Analysis
-
max time kernel
161s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
06/11/2022, 12:24
General
-
Target
fe4a0860e66fe0463242b6a40afd55a4478a081ead5bf0f78be257d89fb2c26e.exe
-
Size
72KB
-
MD5
0f441fa8764938ed5ebbf0c20e9b6173
-
SHA1
e0aed4806f2f219cf96615840771b12da085dd14
-
SHA256
fe4a0860e66fe0463242b6a40afd55a4478a081ead5bf0f78be257d89fb2c26e
-
SHA512
e312697fbadc86b13fe29a5cd9d12dda257bc406c4459f802f0ca57f63e89c9a5eb7c386024425461719a398c13f4a7958f649aaf8bad615324828a36f3c50b5
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2n:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrb
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 51 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fe4a0860e66fe0463242b6a40afd55a4478a081ead5bf0f78be257d89fb2c26e.exe"C:\Users\Admin\AppData\Local\Temp\fe4a0860e66fe0463242b6a40afd55a4478a081ead5bf0f78be257d89fb2c26e.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\2558641936\backup.exeC:\Users\Admin\AppData\Local\Temp\2558641936\backup.exe C:\Users\Admin\AppData\Local\Temp\2558641936\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\System Restore.exe"C:\Program Files\7-Zip\Lang\System Restore.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\data.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\data.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\update.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\update.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\System\ado\en-US\update.exe"C:\Program Files\Common Files\System\ado\en-US\update.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Executes dropped EXE
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
-
C:\Program Files (x86)\System Restore.exe"C:\Program Files (x86)\System Restore.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\update.exe"C:\Program Files (x86)\Microsoft Office\update.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\data.exeC:\Users\Admin\data.exe C:\Users\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD57c47fd2ea4ade6de29ac6404f8e951db
SHA10384cecd094b9a2154368b959f061e8a6aefa226
SHA2560f43d22ac6795779f2e4be33f37353e8b16271396496b0a5b8dd0920ed39008b
SHA512166872ba669dd7187db9fcb6e4d88407031fa0ebe3759f85e5f97bd0f8da341bc12d23aec87445830bffc925dfe7b70e0a1239414d1b28eff2cb923cb02a99b8
-
Filesize
72KB
MD53ed81629c9206eaf4243341c96ce921f
SHA10deb4bafe890c03d0916117609d8d1f8ea47316c
SHA256aec97639fb128dd99a80253aa4e6411f4b6a1a9c0fbd0a582928f65b6614ae93
SHA512b1c0cfe3256182306fcf40c1972dc65317e21377a22e7fa90cd775c95f56760c6f432a9c956655263ecbc3c973870046672e015aa120c3a1d900ccffdac5a7f8
-
Filesize
72KB
MD53ed81629c9206eaf4243341c96ce921f
SHA10deb4bafe890c03d0916117609d8d1f8ea47316c
SHA256aec97639fb128dd99a80253aa4e6411f4b6a1a9c0fbd0a582928f65b6614ae93
SHA512b1c0cfe3256182306fcf40c1972dc65317e21377a22e7fa90cd775c95f56760c6f432a9c956655263ecbc3c973870046672e015aa120c3a1d900ccffdac5a7f8
-
Filesize
72KB
MD5bcd8e307d172207841cfb8ab654fdf7b
SHA12c88dd142205c5e805daac2c191b9919f0c2e50a
SHA256addc0f976130c6a17a3fab967369ee2f63d6519d2777439c3cb9a2d44937fdc9
SHA512fc2692d80b0adb1b767f4b9b22eb65080d04d965b48993a835516ac5c84287e124ae37b1ffa1593d3ef04f0387714b9bcf51d9c6c86e8fc655fe8a52867560e0
-
Filesize
72KB
MD5ed326a1c26c610ed48610cf88b69a99f
SHA1f53113abc0226045bf5146bfa3a5f7a9dbe847d8
SHA25656af404e624559b7d866d6a3614d21cdf308e5433885fe93ac7bfd3ec267d706
SHA5127370e632105d0d9747b3ac39fbf1213bd4356cf6d7ef61edfb5e03bec37504015c3dbdbe60f205d76dbed222a2024f47209ab0b0125b7d82f7e7efc28f3a19af
-
Filesize
72KB
MD5ed326a1c26c610ed48610cf88b69a99f
SHA1f53113abc0226045bf5146bfa3a5f7a9dbe847d8
SHA25656af404e624559b7d866d6a3614d21cdf308e5433885fe93ac7bfd3ec267d706
SHA5127370e632105d0d9747b3ac39fbf1213bd4356cf6d7ef61edfb5e03bec37504015c3dbdbe60f205d76dbed222a2024f47209ab0b0125b7d82f7e7efc28f3a19af
-
Filesize
72KB
MD59f818ccbc4ed016aa75d57dea493c01f
SHA1b95ceca2c68ca2205ad15d223253b537dde6c74d
SHA256f2e381ff38cd685ebb7a50b26d7636d4711530beb7a7232beba148d54d9579a3
SHA512ba125537e5b4abc8287b4390868acdbbbabf9c331da2d6b53b33346c859165ec7f57e031e4820f9594441bfc3b6f7788192a72b8783eef8cf4f1d4b0874fca17
-
Filesize
72KB
MD54509c7519dc0a5b01982fb25a270e1bf
SHA12aac49482c7a66a2d57228cf882f4f81730e581c
SHA25629a321e357c9ed7c819e5a779153d4485855c93568efcfd87e334aebb9d0f803
SHA512b31081c94b7400f18403c26a1f439464d658500bdea0fd0f9c73b47b5240e6f608eeb383a8f7db5fba0630c32ae99242f93097748da650f105906c394d4a9b61
-
Filesize
72KB
MD54509c7519dc0a5b01982fb25a270e1bf
SHA12aac49482c7a66a2d57228cf882f4f81730e581c
SHA25629a321e357c9ed7c819e5a779153d4485855c93568efcfd87e334aebb9d0f803
SHA512b31081c94b7400f18403c26a1f439464d658500bdea0fd0f9c73b47b5240e6f608eeb383a8f7db5fba0630c32ae99242f93097748da650f105906c394d4a9b61
-
Filesize
72KB
MD54a8b5336c82727c13a7d9e79b19de43b
SHA14ae6a043b9282e2c5c342de2a6784f7a2fca3316
SHA25652993b8ed91abbd619271ceafb752986f552c128e4dfb1d7bb2bfa09a09b6bf2
SHA512fb670159fea6a11232a826d1d4526283a50e4c2158d70396b049d07bad0e5103789ee87af3175e99ce31fc4f99d32ceb65d1ef6195daa077ba2c964832781b72
-
Filesize
72KB
MD59f818ccbc4ed016aa75d57dea493c01f
SHA1b95ceca2c68ca2205ad15d223253b537dde6c74d
SHA256f2e381ff38cd685ebb7a50b26d7636d4711530beb7a7232beba148d54d9579a3
SHA512ba125537e5b4abc8287b4390868acdbbbabf9c331da2d6b53b33346c859165ec7f57e031e4820f9594441bfc3b6f7788192a72b8783eef8cf4f1d4b0874fca17
-
Filesize
72KB
MD59f818ccbc4ed016aa75d57dea493c01f
SHA1b95ceca2c68ca2205ad15d223253b537dde6c74d
SHA256f2e381ff38cd685ebb7a50b26d7636d4711530beb7a7232beba148d54d9579a3
SHA512ba125537e5b4abc8287b4390868acdbbbabf9c331da2d6b53b33346c859165ec7f57e031e4820f9594441bfc3b6f7788192a72b8783eef8cf4f1d4b0874fca17
-
Filesize
72KB
MD5bace9ba96d1674885faa61959e801266
SHA16391c0a5c38ba0d6b98a186045d4755c87154ed0
SHA256efb071dca4bb35183c8c4bfdded4c48763e9cf2c1d643d26a563c89da036c48b
SHA5120f678883ec8171573af344530db5c319156f0719ce6b0ea87de313ded40da6f2b9294e4580572c5c2fdde84c0d6e986da1727383ba631fe973bf0516b33385fa
-
Filesize
72KB
MD5fc3e638236fada477c8697099160d5c6
SHA1eba782a5817523fcae52ed4b556f47a478b97c68
SHA25640d7c6955ef782805cd3d3d0cd86d513a8e6c5ede0e8f116b7374f9ab3fa8637
SHA512c0f1c70cba08e0e38e32b92cd06757aa40c57033609292f33c29671d7008319a0ced9a65534ec445d9748adc37512748561cfb8399da8ef1e88b05441f7f3721
-
Filesize
72KB
MD5fc3e638236fada477c8697099160d5c6
SHA1eba782a5817523fcae52ed4b556f47a478b97c68
SHA25640d7c6955ef782805cd3d3d0cd86d513a8e6c5ede0e8f116b7374f9ab3fa8637
SHA512c0f1c70cba08e0e38e32b92cd06757aa40c57033609292f33c29671d7008319a0ced9a65534ec445d9748adc37512748561cfb8399da8ef1e88b05441f7f3721
-
Filesize
72KB
MD599d5ad7fd311544d096bd022b214bb39
SHA111593a6a0dd13fb20cb292b6c0a992ce39dd221f
SHA2565929d5d31bc8cb77485e8b66088a52337bd849519cd65299fa2a70f0da65f25f
SHA512db8a5ef3efa53173b3bb059fe1bdde289cb16ec0bcdf3ada37540bb671f41ce52e1af186830991e5424c5aa244d3d648c30edd6f02cc84282c0aeebfb6a0213c
-
Filesize
72KB
MD599d5ad7fd311544d096bd022b214bb39
SHA111593a6a0dd13fb20cb292b6c0a992ce39dd221f
SHA2565929d5d31bc8cb77485e8b66088a52337bd849519cd65299fa2a70f0da65f25f
SHA512db8a5ef3efa53173b3bb059fe1bdde289cb16ec0bcdf3ada37540bb671f41ce52e1af186830991e5424c5aa244d3d648c30edd6f02cc84282c0aeebfb6a0213c
-
Filesize
72KB
MD51f6b2000600373e9a4a88f08879d52ee
SHA19e91058407e940e326889bd4ef13752ba9ff6fa1
SHA2568090f5ff3bec339fd90423dc0b9f97897e0e75ccb081ef9defadb37162afc9bb
SHA5129180a3f67e3ba25f39aebebc01a4a5954acf52347c7f6554d60eec8a7334f0dfc6b70b4c6df29a72b5699c16e6600b4a14149922472f4cda6609225421c29a0f
-
Filesize
72KB
MD51f6b2000600373e9a4a88f08879d52ee
SHA19e91058407e940e326889bd4ef13752ba9ff6fa1
SHA2568090f5ff3bec339fd90423dc0b9f97897e0e75ccb081ef9defadb37162afc9bb
SHA5129180a3f67e3ba25f39aebebc01a4a5954acf52347c7f6554d60eec8a7334f0dfc6b70b4c6df29a72b5699c16e6600b4a14149922472f4cda6609225421c29a0f
-
Filesize
72KB
MD5b59def955cb8ad7b63bdf1259cae8abf
SHA16c88d73e52839b2fd8d8fc95a123404837e404e8
SHA256819940d23c64bd13d172b94eead17b6bdde81fd4bd2d421639eee76c57292b80
SHA512518f7cbf7e8de0aec99f5511a60da3ebb1c1893c98e3751f1d3596b190e28fc4ed506592dd7a4cb197874835f7ae2b744fe5c154ebeab8209a667ad3df577152
-
Filesize
72KB
MD5b59def955cb8ad7b63bdf1259cae8abf
SHA16c88d73e52839b2fd8d8fc95a123404837e404e8
SHA256819940d23c64bd13d172b94eead17b6bdde81fd4bd2d421639eee76c57292b80
SHA512518f7cbf7e8de0aec99f5511a60da3ebb1c1893c98e3751f1d3596b190e28fc4ed506592dd7a4cb197874835f7ae2b744fe5c154ebeab8209a667ad3df577152
-
Filesize
72KB
MD57d329e02f07d5062fe05ee53f3878351
SHA197b054c10b863d1c8accee3ef529843f6d1857c5
SHA2562d8a827e97ee2696118ac54d1a6bfff3880df8a31bcd1409df30203b652a97bf
SHA512d591749b347630f9ac60f99a8b20efa7e3975ed35f4c76e34fc08a22e5eaef238607aac819d7ccaeea5e25b3ef1470e45722089baae7fd7f7dba56f8d6afb91c
-
Filesize
72KB
MD5196e6f2cb2fc9290eef7862891dc09ee
SHA129c058ae06581f93a2f284ece84b192cd7f104f5
SHA256dbd0fc706b275956b9ab9a7293355cc2edafff6e7d0affcf1c71d4363afc575a
SHA51247fcfec256aff92b5662d08bb11bc38a2865c08af144e704cd6d8e5a1f774cca133ca6fe3a21216453ed59921cd74b0e48ab5d35f2ab8f4cf0eaa60a4ceedaf2
-
Filesize
72KB
MD561d0d8205a37248badaa088a3280b100
SHA1f08ea0dd83ece9ca6f9788a25f2240b56424767c
SHA2560f779cf62f2ff2ebdefb082fc43e3069dbd0b015c60da5386590490d477e9501
SHA5121c1ee4d312467c87db276cefd0802d2a33ac981e268e3579ab5b42aab3baa0a499a508a54f6cfc16b2f342bc0946f69fbf88788b15584b32093909aaec9e8ac6
-
Filesize
72KB
MD57d329e02f07d5062fe05ee53f3878351
SHA197b054c10b863d1c8accee3ef529843f6d1857c5
SHA2562d8a827e97ee2696118ac54d1a6bfff3880df8a31bcd1409df30203b652a97bf
SHA512d591749b347630f9ac60f99a8b20efa7e3975ed35f4c76e34fc08a22e5eaef238607aac819d7ccaeea5e25b3ef1470e45722089baae7fd7f7dba56f8d6afb91c
-
Filesize
72KB
MD56538f5de7134d8bbc9b6e7644133ff36
SHA12fe3b381fa7841346ea5052989c15710d89ae0cb
SHA2563070c928716b7a0775bd4e1b6367aa5284499eba5e21ea3b7a5e74e2a09ddf4a
SHA5122dfc7ecba09d51bb19dc3642326ee16a398bb9c652a80f97e32fc28064338229f6fffa862c371f3c69bc99a59331db474bf06ad07223e31f1e46e737b8c87c05
-
Filesize
72KB
MD56538f5de7134d8bbc9b6e7644133ff36
SHA12fe3b381fa7841346ea5052989c15710d89ae0cb
SHA2563070c928716b7a0775bd4e1b6367aa5284499eba5e21ea3b7a5e74e2a09ddf4a
SHA5122dfc7ecba09d51bb19dc3642326ee16a398bb9c652a80f97e32fc28064338229f6fffa862c371f3c69bc99a59331db474bf06ad07223e31f1e46e737b8c87c05
-
Filesize
72KB
MD57c47fd2ea4ade6de29ac6404f8e951db
SHA10384cecd094b9a2154368b959f061e8a6aefa226
SHA2560f43d22ac6795779f2e4be33f37353e8b16271396496b0a5b8dd0920ed39008b
SHA512166872ba669dd7187db9fcb6e4d88407031fa0ebe3759f85e5f97bd0f8da341bc12d23aec87445830bffc925dfe7b70e0a1239414d1b28eff2cb923cb02a99b8
-
Filesize
72KB
MD57c47fd2ea4ade6de29ac6404f8e951db
SHA10384cecd094b9a2154368b959f061e8a6aefa226
SHA2560f43d22ac6795779f2e4be33f37353e8b16271396496b0a5b8dd0920ed39008b
SHA512166872ba669dd7187db9fcb6e4d88407031fa0ebe3759f85e5f97bd0f8da341bc12d23aec87445830bffc925dfe7b70e0a1239414d1b28eff2cb923cb02a99b8
-
Filesize
72KB
MD53ed81629c9206eaf4243341c96ce921f
SHA10deb4bafe890c03d0916117609d8d1f8ea47316c
SHA256aec97639fb128dd99a80253aa4e6411f4b6a1a9c0fbd0a582928f65b6614ae93
SHA512b1c0cfe3256182306fcf40c1972dc65317e21377a22e7fa90cd775c95f56760c6f432a9c956655263ecbc3c973870046672e015aa120c3a1d900ccffdac5a7f8
-
Filesize
72KB
MD53ed81629c9206eaf4243341c96ce921f
SHA10deb4bafe890c03d0916117609d8d1f8ea47316c
SHA256aec97639fb128dd99a80253aa4e6411f4b6a1a9c0fbd0a582928f65b6614ae93
SHA512b1c0cfe3256182306fcf40c1972dc65317e21377a22e7fa90cd775c95f56760c6f432a9c956655263ecbc3c973870046672e015aa120c3a1d900ccffdac5a7f8
-
Filesize
72KB
MD5bcd8e307d172207841cfb8ab654fdf7b
SHA12c88dd142205c5e805daac2c191b9919f0c2e50a
SHA256addc0f976130c6a17a3fab967369ee2f63d6519d2777439c3cb9a2d44937fdc9
SHA512fc2692d80b0adb1b767f4b9b22eb65080d04d965b48993a835516ac5c84287e124ae37b1ffa1593d3ef04f0387714b9bcf51d9c6c86e8fc655fe8a52867560e0
-
Filesize
72KB
MD5bcd8e307d172207841cfb8ab654fdf7b
SHA12c88dd142205c5e805daac2c191b9919f0c2e50a
SHA256addc0f976130c6a17a3fab967369ee2f63d6519d2777439c3cb9a2d44937fdc9
SHA512fc2692d80b0adb1b767f4b9b22eb65080d04d965b48993a835516ac5c84287e124ae37b1ffa1593d3ef04f0387714b9bcf51d9c6c86e8fc655fe8a52867560e0
-
Filesize
72KB
MD5ed326a1c26c610ed48610cf88b69a99f
SHA1f53113abc0226045bf5146bfa3a5f7a9dbe847d8
SHA25656af404e624559b7d866d6a3614d21cdf308e5433885fe93ac7bfd3ec267d706
SHA5127370e632105d0d9747b3ac39fbf1213bd4356cf6d7ef61edfb5e03bec37504015c3dbdbe60f205d76dbed222a2024f47209ab0b0125b7d82f7e7efc28f3a19af
-
Filesize
72KB
MD5ed326a1c26c610ed48610cf88b69a99f
SHA1f53113abc0226045bf5146bfa3a5f7a9dbe847d8
SHA25656af404e624559b7d866d6a3614d21cdf308e5433885fe93ac7bfd3ec267d706
SHA5127370e632105d0d9747b3ac39fbf1213bd4356cf6d7ef61edfb5e03bec37504015c3dbdbe60f205d76dbed222a2024f47209ab0b0125b7d82f7e7efc28f3a19af
-
Filesize
72KB
MD59f818ccbc4ed016aa75d57dea493c01f
SHA1b95ceca2c68ca2205ad15d223253b537dde6c74d
SHA256f2e381ff38cd685ebb7a50b26d7636d4711530beb7a7232beba148d54d9579a3
SHA512ba125537e5b4abc8287b4390868acdbbbabf9c331da2d6b53b33346c859165ec7f57e031e4820f9594441bfc3b6f7788192a72b8783eef8cf4f1d4b0874fca17
-
Filesize
72KB
MD59f818ccbc4ed016aa75d57dea493c01f
SHA1b95ceca2c68ca2205ad15d223253b537dde6c74d
SHA256f2e381ff38cd685ebb7a50b26d7636d4711530beb7a7232beba148d54d9579a3
SHA512ba125537e5b4abc8287b4390868acdbbbabf9c331da2d6b53b33346c859165ec7f57e031e4820f9594441bfc3b6f7788192a72b8783eef8cf4f1d4b0874fca17
-
Filesize
72KB
MD54509c7519dc0a5b01982fb25a270e1bf
SHA12aac49482c7a66a2d57228cf882f4f81730e581c
SHA25629a321e357c9ed7c819e5a779153d4485855c93568efcfd87e334aebb9d0f803
SHA512b31081c94b7400f18403c26a1f439464d658500bdea0fd0f9c73b47b5240e6f608eeb383a8f7db5fba0630c32ae99242f93097748da650f105906c394d4a9b61
-
Filesize
72KB
MD54509c7519dc0a5b01982fb25a270e1bf
SHA12aac49482c7a66a2d57228cf882f4f81730e581c
SHA25629a321e357c9ed7c819e5a779153d4485855c93568efcfd87e334aebb9d0f803
SHA512b31081c94b7400f18403c26a1f439464d658500bdea0fd0f9c73b47b5240e6f608eeb383a8f7db5fba0630c32ae99242f93097748da650f105906c394d4a9b61
-
Filesize
72KB
MD54a8b5336c82727c13a7d9e79b19de43b
SHA14ae6a043b9282e2c5c342de2a6784f7a2fca3316
SHA25652993b8ed91abbd619271ceafb752986f552c128e4dfb1d7bb2bfa09a09b6bf2
SHA512fb670159fea6a11232a826d1d4526283a50e4c2158d70396b049d07bad0e5103789ee87af3175e99ce31fc4f99d32ceb65d1ef6195daa077ba2c964832781b72
-
Filesize
72KB
MD54a8b5336c82727c13a7d9e79b19de43b
SHA14ae6a043b9282e2c5c342de2a6784f7a2fca3316
SHA25652993b8ed91abbd619271ceafb752986f552c128e4dfb1d7bb2bfa09a09b6bf2
SHA512fb670159fea6a11232a826d1d4526283a50e4c2158d70396b049d07bad0e5103789ee87af3175e99ce31fc4f99d32ceb65d1ef6195daa077ba2c964832781b72
-
Filesize
72KB
MD59f818ccbc4ed016aa75d57dea493c01f
SHA1b95ceca2c68ca2205ad15d223253b537dde6c74d
SHA256f2e381ff38cd685ebb7a50b26d7636d4711530beb7a7232beba148d54d9579a3
SHA512ba125537e5b4abc8287b4390868acdbbbabf9c331da2d6b53b33346c859165ec7f57e031e4820f9594441bfc3b6f7788192a72b8783eef8cf4f1d4b0874fca17
-
Filesize
72KB
MD59f818ccbc4ed016aa75d57dea493c01f
SHA1b95ceca2c68ca2205ad15d223253b537dde6c74d
SHA256f2e381ff38cd685ebb7a50b26d7636d4711530beb7a7232beba148d54d9579a3
SHA512ba125537e5b4abc8287b4390868acdbbbabf9c331da2d6b53b33346c859165ec7f57e031e4820f9594441bfc3b6f7788192a72b8783eef8cf4f1d4b0874fca17
-
Filesize
72KB
MD5bace9ba96d1674885faa61959e801266
SHA16391c0a5c38ba0d6b98a186045d4755c87154ed0
SHA256efb071dca4bb35183c8c4bfdded4c48763e9cf2c1d643d26a563c89da036c48b
SHA5120f678883ec8171573af344530db5c319156f0719ce6b0ea87de313ded40da6f2b9294e4580572c5c2fdde84c0d6e986da1727383ba631fe973bf0516b33385fa
-
Filesize
72KB
MD5bace9ba96d1674885faa61959e801266
SHA16391c0a5c38ba0d6b98a186045d4755c87154ed0
SHA256efb071dca4bb35183c8c4bfdded4c48763e9cf2c1d643d26a563c89da036c48b
SHA5120f678883ec8171573af344530db5c319156f0719ce6b0ea87de313ded40da6f2b9294e4580572c5c2fdde84c0d6e986da1727383ba631fe973bf0516b33385fa
-
Filesize
72KB
MD5bace9ba96d1674885faa61959e801266
SHA16391c0a5c38ba0d6b98a186045d4755c87154ed0
SHA256efb071dca4bb35183c8c4bfdded4c48763e9cf2c1d643d26a563c89da036c48b
SHA5120f678883ec8171573af344530db5c319156f0719ce6b0ea87de313ded40da6f2b9294e4580572c5c2fdde84c0d6e986da1727383ba631fe973bf0516b33385fa
-
Filesize
72KB
MD5fc3e638236fada477c8697099160d5c6
SHA1eba782a5817523fcae52ed4b556f47a478b97c68
SHA25640d7c6955ef782805cd3d3d0cd86d513a8e6c5ede0e8f116b7374f9ab3fa8637
SHA512c0f1c70cba08e0e38e32b92cd06757aa40c57033609292f33c29671d7008319a0ced9a65534ec445d9748adc37512748561cfb8399da8ef1e88b05441f7f3721
-
Filesize
72KB
MD5fc3e638236fada477c8697099160d5c6
SHA1eba782a5817523fcae52ed4b556f47a478b97c68
SHA25640d7c6955ef782805cd3d3d0cd86d513a8e6c5ede0e8f116b7374f9ab3fa8637
SHA512c0f1c70cba08e0e38e32b92cd06757aa40c57033609292f33c29671d7008319a0ced9a65534ec445d9748adc37512748561cfb8399da8ef1e88b05441f7f3721
-
Filesize
72KB
MD599d5ad7fd311544d096bd022b214bb39
SHA111593a6a0dd13fb20cb292b6c0a992ce39dd221f
SHA2565929d5d31bc8cb77485e8b66088a52337bd849519cd65299fa2a70f0da65f25f
SHA512db8a5ef3efa53173b3bb059fe1bdde289cb16ec0bcdf3ada37540bb671f41ce52e1af186830991e5424c5aa244d3d648c30edd6f02cc84282c0aeebfb6a0213c
-
Filesize
72KB
MD599d5ad7fd311544d096bd022b214bb39
SHA111593a6a0dd13fb20cb292b6c0a992ce39dd221f
SHA2565929d5d31bc8cb77485e8b66088a52337bd849519cd65299fa2a70f0da65f25f
SHA512db8a5ef3efa53173b3bb059fe1bdde289cb16ec0bcdf3ada37540bb671f41ce52e1af186830991e5424c5aa244d3d648c30edd6f02cc84282c0aeebfb6a0213c
-
Filesize
72KB
MD51f6b2000600373e9a4a88f08879d52ee
SHA19e91058407e940e326889bd4ef13752ba9ff6fa1
SHA2568090f5ff3bec339fd90423dc0b9f97897e0e75ccb081ef9defadb37162afc9bb
SHA5129180a3f67e3ba25f39aebebc01a4a5954acf52347c7f6554d60eec8a7334f0dfc6b70b4c6df29a72b5699c16e6600b4a14149922472f4cda6609225421c29a0f
-
Filesize
72KB
MD51f6b2000600373e9a4a88f08879d52ee
SHA19e91058407e940e326889bd4ef13752ba9ff6fa1
SHA2568090f5ff3bec339fd90423dc0b9f97897e0e75ccb081ef9defadb37162afc9bb
SHA5129180a3f67e3ba25f39aebebc01a4a5954acf52347c7f6554d60eec8a7334f0dfc6b70b4c6df29a72b5699c16e6600b4a14149922472f4cda6609225421c29a0f
-
Filesize
72KB
MD5b59def955cb8ad7b63bdf1259cae8abf
SHA16c88d73e52839b2fd8d8fc95a123404837e404e8
SHA256819940d23c64bd13d172b94eead17b6bdde81fd4bd2d421639eee76c57292b80
SHA512518f7cbf7e8de0aec99f5511a60da3ebb1c1893c98e3751f1d3596b190e28fc4ed506592dd7a4cb197874835f7ae2b744fe5c154ebeab8209a667ad3df577152
-
Filesize
72KB
MD5b59def955cb8ad7b63bdf1259cae8abf
SHA16c88d73e52839b2fd8d8fc95a123404837e404e8
SHA256819940d23c64bd13d172b94eead17b6bdde81fd4bd2d421639eee76c57292b80
SHA512518f7cbf7e8de0aec99f5511a60da3ebb1c1893c98e3751f1d3596b190e28fc4ed506592dd7a4cb197874835f7ae2b744fe5c154ebeab8209a667ad3df577152
-
Filesize
72KB
MD5b59def955cb8ad7b63bdf1259cae8abf
SHA16c88d73e52839b2fd8d8fc95a123404837e404e8
SHA256819940d23c64bd13d172b94eead17b6bdde81fd4bd2d421639eee76c57292b80
SHA512518f7cbf7e8de0aec99f5511a60da3ebb1c1893c98e3751f1d3596b190e28fc4ed506592dd7a4cb197874835f7ae2b744fe5c154ebeab8209a667ad3df577152
-
Filesize
72KB
MD5b59def955cb8ad7b63bdf1259cae8abf
SHA16c88d73e52839b2fd8d8fc95a123404837e404e8
SHA256819940d23c64bd13d172b94eead17b6bdde81fd4bd2d421639eee76c57292b80
SHA512518f7cbf7e8de0aec99f5511a60da3ebb1c1893c98e3751f1d3596b190e28fc4ed506592dd7a4cb197874835f7ae2b744fe5c154ebeab8209a667ad3df577152
-
Filesize
72KB
MD57d329e02f07d5062fe05ee53f3878351
SHA197b054c10b863d1c8accee3ef529843f6d1857c5
SHA2562d8a827e97ee2696118ac54d1a6bfff3880df8a31bcd1409df30203b652a97bf
SHA512d591749b347630f9ac60f99a8b20efa7e3975ed35f4c76e34fc08a22e5eaef238607aac819d7ccaeea5e25b3ef1470e45722089baae7fd7f7dba56f8d6afb91c
-
Filesize
72KB
MD57d329e02f07d5062fe05ee53f3878351
SHA197b054c10b863d1c8accee3ef529843f6d1857c5
SHA2562d8a827e97ee2696118ac54d1a6bfff3880df8a31bcd1409df30203b652a97bf
SHA512d591749b347630f9ac60f99a8b20efa7e3975ed35f4c76e34fc08a22e5eaef238607aac819d7ccaeea5e25b3ef1470e45722089baae7fd7f7dba56f8d6afb91c
-
Filesize
72KB
MD5196e6f2cb2fc9290eef7862891dc09ee
SHA129c058ae06581f93a2f284ece84b192cd7f104f5
SHA256dbd0fc706b275956b9ab9a7293355cc2edafff6e7d0affcf1c71d4363afc575a
SHA51247fcfec256aff92b5662d08bb11bc38a2865c08af144e704cd6d8e5a1f774cca133ca6fe3a21216453ed59921cd74b0e48ab5d35f2ab8f4cf0eaa60a4ceedaf2
-
Filesize
72KB
MD5196e6f2cb2fc9290eef7862891dc09ee
SHA129c058ae06581f93a2f284ece84b192cd7f104f5
SHA256dbd0fc706b275956b9ab9a7293355cc2edafff6e7d0affcf1c71d4363afc575a
SHA51247fcfec256aff92b5662d08bb11bc38a2865c08af144e704cd6d8e5a1f774cca133ca6fe3a21216453ed59921cd74b0e48ab5d35f2ab8f4cf0eaa60a4ceedaf2
-
Filesize
72KB
MD561d0d8205a37248badaa088a3280b100
SHA1f08ea0dd83ece9ca6f9788a25f2240b56424767c
SHA2560f779cf62f2ff2ebdefb082fc43e3069dbd0b015c60da5386590490d477e9501
SHA5121c1ee4d312467c87db276cefd0802d2a33ac981e268e3579ab5b42aab3baa0a499a508a54f6cfc16b2f342bc0946f69fbf88788b15584b32093909aaec9e8ac6
-
Filesize
72KB
MD561d0d8205a37248badaa088a3280b100
SHA1f08ea0dd83ece9ca6f9788a25f2240b56424767c
SHA2560f779cf62f2ff2ebdefb082fc43e3069dbd0b015c60da5386590490d477e9501
SHA5121c1ee4d312467c87db276cefd0802d2a33ac981e268e3579ab5b42aab3baa0a499a508a54f6cfc16b2f342bc0946f69fbf88788b15584b32093909aaec9e8ac6
-
Filesize
72KB
MD57d329e02f07d5062fe05ee53f3878351
SHA197b054c10b863d1c8accee3ef529843f6d1857c5
SHA2562d8a827e97ee2696118ac54d1a6bfff3880df8a31bcd1409df30203b652a97bf
SHA512d591749b347630f9ac60f99a8b20efa7e3975ed35f4c76e34fc08a22e5eaef238607aac819d7ccaeea5e25b3ef1470e45722089baae7fd7f7dba56f8d6afb91c
-
Filesize
72KB
MD57d329e02f07d5062fe05ee53f3878351
SHA197b054c10b863d1c8accee3ef529843f6d1857c5
SHA2562d8a827e97ee2696118ac54d1a6bfff3880df8a31bcd1409df30203b652a97bf
SHA512d591749b347630f9ac60f99a8b20efa7e3975ed35f4c76e34fc08a22e5eaef238607aac819d7ccaeea5e25b3ef1470e45722089baae7fd7f7dba56f8d6afb91c
-
Filesize
8KB