785f517219ae5a411d08ca8cc523f6a3a53113c
SHA256d81dab41fd3a0ff7b6f6897b290238fe916c2495c7e7ec09247104b28d822957
SHA51278d9707028359695229815de68734c48817213b7fba8243fc345dfbdfca1c4a9388fe24f2157d6ca7c7744dda976a75236d48fe5c717ed9b430f5b29bcf1c4f6
-
Filesize
72KB
MD5b55bac69d4642dfd2c6fe0d5e6330e76
SHA18785f517219ae5a411d08ca8cc523f6a3a53113c
SHA256d81dab41fd3a0ff7b6f6897b290238fe916c2495c7e7ec09247104b28d822957
SHA51278d9707028359695229815de68734c48817213b7fba8243fc345dfbdfca1c4a9388fe24f2157d6ca7c7744dda976a75236d48fe5c717ed9b430f5b29bcf1c4f6
-
Filesize
72KB
MD5b55bac69d4642dfd2c6fe0d5e6330e76
SHA18785f517219ae5a411d08ca8cc523f6a3a53113c
SHA256d81dab41fd3a0ff7b6f6897b290238fe916c2495c7e7ec09247104b28d822957
SHA51278d9707028359695229815de68734c48817213b7fba8243fc345dfbdfca1c4a9388fe24f2157d6ca7c7744dda976a75236d48fe5c717ed9b430f5b29bcf1c4f6
-
Filesize
72KB
MD5b55bac69d4642dfd2c6fe0d5e6330e76
SHA18785f517219ae5a411d08ca8cc523f6a3a53113c
SHA256d81dab41fd3a0ff7b6f6897b290238fe916c2495c7e7ec09247104b28d822957
SHA51278d9707028359695229815de68734c48817213b7fba8243fc345dfbdfca1c4a9388fe24f2157d6ca7c7744dda976a75236d48fe5c717ed9b430f5b29bcf1c4f6
-
Filesize
72KB
MD54d5c4c9eabdcb2e0c3b22cb0029e00e9
SHA1802e438f42e7fe52368d1a4bfeeffbd121077d07
SHA256ddc7fc1b011992639d1c7be6184d9dd904df038a153d155aeef40370e449d907
SHA512d7d345a8afb43b62a9399200f57dc39de6b37f30d74f52f4111f0da769e909e84ed720dc89b4b105e8f5825fe7b470ce9f3d56595f8fe7e1cb43c4f45a652c27
-
Filesize
72KB
MD54d5c4c9eabdcb2e0c3b22cb0029e00e9
SHA1802e438f42e7fe52368d1a4bfeeffbd121077d07
SHA256ddc7fc1b011992639d1c7be6184d9dd904df038a153d155aeef40370e449d907
SHA512d7d345a8afb43b62a9399200f57dc39de6b37f30d74f52f4111f0da769e909e84ed720dc89b4b105e8f5825fe7b470ce9f3d56595f8fe7e1cb43c4f45a652c27
-
Filesize
72KB
MD54d5c4c9eabdcb2e0c3b22cb0029e00e9
SHA1802e438f42e7fe52368d1a4bfeeffbd121077d07
SHA256ddc7fc1b011992639d1c7be6184d9dd904df038a153d155aeef40370e449d907
SHA512d7d345a8afb43b62a9399200f57dc39de6b37f30d74f52f4111f0da769e909e84ed720dc89b4b105e8f5825fe7b470ce9f3d56595f8fe7e1cb43c4f45a652c27
-
Filesize
72KB
MD54d5c4c9eabdcb2e0c3b22cb0029e00e9
SHA1802e438f42e7fe52368d1a4bfeeffbd121077d07
SHA256ddc7fc1b011992639d1c7be6184d9dd904df038a153d155aeef40370e449d907
SHA512d7d345a8afb43b62a9399200f57dc39de6b37f30d74f52f4111f0da769e909e84ed720dc89b4b105e8f5825fe7b470ce9f3d56595f8fe7e1cb43c4f45a652c27
-
Filesize
72KB
MD5b55bac69d4642dfd2c6fe0d5e6330e76
SHA18785f517219ae5a411d08ca8cc523f6a3a53113c
SHA256d81dab41fd3a0ff7b6f6897b290238fe916c2495c7e7ec09247104b28d822957
SHA51278d9707028359695229815de68734c48817213b7fba8243fc345dfbdfca1c4a9388fe24f2157d6ca7c7744dda976a75236d48fe5c717ed9b430f5b29bcf1c4f6
-
Filesize
72KB
MD5b55bac69d4642dfd2c6fe0d5e6330e76
SHA18785f517219ae5a411d08ca8cc523f6a3a53113c
SHA256d81dab41fd3a0ff7b6f6897b290238fe916c2495c7e7ec09247104b28d822957
SHA51278d9707028359695229815de68734c48817213b7fba8243fc345dfbdfca1c4a9388fe24f2157d6ca7c7744dda976a75236d48fe5c717ed9b430f5b29bcf1c4f6
-
Filesize
72KB
MD54d5c4c9eabdcb2e0c3b22cb0029e00e9
SHA1802e438f42e7fe52368d1a4bfeeffbd121077d07
SHA256ddc7fc1b011992639d1c7be6184d9dd904df038a153d155aeef40370e449d907
SHA512d7d345a8afb43b62a9399200f57dc39de6b37f30d74f52f4111f0da769e909e84ed720dc89b4b105e8f5825fe7b470ce9f3d56595f8fe7e1cb43c4f45a652c27
-
Filesize
72KB
MD54d5c4c9eabdcb2e0c3b22cb0029e00e9
SHA1802e438f42e7fe52368d1a4bfeeffbd121077d07
SHA256ddc7fc1b011992639d1c7be6184d9dd904df038a153d155aeef40370e449d907
SHA512d7d345a8afb43b62a9399200f57dc39de6b37f30d74f52f4111f0da769e909e84ed720dc89b4b105e8f5825fe7b470ce9f3d56595f8fe7e1cb43c4f45a652c27
-
Filesize
8KB