Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
193s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
30/10/2022, 05:10
General
-
Target
52d85b577ef7e24651f292d40879e953493130256bbfa90a6942a1b49574821c.exe
-
Size
72KB
-
MD5
939e8636e167e07623e0cfd085385e19
-
SHA1
00be15f3e585a6105ccdcf537fb0aaef7c304578
-
SHA256
52d85b577ef7e24651f292d40879e953493130256bbfa90a6942a1b49574821c
-
SHA512
ee4c45beedebbcf147afb7c56c66874057d15f018eb2a977f8b2450f253e02d2bc612a8e45ba9a4afe7afb50e3c16116efd4ab8e8bc3007e7d6bb2d9348f1554
-
SSDEEP
768:rpQNwC3BEc4QEfu0Ei8XxNDINE3BEJwRr9U:teThavEjDWguK9U
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\52d85b577ef7e24651f292d40879e953493130256bbfa90a6942a1b49574821c.exe"C:\Users\Admin\AppData\Local\Temp\52d85b577ef7e24651f292d40879e953493130256bbfa90a6942a1b49574821c.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\3327856717\backup.exeC:\Users\Admin\AppData\Local\Temp\3327856717\backup.exe C:\Users\Admin\AppData\Local\Temp\3327856717\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\data.exeC:\PerfLogs\data.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\data.exe"C:\Program Files\Common Files\Microsoft Shared\data.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\update.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
-
C:\Program Files\Common Files\Services\System Restore.exe"C:\Program Files\Common Files\Services\System Restore.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\update.exe"C:\Program Files\DVD Maker\de-DE\update.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\data.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\data.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\data.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\data.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\data.exeC:\Users\Admin\data.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\update.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\update.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD56752efd716f845d596d26be77762f6cd
SHA156b95c35d2b55b0460e2bb0ce6b757cfb3aefb83
SHA256dca50b36a77a361cfa42cce701cc8d0b5fe21ca601b1989fa69128c1f48b2941
SHA512a0c6f715f0ca547e797aa939281bdaba2316a3248213cc3d3715f85fba8f0b2535177d8331ee67e46231237f3d2a7995b4cd3b02f9a734ab1de8003af2f4b018
-
Filesize
72KB
MD56f55b40baaf20d7ed1b01ac998df0b69
SHA1b0827cfba9f68007a1acf92cba62f26166a921de
SHA256642663136ffe463cf9ddd5dfab026230b209d04d02a3518a0588964d5cbc8016
SHA5120d18b1ac560840bdbafc913f8678e971e267bafd56772b7957e241d85204b33ca5fb0d1dba1908e7432d1a50c55319137431ea16729e42557c894d3364979bae
-
Filesize
72KB
MD56f55b40baaf20d7ed1b01ac998df0b69
SHA1b0827cfba9f68007a1acf92cba62f26166a921de
SHA256642663136ffe463cf9ddd5dfab026230b209d04d02a3518a0588964d5cbc8016
SHA5120d18b1ac560840bdbafc913f8678e971e267bafd56772b7957e241d85204b33ca5fb0d1dba1908e7432d1a50c55319137431ea16729e42557c894d3364979bae
-
Filesize
72KB
MD5a6d4ee84304844391381ee0a9f0cac6d
SHA164d04ea687a64ce4193edcb3a4f33e3a5b5da194
SHA256e154a5e9caba5f69be35ddaff5590bade846fac505097bd6c23e7e0f27e5bd4c
SHA512d2d0eba0b8d1fceac488cafd7a1a12afca4dc4bd8a2769cfd770a1cfea201765b0fe09b85db06b3d11fff6e0910a24b008a3c2e15308153c8f1ef06f622d4d60
-
Filesize
72KB
MD54ffcc2d88a607870fa92fad2e9bcc446
SHA1eee3d4da092c1080cd847d5665345fc4d78eac18
SHA256b9ce0d32f12ad311fa3680e7f1542a8ccb8558bdcf94bc6bfc05a934e0f6ed70
SHA512eed026bf0a2b54c083e9881e9690d7fbf33537c401da204115372f2160af1c5248704de2cbc3a3adf6b4610b8905b73d3899bba94a31e760638458439fd9117b
-
Filesize
72KB
MD54ffcc2d88a607870fa92fad2e9bcc446
SHA1eee3d4da092c1080cd847d5665345fc4d78eac18
SHA256b9ce0d32f12ad311fa3680e7f1542a8ccb8558bdcf94bc6bfc05a934e0f6ed70
SHA512eed026bf0a2b54c083e9881e9690d7fbf33537c401da204115372f2160af1c5248704de2cbc3a3adf6b4610b8905b73d3899bba94a31e760638458439fd9117b
-
Filesize
72KB
MD548fc839c3782f55cf05eba50d6242824
SHA1818c26a76ca225ac552fb1af5f7f36541c000730
SHA256bf2907f72e9179c47d2fa4e304f8c5359553c1ef574899050529f05d5eaff6f8
SHA51253ddb1ca3aeab61d39c67927dff717d9498359140a2a1145d5eca8ef7e7f34a29065c595346fb07254dc65525295cccee1d3dddd8efe51f331b9d6dfaf8be0ee
-
Filesize
72KB
MD5f46704ceaf13e724eaa0a29a73511092
SHA18a1b0a7b4e26c01fa809fab87ce9aa662e104df0
SHA256f37eaa3d55d3e4a5d36d0d206d232135ec7755e54da3941a290833225ae9215d
SHA5125e793c27a529794fc8918a2f1001e7b898d04d20175e42e6ea2418c4a5047e8ea005654a84c8999370a00199a5e4c76d8451c63597655696e7bd493ed8a2439a
-
Filesize
72KB
MD5f46704ceaf13e724eaa0a29a73511092
SHA18a1b0a7b4e26c01fa809fab87ce9aa662e104df0
SHA256f37eaa3d55d3e4a5d36d0d206d232135ec7755e54da3941a290833225ae9215d
SHA5125e793c27a529794fc8918a2f1001e7b898d04d20175e42e6ea2418c4a5047e8ea005654a84c8999370a00199a5e4c76d8451c63597655696e7bd493ed8a2439a
-
Filesize
72KB
MD5655a3d3ce80f369224f9b7923fe667ae
SHA137d22695a68700cce5784965209f59aaa6eba924
SHA25690626e96a754372c579273fbf474833c2331adbcd52a8825ed28f1e9fc109c54
SHA512ec41ff07a6671176eebf38a3acccd550499fec7a726acc20163f10ea680adc250324e6a80aa1e89f47d3d7e576c83de61a423eb6da5d88e3cf658973dae3bdc9
-
Filesize
72KB
MD548fc839c3782f55cf05eba50d6242824
SHA1818c26a76ca225ac552fb1af5f7f36541c000730
SHA256bf2907f72e9179c47d2fa4e304f8c5359553c1ef574899050529f05d5eaff6f8
SHA51253ddb1ca3aeab61d39c67927dff717d9498359140a2a1145d5eca8ef7e7f34a29065c595346fb07254dc65525295cccee1d3dddd8efe51f331b9d6dfaf8be0ee
-
Filesize
72KB
MD548fc839c3782f55cf05eba50d6242824
SHA1818c26a76ca225ac552fb1af5f7f36541c000730
SHA256bf2907f72e9179c47d2fa4e304f8c5359553c1ef574899050529f05d5eaff6f8
SHA51253ddb1ca3aeab61d39c67927dff717d9498359140a2a1145d5eca8ef7e7f34a29065c595346fb07254dc65525295cccee1d3dddd8efe51f331b9d6dfaf8be0ee
-
Filesize
72KB
MD5d1d72d6f98b7589c7a3caad67148619a
SHA1623befbdfa2611b7b37aed30d16be18ec24e9fd9
SHA25600c6fb7feb130e405d4e105ac9de90be7816387513d25521295393de56be986d
SHA5124af97e166746c100ee1f2bf337444442639456de832056727f96e5da6eca37cc5327a89bafc155dc9ccd5ae80388316a8a739a523f9f333ad2d651dd529a0752
-
Filesize
72KB
MD5d1d72d6f98b7589c7a3caad67148619a
SHA1623befbdfa2611b7b37aed30d16be18ec24e9fd9
SHA25600c6fb7feb130e405d4e105ac9de90be7816387513d25521295393de56be986d
SHA5124af97e166746c100ee1f2bf337444442639456de832056727f96e5da6eca37cc5327a89bafc155dc9ccd5ae80388316a8a739a523f9f333ad2d651dd529a0752
-
Filesize
72KB
MD51127e3b7c520ea8d3400d1c6ff5669af
SHA172d9d15114eda1e2a55c541c41ec1281b5b145ee
SHA2565c451430be97273577da86c2b877e719c2157960a68ac06c6e814088e8f7ae88
SHA5120b238b54e7f2bdb48031bb3cc827805d5a0ea3cd6d2bf42dede9ac606bca57a1eba9d48ebb2feaff1f34059e645ab022ba81488c1ef864b819bc8fbc724048c8
-
Filesize
72KB
MD51127e3b7c520ea8d3400d1c6ff5669af
SHA172d9d15114eda1e2a55c541c41ec1281b5b145ee
SHA2565c451430be97273577da86c2b877e719c2157960a68ac06c6e814088e8f7ae88
SHA5120b238b54e7f2bdb48031bb3cc827805d5a0ea3cd6d2bf42dede9ac606bca57a1eba9d48ebb2feaff1f34059e645ab022ba81488c1ef864b819bc8fbc724048c8
-
Filesize
72KB
MD5b1b5ef3496b67d7f3827d5f0911db21d
SHA184d1152b2a2770f9a908ffdec420fef1e346a9b6
SHA2566371a651afb0020aea7287ab2e7b82770e3ba616f22d3f56f611b8709ad1440c
SHA512bafa2adefb3ab175343e03528075bb07c785c5379d3f5aa41322c7e967046f37814b7be6e4a5523c5d3705b4509309ab845e0bdf22e1a973bdb3f16f5cbc3dc3
-
Filesize
72KB
MD5b1b5ef3496b67d7f3827d5f0911db21d
SHA184d1152b2a2770f9a908ffdec420fef1e346a9b6
SHA2566371a651afb0020aea7287ab2e7b82770e3ba616f22d3f56f611b8709ad1440c
SHA512bafa2adefb3ab175343e03528075bb07c785c5379d3f5aa41322c7e967046f37814b7be6e4a5523c5d3705b4509309ab845e0bdf22e1a973bdb3f16f5cbc3dc3
-
Filesize
72KB
MD52d4c7c20f60b3f00da29d670e856569a
SHA19783a83f8c24713f640f4dc676844e00f287ae94
SHA2566063d081503f7c6b2f27ab68eb5160ffd3ae03b34ff62ef3cce0f3473f11ba82
SHA5125b909de615cfa3ec38824e2d15e9cb189bf1bef5dcb9a3c21fbd93a848120f4479340484b06029b34f34ad51b314b73102acb0b499942fa7ff1c352a1d30284a
-
Filesize
72KB
MD52d4c7c20f60b3f00da29d670e856569a
SHA19783a83f8c24713f640f4dc676844e00f287ae94
SHA2566063d081503f7c6b2f27ab68eb5160ffd3ae03b34ff62ef3cce0f3473f11ba82
SHA5125b909de615cfa3ec38824e2d15e9cb189bf1bef5dcb9a3c21fbd93a848120f4479340484b06029b34f34ad51b314b73102acb0b499942fa7ff1c352a1d30284a
-
Filesize
72KB
MD56c2e93e87126388f16c091666202ab22
SHA1f071bfa329529f65c87a7f4f6ec5b713e32db599
SHA25635026b47eef28bd7b6c7b6e5b775545d0d70144a31551d2687267dae3a27f1e7
SHA512fa3f0e35162686033eb78aa74f05aaed0ceb501f77f65ad83e19b844abda121c7f7df0a44e105bcbb305a0c620381d9ebc45684b7bd2735625d5101a71d2e282
-
Filesize
72KB
MD55e84ce06ff4219374c2f94a9f86edd66
SHA16eb358b5c3acd30b1b5c14ce0107cf454fc73594
SHA256cc69beafd3bbad664b50b3009aadfc65e41eec17e91925c1dd349b7f1000174c
SHA51216b70873d7e33d4c0a2b4000b6e15d3a122157c7205d5148bcd388faa489074f896ef4d90f22fb1af13c999694ac44261e520a48e469c2a037fed980dc9b0962
-
Filesize
72KB
MD52d4c7c20f60b3f00da29d670e856569a
SHA19783a83f8c24713f640f4dc676844e00f287ae94
SHA2566063d081503f7c6b2f27ab68eb5160ffd3ae03b34ff62ef3cce0f3473f11ba82
SHA5125b909de615cfa3ec38824e2d15e9cb189bf1bef5dcb9a3c21fbd93a848120f4479340484b06029b34f34ad51b314b73102acb0b499942fa7ff1c352a1d30284a
-
Filesize
72KB
MD56c2e93e87126388f16c091666202ab22
SHA1f071bfa329529f65c87a7f4f6ec5b713e32db599
SHA25635026b47eef28bd7b6c7b6e5b775545d0d70144a31551d2687267dae3a27f1e7
SHA512fa3f0e35162686033eb78aa74f05aaed0ceb501f77f65ad83e19b844abda121c7f7df0a44e105bcbb305a0c620381d9ebc45684b7bd2735625d5101a71d2e282
-
Filesize
72KB
MD56c2e93e87126388f16c091666202ab22
SHA1f071bfa329529f65c87a7f4f6ec5b713e32db599
SHA25635026b47eef28bd7b6c7b6e5b775545d0d70144a31551d2687267dae3a27f1e7
SHA512fa3f0e35162686033eb78aa74f05aaed0ceb501f77f65ad83e19b844abda121c7f7df0a44e105bcbb305a0c620381d9ebc45684b7bd2735625d5101a71d2e282
-
Filesize
72KB
MD5693c2b5b6e8d4e3b12a21f2565b3d829
SHA1af53f724f576decb1329cd9c3073e15958393a3b
SHA256e4f4949fb1421eec20ec3e6bf3695bc9544a7c86a879398b0dfd3062d06334f6
SHA5128bbdccef7ce1159a18e22c003a41884dd928a9d14ec0ff713a1aa94e8ecdb34cfcbf5115aaa4a839959843048fb2b4942d80deb1030fab2910e141e0615152eb
-
Filesize
72KB
MD5693c2b5b6e8d4e3b12a21f2565b3d829
SHA1af53f724f576decb1329cd9c3073e15958393a3b
SHA256e4f4949fb1421eec20ec3e6bf3695bc9544a7c86a879398b0dfd3062d06334f6
SHA5128bbdccef7ce1159a18e22c003a41884dd928a9d14ec0ff713a1aa94e8ecdb34cfcbf5115aaa4a839959843048fb2b4942d80deb1030fab2910e141e0615152eb
-
Filesize
72KB
MD56752efd716f845d596d26be77762f6cd
SHA156b95c35d2b55b0460e2bb0ce6b757cfb3aefb83
SHA256dca50b36a77a361cfa42cce701cc8d0b5fe21ca601b1989fa69128c1f48b2941
SHA512a0c6f715f0ca547e797aa939281bdaba2316a3248213cc3d3715f85fba8f0b2535177d8331ee67e46231237f3d2a7995b4cd3b02f9a734ab1de8003af2f4b018
-
Filesize
72KB
MD56752efd716f845d596d26be77762f6cd
SHA156b95c35d2b55b0460e2bb0ce6b757cfb3aefb83
SHA256dca50b36a77a361cfa42cce701cc8d0b5fe21ca601b1989fa69128c1f48b2941
SHA512a0c6f715f0ca547e797aa939281bdaba2316a3248213cc3d3715f85fba8f0b2535177d8331ee67e46231237f3d2a7995b4cd3b02f9a734ab1de8003af2f4b018
-
Filesize
72KB
MD56f55b40baaf20d7ed1b01ac998df0b69
SHA1b0827cfba9f68007a1acf92cba62f26166a921de
SHA256642663136ffe463cf9ddd5dfab026230b209d04d02a3518a0588964d5cbc8016
SHA5120d18b1ac560840bdbafc913f8678e971e267bafd56772b7957e241d85204b33ca5fb0d1dba1908e7432d1a50c55319137431ea16729e42557c894d3364979bae
-
Filesize
72KB
MD56f55b40baaf20d7ed1b01ac998df0b69
SHA1b0827cfba9f68007a1acf92cba62f26166a921de
SHA256642663136ffe463cf9ddd5dfab026230b209d04d02a3518a0588964d5cbc8016
SHA5120d18b1ac560840bdbafc913f8678e971e267bafd56772b7957e241d85204b33ca5fb0d1dba1908e7432d1a50c55319137431ea16729e42557c894d3364979bae
-
Filesize
72KB
MD5a6d4ee84304844391381ee0a9f0cac6d
SHA164d04ea687a64ce4193edcb3a4f33e3a5b5da194
SHA256e154a5e9caba5f69be35ddaff5590bade846fac505097bd6c23e7e0f27e5bd4c
SHA512d2d0eba0b8d1fceac488cafd7a1a12afca4dc4bd8a2769cfd770a1cfea201765b0fe09b85db06b3d11fff6e0910a24b008a3c2e15308153c8f1ef06f622d4d60
-
Filesize
72KB
MD5a6d4ee84304844391381ee0a9f0cac6d
SHA164d04ea687a64ce4193edcb3a4f33e3a5b5da194
SHA256e154a5e9caba5f69be35ddaff5590bade846fac505097bd6c23e7e0f27e5bd4c
SHA512d2d0eba0b8d1fceac488cafd7a1a12afca4dc4bd8a2769cfd770a1cfea201765b0fe09b85db06b3d11fff6e0910a24b008a3c2e15308153c8f1ef06f622d4d60
-
Filesize
72KB
MD54ffcc2d88a607870fa92fad2e9bcc446
SHA1eee3d4da092c1080cd847d5665345fc4d78eac18
SHA256b9ce0d32f12ad311fa3680e7f1542a8ccb8558bdcf94bc6bfc05a934e0f6ed70
SHA512eed026bf0a2b54c083e9881e9690d7fbf33537c401da204115372f2160af1c5248704de2cbc3a3adf6b4610b8905b73d3899bba94a31e760638458439fd9117b
-
Filesize
72KB
MD54ffcc2d88a607870fa92fad2e9bcc446
SHA1eee3d4da092c1080cd847d5665345fc4d78eac18
SHA256b9ce0d32f12ad311fa3680e7f1542a8ccb8558bdcf94bc6bfc05a934e0f6ed70
SHA512eed026bf0a2b54c083e9881e9690d7fbf33537c401da204115372f2160af1c5248704de2cbc3a3adf6b4610b8905b73d3899bba94a31e760638458439fd9117b
-
Filesize
72KB
MD548fc839c3782f55cf05eba50d6242824
SHA1818c26a76ca225ac552fb1af5f7f36541c000730
SHA256bf2907f72e9179c47d2fa4e304f8c5359553c1ef574899050529f05d5eaff6f8
SHA51253ddb1ca3aeab61d39c67927dff717d9498359140a2a1145d5eca8ef7e7f34a29065c595346fb07254dc65525295cccee1d3dddd8efe51f331b9d6dfaf8be0ee
-
Filesize
72KB
MD548fc839c3782f55cf05eba50d6242824
SHA1818c26a76ca225ac552fb1af5f7f36541c000730
SHA256bf2907f72e9179c47d2fa4e304f8c5359553c1ef574899050529f05d5eaff6f8
SHA51253ddb1ca3aeab61d39c67927dff717d9498359140a2a1145d5eca8ef7e7f34a29065c595346fb07254dc65525295cccee1d3dddd8efe51f331b9d6dfaf8be0ee
-
Filesize
72KB
MD5f46704ceaf13e724eaa0a29a73511092
SHA18a1b0a7b4e26c01fa809fab87ce9aa662e104df0
SHA256f37eaa3d55d3e4a5d36d0d206d232135ec7755e54da3941a290833225ae9215d
SHA5125e793c27a529794fc8918a2f1001e7b898d04d20175e42e6ea2418c4a5047e8ea005654a84c8999370a00199a5e4c76d8451c63597655696e7bd493ed8a2439a
-
Filesize
72KB
MD5f46704ceaf13e724eaa0a29a73511092
SHA18a1b0a7b4e26c01fa809fab87ce9aa662e104df0
SHA256f37eaa3d55d3e4a5d36d0d206d232135ec7755e54da3941a290833225ae9215d
SHA5125e793c27a529794fc8918a2f1001e7b898d04d20175e42e6ea2418c4a5047e8ea005654a84c8999370a00199a5e4c76d8451c63597655696e7bd493ed8a2439a
-
Filesize
72KB
MD5655a3d3ce80f369224f9b7923fe667ae
SHA137d22695a68700cce5784965209f59aaa6eba924
SHA25690626e96a754372c579273fbf474833c2331adbcd52a8825ed28f1e9fc109c54
SHA512ec41ff07a6671176eebf38a3acccd550499fec7a726acc20163f10ea680adc250324e6a80aa1e89f47d3d7e576c83de61a423eb6da5d88e3cf658973dae3bdc9
-
Filesize
72KB
MD5655a3d3ce80f369224f9b7923fe667ae
SHA137d22695a68700cce5784965209f59aaa6eba924
SHA25690626e96a754372c579273fbf474833c2331adbcd52a8825ed28f1e9fc109c54
SHA512ec41ff07a6671176eebf38a3acccd550499fec7a726acc20163f10ea680adc250324e6a80aa1e89f47d3d7e576c83de61a423eb6da5d88e3cf658973dae3bdc9
-
Filesize
72KB
MD548fc839c3782f55cf05eba50d6242824
SHA1818c26a76ca225ac552fb1af5f7f36541c000730
SHA256bf2907f72e9179c47d2fa4e304f8c5359553c1ef574899050529f05d5eaff6f8
SHA51253ddb1ca3aeab61d39c67927dff717d9498359140a2a1145d5eca8ef7e7f34a29065c595346fb07254dc65525295cccee1d3dddd8efe51f331b9d6dfaf8be0ee
-
Filesize
72KB
MD548fc839c3782f55cf05eba50d6242824
SHA1818c26a76ca225ac552fb1af5f7f36541c000730
SHA256bf2907f72e9179c47d2fa4e304f8c5359553c1ef574899050529f05d5eaff6f8
SHA51253ddb1ca3aeab61d39c67927dff717d9498359140a2a1145d5eca8ef7e7f34a29065c595346fb07254dc65525295cccee1d3dddd8efe51f331b9d6dfaf8be0ee
-
Filesize
72KB
MD5655a3d3ce80f369224f9b7923fe667ae
SHA137d22695a68700cce5784965209f59aaa6eba924
SHA25690626e96a754372c579273fbf474833c2331adbcd52a8825ed28f1e9fc109c54
SHA512ec41ff07a6671176eebf38a3acccd550499fec7a726acc20163f10ea680adc250324e6a80aa1e89f47d3d7e576c83de61a423eb6da5d88e3cf658973dae3bdc9
-
Filesize
72KB
MD5d1d72d6f98b7589c7a3caad67148619a
SHA1623befbdfa2611b7b37aed30d16be18ec24e9fd9
SHA25600c6fb7feb130e405d4e105ac9de90be7816387513d25521295393de56be986d
SHA5124af97e166746c100ee1f2bf337444442639456de832056727f96e5da6eca37cc5327a89bafc155dc9ccd5ae80388316a8a739a523f9f333ad2d651dd529a0752
-
Filesize
72KB
MD5d1d72d6f98b7589c7a3caad67148619a
SHA1623befbdfa2611b7b37aed30d16be18ec24e9fd9
SHA25600c6fb7feb130e405d4e105ac9de90be7816387513d25521295393de56be986d
SHA5124af97e166746c100ee1f2bf337444442639456de832056727f96e5da6eca37cc5327a89bafc155dc9ccd5ae80388316a8a739a523f9f333ad2d651dd529a0752
-
Filesize
72KB
MD51127e3b7c520ea8d3400d1c6ff5669af
SHA172d9d15114eda1e2a55c541c41ec1281b5b145ee
SHA2565c451430be97273577da86c2b877e719c2157960a68ac06c6e814088e8f7ae88
SHA5120b238b54e7f2bdb48031bb3cc827805d5a0ea3cd6d2bf42dede9ac606bca57a1eba9d48ebb2feaff1f34059e645ab022ba81488c1ef864b819bc8fbc724048c8
-
Filesize
72KB
MD51127e3b7c520ea8d3400d1c6ff5669af
SHA172d9d15114eda1e2a55c541c41ec1281b5b145ee
SHA2565c451430be97273577da86c2b877e719c2157960a68ac06c6e814088e8f7ae88
SHA5120b238b54e7f2bdb48031bb3cc827805d5a0ea3cd6d2bf42dede9ac606bca57a1eba9d48ebb2feaff1f34059e645ab022ba81488c1ef864b819bc8fbc724048c8
-
Filesize
72KB
MD5b1b5ef3496b67d7f3827d5f0911db21d
SHA184d1152b2a2770f9a908ffdec420fef1e346a9b6
SHA2566371a651afb0020aea7287ab2e7b82770e3ba616f22d3f56f611b8709ad1440c
SHA512bafa2adefb3ab175343e03528075bb07c785c5379d3f5aa41322c7e967046f37814b7be6e4a5523c5d3705b4509309ab845e0bdf22e1a973bdb3f16f5cbc3dc3
-
Filesize
72KB
MD5b1b5ef3496b67d7f3827d5f0911db21d
SHA184d1152b2a2770f9a908ffdec420fef1e346a9b6
SHA2566371a651afb0020aea7287ab2e7b82770e3ba616f22d3f56f611b8709ad1440c
SHA512bafa2adefb3ab175343e03528075bb07c785c5379d3f5aa41322c7e967046f37814b7be6e4a5523c5d3705b4509309ab845e0bdf22e1a973bdb3f16f5cbc3dc3
-
Filesize
72KB
MD52d4c7c20f60b3f00da29d670e856569a
SHA19783a83f8c24713f640f4dc676844e00f287ae94
SHA2566063d081503f7c6b2f27ab68eb5160ffd3ae03b34ff62ef3cce0f3473f11ba82
SHA5125b909de615cfa3ec38824e2d15e9cb189bf1bef5dcb9a3c21fbd93a848120f4479340484b06029b34f34ad51b314b73102acb0b499942fa7ff1c352a1d30284a
-
Filesize
72KB
MD52d4c7c20f60b3f00da29d670e856569a
SHA19783a83f8c24713f640f4dc676844e00f287ae94
SHA2566063d081503f7c6b2f27ab68eb5160ffd3ae03b34ff62ef3cce0f3473f11ba82
SHA5125b909de615cfa3ec38824e2d15e9cb189bf1bef5dcb9a3c21fbd93a848120f4479340484b06029b34f34ad51b314b73102acb0b499942fa7ff1c352a1d30284a
-
Filesize
72KB
MD52d4c7c20f60b3f00da29d670e856569a
SHA19783a83f8c24713f640f4dc676844e00f287ae94
SHA2566063d081503f7c6b2f27ab68eb5160ffd3ae03b34ff62ef3cce0f3473f11ba82
SHA5125b909de615cfa3ec38824e2d15e9cb189bf1bef5dcb9a3c21fbd93a848120f4479340484b06029b34f34ad51b314b73102acb0b499942fa7ff1c352a1d30284a
-
Filesize
72KB
MD52d4c7c20f60b3f00da29d670e856569a
SHA19783a83f8c24713f640f4dc676844e00f287ae94
SHA2566063d081503f7c6b2f27ab68eb5160ffd3ae03b34ff62ef3cce0f3473f11ba82
SHA5125b909de615cfa3ec38824e2d15e9cb189bf1bef5dcb9a3c21fbd93a848120f4479340484b06029b34f34ad51b314b73102acb0b499942fa7ff1c352a1d30284a
-
Filesize
72KB
MD56c2e93e87126388f16c091666202ab22
SHA1f071bfa329529f65c87a7f4f6ec5b713e32db599
SHA25635026b47eef28bd7b6c7b6e5b775545d0d70144a31551d2687267dae3a27f1e7
SHA512fa3f0e35162686033eb78aa74f05aaed0ceb501f77f65ad83e19b844abda121c7f7df0a44e105bcbb305a0c620381d9ebc45684b7bd2735625d5101a71d2e282
-
Filesize
72KB
MD56c2e93e87126388f16c091666202ab22
SHA1f071bfa329529f65c87a7f4f6ec5b713e32db599
SHA25635026b47eef28bd7b6c7b6e5b775545d0d70144a31551d2687267dae3a27f1e7
SHA512fa3f0e35162686033eb78aa74f05aaed0ceb501f77f65ad83e19b844abda121c7f7df0a44e105bcbb305a0c620381d9ebc45684b7bd2735625d5101a71d2e282
-
Filesize
72KB
MD55e84ce06ff4219374c2f94a9f86edd66
SHA16eb358b5c3acd30b1b5c14ce0107cf454fc73594
SHA256cc69beafd3bbad664b50b3009aadfc65e41eec17e91925c1dd349b7f1000174c
SHA51216b70873d7e33d4c0a2b4000b6e15d3a122157c7205d5148bcd388faa489074f896ef4d90f22fb1af13c999694ac44261e520a48e469c2a037fed980dc9b0962
-
Filesize
72KB
MD55e84ce06ff4219374c2f94a9f86edd66
SHA16eb358b5c3acd30b1b5c14ce0107cf454fc73594
SHA256cc69beafd3bbad664b50b3009aadfc65e41eec17e91925c1dd349b7f1000174c
SHA51216b70873d7e33d4c0a2b4000b6e15d3a122157c7205d5148bcd388faa489074f896ef4d90f22fb1af13c999694ac44261e520a48e469c2a037fed980dc9b0962
-
Filesize
72KB
MD52d4c7c20f60b3f00da29d670e856569a
SHA19783a83f8c24713f640f4dc676844e00f287ae94
SHA2566063d081503f7c6b2f27ab68eb5160ffd3ae03b34ff62ef3cce0f3473f11ba82
SHA5125b909de615cfa3ec38824e2d15e9cb189bf1bef5dcb9a3c21fbd93a848120f4479340484b06029b34f34ad51b314b73102acb0b499942fa7ff1c352a1d30284a
-
Filesize
72KB
MD52d4c7c20f60b3f00da29d670e856569a
SHA19783a83f8c24713f640f4dc676844e00f287ae94
SHA2566063d081503f7c6b2f27ab68eb5160ffd3ae03b34ff62ef3cce0f3473f11ba82
SHA5125b909de615cfa3ec38824e2d15e9cb189bf1bef5dcb9a3c21fbd93a848120f4479340484b06029b34f34ad51b314b73102acb0b499942fa7ff1c352a1d30284a
-
Filesize
72KB
MD56c2e93e87126388f16c091666202ab22
SHA1f071bfa329529f65c87a7f4f6ec5b713e32db599
SHA25635026b47eef28bd7b6c7b6e5b775545d0d70144a31551d2687267dae3a27f1e7
SHA512fa3f0e35162686033eb78aa74f05aaed0ceb501f77f65ad83e19b844abda121c7f7df0a44e105bcbb305a0c620381d9ebc45684b7bd2735625d5101a71d2e282
-
Filesize
72KB
MD56c2e93e87126388f16c091666202ab22
SHA1f071bfa329529f65c87a7f4f6ec5b713e32db599
SHA25635026b47eef28bd7b6c7b6e5b775545d0d70144a31551d2687267dae3a27f1e7
SHA512fa3f0e35162686033eb78aa74f05aaed0ceb501f77f65ad83e19b844abda121c7f7df0a44e105bcbb305a0c620381d9ebc45684b7bd2735625d5101a71d2e282
-
Filesize
72KB
MD56c2e93e87126388f16c091666202ab22
SHA1f071bfa329529f65c87a7f4f6ec5b713e32db599
SHA25635026b47eef28bd7b6c7b6e5b775545d0d70144a31551d2687267dae3a27f1e7
SHA512fa3f0e35162686033eb78aa74f05aaed0ceb501f77f65ad83e19b844abda121c7f7df0a44e105bcbb305a0c620381d9ebc45684b7bd2735625d5101a71d2e282
-
Filesize
72KB
MD56c2e93e87126388f16c091666202ab22
SHA1f071bfa329529f65c87a7f4f6ec5b713e32db599
SHA25635026b47eef28bd7b6c7b6e5b775545d0d70144a31551d2687267dae3a27f1e7
SHA512fa3f0e35162686033eb78aa74f05aaed0ceb501f77f65ad83e19b844abda121c7f7df0a44e105bcbb305a0c620381d9ebc45684b7bd2735625d5101a71d2e282
-
Filesize
8KB
-
Filesize
8KB